While quantum computing is years away from practical deployment, it will pose a major threat to software supply chain security — and now is the time for security teams to prepare for that. A significant step was recently taken in spurring preparedness when the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) introduced its principal set of encryption algorithms designed to withstand attacks from a quantum computer.
Encryption tools rely on complex math problems that conventional computers find difficult or impossible to solve, NIST explained in a statement. However, a sufficiently capable quantum computer would be able to sift through a vast number of potential solutions to these problems very quickly, thereby defeating current encryption. The algorithms NIST has standardized are based on different math problems that would stymie both conventional and quantum computers.
Dustin Moody, who heads NIST's Post Quantum Cryptography (PQC) standardization project, said in a statement:
“These finalized standards include instructions for incorporating them into products and encryption systems. We encourage system administrators to start integrating them into their systems immediately because full integration will take time.”
As quantum computing technology advances, existing cryptographic algorithms could become vulnerable to attacks, a threat that is particularly acute for public-key algorithms and the security of software supply chains, which rely heavily on cryptographic methods to ensure the integrity and authenticity of software components. By implementing PQC, organizations can ensure that these components are secure against future quantum threats. That will involve evaluating and selecting third-party cryptographic components that align with PQC standards and strategies.
The NIST algorithms mark the start of a new era for CISOs and their security teams, said Duncan Jones, head of cybersecurity at Quantinuum, an international quantum computing hardware and software company.
"Moving forward, public and private sectors alike must pursue a layered, defined strategy that includes PQC as well as cybersecurity solutions that leverage quantum mechanics, such as proven quantum randomness for encryption-key generation. When combined with PQC algorithms, these quantum-derived technologies can help protect against a far fuller range of threats posed by quantum computers."
—Duncan Jones
Here's why NIST's new quantum protection standards matter for bolstering software supply chain security.
[ See RL's new Essential Guide: Software Supply Chain Security for Dummies ]
NIST's quantum protection standards: Eight years in the making
Three finalized federal information processing standards (FIPS) were announced by NIST on August 13:
- FIPS 203 is intended as the primary standard for general encryption. Among its advantages are comparatively small encryption keys that two parties can exchange easily and its speed of operation. The standard is based on the CRYSTALS-Kyber algorithm, which has been renamed ML-KEM, short for Module-Lattice-Based Key-Encapsulation Mechanism.
- FIPS 204 is intended as the primary standard for protecting digital signatures. It uses the CRYSTALS-Dilithium algorithm, which has been renamed ML-DSA, short for Module-Lattice-Based Digital Signature Algorithm.
- FIPS 205 is also designed for digital signatures. This standard employs the Sphincs+ algorithm, which has been renamed SLH-DSA, short for Stateless Hash-Based Digital Signature Algorithm. The standard is based on a different math approach than ML-DSA and is intended as a backup method in case ML-DSA proves vulnerable.
Skip Sanzeri, founder and COO of QuSecure, expressed enthusiasm about NIST's big PQC push.
“It is very exciting that NIST has finally announced the first approved post-quantum algorithms, which are the result of a more than eight-year effort. Overall, this is the first significant upgrade to cryptography in over 20 years.”
—Skip Sanzeri
Sanzeri said the time is now for global enterprises to begin testing post-quantum cybersecurity on their network communications "so little time is wasted before quantum computers become powerful enough to break weaker forms of encryption."
Enterprises should consider cryptographic agility, because it’s expected that post-quantum algorithms will change over time. “It is vital to have the means to hot-swap algorithms, key strengths, and cryptographic libraries. With quantum computing and AI becoming more powerful, public-key encryption is at a greater disadvantage every day," Sanzeri said.
The time to plan for post-quantum protection is now
Although practical quantum computers may be 10 years or more away, adversaries have already begun preparing for that day. “We know that data stolen today could be decrypted at any time in the future, and sensitive data such as health records or financial data falling into the wrong hands would be damaging,” Quantinuum's Jones explained. “We work with a wide range of enterprise customers, and it’s clear that successful CISOs recognize quantum is an ally as well as a threat.”
QuSecure's head of product, Meg Gleason, said that it's essential to recognize that attacks on our data encryption — prompted by the anticipated threats from quantum computing — will not arrive with any prior warning.
“Now that the standards are here, it's the responsibility of business and security leaders to implement these new algorithms and protect the data their organizations and customers depend on."
—Meg Gleason
Adam Everspaugh, a cryptography expert at Keeper Security, said the cybersecurity industry must prioritize integrating NIST’s new cryptographic standards into existing systems. "While this process is complex and time-consuming, the time to act is now. The collaboration between NIST, CISA, NSA and the broader cybersecurity community has been crucial in reaching this milestone, and continued cooperation will be vital as we move forward,” he said.
The challenges for IT and security teams are significant, from ensuring compatibility with existing systems to managing the transition of cryptographic keys, Everspaugh said.
“However, the urgency of this shift cannot be overstated. The potential for quantum computers to break widely used encryption algorithms like RSA and elliptic curve cryptography is a very real threat that could compromise the security of sensitive data worldwide.”
—Adam Everspaugh
Assuming that cryptographic schemes like RSA and ECC will be rendered insecure by quantum computers around 2029 or 2030, Jason Soroko, senior vice president of product at Sectigo, recommended this timetable for becoming quantum-secure:
- In the short term (1-2 years), organizations should assess current cryptographic systems, conduct audits, and initiate PQC pilots, ensuring vendor adoption of NIST standards.
- In the medium term (3-5 years), focus should be on deploying PQC in production environments and monitor Quantum Key Distribution (QKD) advancements for potential integration. QKD uses quantum physics to allow two parties to exchange encryption keys completely securely, providing additional layers of security and making it impossible for even quantum-powered hackers to eavesdrop on communications.
- In the long term (5-10 years), aim for full PQC implementation across critical systems, with QKD considered for highly sensitive sectors.
Why a proactive approach to software supply chain security is key
As quantum computing technology continues to advance, the security of software supply chains is facing a significant threat. By adopting post-quantum cryptographic algorithms, organizations can protect their software supply chains from future quantum-enabled cyberthreats, ensuring the confidentiality, integrity, and authenticity of their software components. This proactive approach is essential for maintaining robust cybersecurity in the face of the evolving technological challenges in a post-quantum world.
