With the recent release of the first NIST PQC standards, the world of cryptography has changed. In this series of leadership lounge videos, Ali El Kaafarani, Founder and CEO at PQShield, and Ben Packman, PQShield’s Chief Strategy Officer sit down to discuss some of the implications of this turning point. What does it mean? What’s next for NIST? What is the focus for industry? Should we be talking more about cryptography modernization and much less about post-quantum? There’s little doubt that we’re at an inflection point in the story of cryptography, and as Ben and Ali point out, PQShield have been a key part of the journey…
Video 1 – Algorithms are just recipes
- Team PQShield build mature products that solve real-world problems
- We’re powered by world-class research, testing and development
- We contribute to the open source community
- The standardized algorithms are recipes, but it takes expertise and skill to be able to implement them
Summary
The release of the new NIST standards is a great achievement, but how do you apply them? At PQShield, this is a question that drives us towards mature products, solving real-world problems, and here, as Ali and Ben discuss, we’ve come to realise that algorithms are really only recipes – the key is how you use them. We believe it takes expertise and skill, and that’s why we’ve spent years working towards solutions and ideas that are powered by first-class research, testing and development.
Video 2 – NIST standards – the PQC turning point
- NIST and contributors have done a great job to get the PQC standards out
- We’ve all been in the same boat as a community, anticipating the standards – it’s great that they are finally here!
Summary
In this video, Ben and Ali celebrate the publication of the first NIST PQC Standards. It’s a terrific achievement and a success for the whole collaborative PQC community. They point out that despite the long-wait, even for some of the experts at NIST, everyone really appreciates the thorough process, and the communication, clarification and input from those involved.
Video 3 – How to think crypto agile
- Crypto agility is a mindset that requires a serious, forward-thinking approach to your business
- Risk mitigation is central to the crypto agile way of thinking
- It’s much more about how you think, than trying to solve the technical problems ahead
Summary
Cryptography has always been about risk-mitigation. It’s the question of how you value your business, and it might well be the last line of defense when it comes to protecting what’s important to you. In this video, Ali and Ben talk about the way we each think about our business, and how that impacts decisions we make when it comes to protecting it – how can we deploy solutions that are able to change? What level of risk is acceptable? It turns out that the real agility is in our thinking rather than our technology…
Video 4 – Celebrating the cryptography community
- There’s no mystery – cryptographers are really down-to-earth nice people
- Throughout the process, there have been lots of different characters putting work out to be scrutinized
- PQShield began because of this community of talented, friendly people
Summary
There’s no doubt that post-quantum cryptography is a complex field. In this clip, Ben and Ali reflect on the origins of PQShield as part of the wider cryptographic community and explain how great it is to be part of a community of unquestionably brilliant but genuinely down-to-earth cryptographers.
Video 5 – No can to kick down the road – it’s all about compliance
- Release of the standards has shifted the focus to compliance – no longer a can to kick down the road
- Tier 1 semiconductors are likely to be first to adopt
- Two-phase strategy focuses first on product changes, and then wider infrastructure changes depending on supply chain vendors
- Second half of 2024 likely to be about high level guidance from industry/regulatory bodies
Summary
Release of the standards has definitely shifted the focus – it’s now time to talk about how we deploy post-quantum cryptography, and where to start in the supply chain. In this video, Ben and Ali discuss compliance, particularly as industry builds around the certifications for PQC. The rest of 2024 is predicted to be about semiconductor manufacturers deploying first, followed by wider infrastructure. It’s likely that we’ll see more and more guidance from industry regulators.
Video 6 – Post-quantum is an era
- Post-standards, terminology is already starting to change
- These standards are now engineering-goals that should bring order
- Post-quantum is just a piece of a much larger ‘cryptography’ jigsaw puzzle
- We’re only really replacing RSA and ECC – but these form the overwhelming majority of PKI
- Many functions are not impacted by the quantum threat and don’t need to be replaced – AES, hash functions, etc.
Summary
The term ‘post-quantum’ defines an era when public key cryptography needs to be replaced with new technology. Release of the first PQC NIST standards has brought focus, particularly to engineers who now have a compliance goal to aim for, but PQC is simply a piece of a much larger cryptography jigsaw. In this video, Ali and Ben discuss some of the wider pieces of cryptography, many of which are not vulnerable to the quantum threat, but form essential components nevertheless, in the ‘post-quantum’ era.
Video 7 – Is it time to stop talking about PQC?
- The conversation has naturally shifted from talking about ‘quantum’ to compliance
- Post-quantum cryptography is the name of an era
- Cryptography modernization is a more relevant term to consider
- We’re in a phase of next-generation public-key cryptography systems
Summary
In this clip, Ben and Ali discuss the terminology of ‘post-quantum’. Is it still relevant? Is it misleading? Actually, we’re now moving into an era when the focus has shifted from the nature of the threat, to talking about compliance with the next generation of standards in public key cryptography. Those standards are intended to drive cryptography modernization in the world’s technology supply chain, and it’s a topic that we’re keen to talk much more about.
Video 8 – PQC in silicon
- PQShield produces PQC in silicon
- Standards implemented on a chip – testament to the expertise of PQShield
- Not just design but also deployment onto a chip
- Hardware, design and verification – the ability to understand what our partners/customers struggle with – we’ve gone through the process.
- Side-channel resistance – PQShield’s advanced SCA lab
- Better help for NIST in the additional call for digital signatures – we can run tests and implementations on our test chip
Summary
In this clip, Ben and Ali talk about PQShield’s silicon implementation of PQC – showing that we haven’t just designed PQC solutions, we’ve actually built our hardware IP onto a physical chip! This gives us great insight into the needs of our customers and partners, and also means we have a fantastic tool to help NIST in the ongoing call for digital signatures – being able to run tests and implementations in a real hardware environment.
Video 9 – Standardization – what’s next?
- NIST announced 4 algorithms that were going to be standardized
- Draft for FALCON expected for review, and will become a standard later
- Round 4 of KEMs (not from lattices) – NIST should select one or two
- Lattices, code-based and hash-based Digital Signatures – candidates in process, the effort continues
Summary
Back in 2022, NIST announced four algorithms were on the path to standardization. What happened to FALCON? And what can we expect next from NIST, following the publication of the first three PQC standards? In this video, Ben and Ali discuss NIST’s timeline, including FALCON, Round 4 KEMs, the necessary mix of lattice, code-based and hash algorithms, as well as the ongoing effort to select digital signatures.
For more in our Leadership Lounge series, why not subscribe to our YouTube channel.
To download our NIST whitepaper – “The new NIST standards are here: what does it mean for PQC in 2024?”, click here.