NIST’s post-quantum cryptography standards: Our plans
Read about our product plans and predictions regarding NIST’s recent recommendations for post-quantum cryptography standards.
When quantum computing research began to emerge in the 1980s and ‘90s, experts were already thinking about how this new technology could be exploited for cyber attacks. As industry and nation-state sponsored projects began to create quantum computers, the US National Institute of Standards and Technology (NIST) recognized the need to build post-quantum secure cryptography.
In 2016, NIST sponsored a worldwide competition to address the threats posed by quantum computers. The competition received thousands of entries, and after evaluating multiple schemes over several iterations, in August 2024 NIST published three recommended cryptographic standards:
A fourth recommended standard, referred to as FN-DSA, based on FALCON, is expected later this year.
The publication of the initial Post-Quantum-Cryptography (PQC) standard schemes represents a significant milestone in the global effort to prepare for the arrival of quantum computers. These recommendations empower companies, technology providers, and users to adopt new encryption methodologies to help communications and data exchange remain secure when quantum computers become available at scale.
» The quantum computing threat
Despite the global race to develop quantum computers, many industry experts estimate that the availability of large-scale quantum computers is likely still a few decades away. Quantum computers are based on harnessing the quantum properties of subatomic particles, giving them exponentially greater computing capabilities than today’s fastest machines. Further, the development of Shor's algorithm, which is designed to run on quantum computers, has made it possible for bad actors to rapidly compromise the foundations of our current digital communications; public-key cryptography (PKC) algorithms such as RSA, ECC, etc.
Though the direct threat from quantum computers may still be decades in the future, enterprises need to:
- Take immediate steps to reduce security risks associated with long-lived sensitive data
- Develop a plan for learning and implementing quantum-safe solutions
- Stay informed on the evolving best practices
» Protect long-lived sensitive data
The immediate enterprise risk concerns the security of long-lived sensitive business data. Bad actors are already seeking to extract such data using what is commonly referred to as harvest-now-decrypt-later strategy in the security community.
Attackers often target improperly secured credentials or comprise insecure communications involving services and infrastructure that are intended to secure sensitive data. Once they gain access to sensitive data, they will exfiltrate and store the data on their own systems. Eventually, when quantum computers become available, the bad actor will leverage the computational power of quantum computers to crack the encryption and view the data.
To mitigate this risk, enterprises should enforce zero trust security policies and practices. The key to enterprises’ zero trust architectures will be a battle-tested, automated secrets management solution to act as your organization’s central identity broker. Secrets management solutions are the best way for enterprises to safeguard credentials, keys, and secrets, making it significantly harder for bad actors to gain access to sensitive data in the first place. And with best practices like dynamic secrets in place, access for attackers would be short-lived.
» Perform impact analysis of post-quantum solutions
While NIST has published standards for the initial set of post-quantum cryptography (PQC) algorithms, it takes time to develop production-grade implementations, including language support, libraries, testing, industry vetting, etc. The cryptographic community, vendors, and industry contributors are already collaborating with NIST-NCCOE towards that end.
However, it would be prudent for organizations to begin experimenting with available PQC implementations to assess potential changes needed to ensure that the existing systems can function across existing and quantum-based cryptography.
» HashiCorp’s approach for PQC
Given the experimental nature and the complexities of PQC-based solutions, HashiCorp plans to develop and deliver quantum and hybrid PQC solutions in a staged manner, starting with PQC support in the Vault transit secrets engine.
In upcoming Vault releases, HashiCorp plans to adopt or build PQC implementations for the three NIST-established PQC algorithms (and any subsequent standardized algorithms in the future) along with the associated key types in the transit secrets engine. We will continue to research and build support for hybrid schemes that enable current and post-quantum cryptography algorithms to coexist in transit and other Vault secrets engines. With this approach, enterprises can begin evaluating outputs and plan for changes.
Also, when the Go programming language and the standards bodies arrive at consensus in terms of maturity for hybrid schemes (schemes for PKI are one example) we plan to incorporate those implementations into Vault and other HashiCorp products.
» Combating the post-quantum threat
Given the extensive use of public key cryptography (PKC) protocols across enterprise systems and services, enterprises should consider creating a PQC readiness plan incorporating the following actions:
» Institute a post-quantum readiness program/task force
A PQC readiness task force can help with planning, accountability, and execution of PQC implementation. It can help the enterprise stay current on the latest developments from NIST- NCCoE/ETSI and assess third-party vendors based on their PQC plans.
» Prioritize and assess high-risk assets/data
High-risk assets may be defined in terms of business value and associated lifecycle management practices, such as backup and recovery procedures, end-of-life assets, audit, and archival. Threat actors, for example, often target assets and data that are not closely monitored compared to actively used assets.
» Discover and inventory cryptographic usage and dependencies
Successful PQC implementation requires understanding the use of current cryptography. Tracking cryptographic usage is also a security best practice for developing crypto-agility, which is the ability to rapidly switch cryptographic algorithms should the currently used algorithm become vulnerable.
» Enforce zero trust security
Continue to ensure existing systems and services are patched in a timely manner and enforce current security best practices. Use HashiCorp Vault to secure and automate the secret lifecycle. This helps mitigate the risk of threat actors accessing and egressing sensitive data.
» Migration plan
An enterprise migration plan for implementing PQC solutions should include fallback mechanisms to smooth the transition and minimize operational impact.
» Monitoring
PQC implementation is a complex, wide-ranging, long-haul enterprise effort. That makes it critical for enterprises embarking on the PQC journey to establish an ongoing governance program to monitor progress along the way.
» What’s next for PQC?
HashiCorp welcomes the arrival of the NIST recommendations and is preparing to deploy post-quantum-safe algorithms. We expect large-scale adoption of ML-KEM as support is added and it becomes the new default key agreement. Organizations should update their systems as ML-KEM capable upgrades become available.
Adoption of the ML-DSA and SLH-DSA standards will take longer as data migration paths must be considered. As the security community works toward consensus, the adoption and usage of ML-DSA and SLH-DSA will continue to gain momentum, although NIST predicts the first post-quantum certificates won’t be commercially available until 2026.
Cryptography is at the heart of HashiCorp products. As industry leaders in secrets management, we are fully cognizant of our crucial role in protecting critical enterprise services and infrastructure. We will continue to provide additional information regarding NIST PQC status and our guidance regarding Vault implementations related to PQC in the HashiCorp blog.
Please reach out to sales or support teams if you have additional questions.
» Additional PQC resources
- NIST website
- NIST recommendations
- ML-KEM, ML-DSA, and SLH-DSA technical standards
- Verify your browser is post-quantum secure
Sign up for the latest HashiCorp news
More blog posts like this one
HashiCorp at re:Invent 2024: Infrastructure Lifecycle Management with AWS
A recap of HashiCorp infrastructure news and developments on AWS from the past year, from a new provider launch to simplifying infrastructure provisioning and more.
HashiTalks 2025: 24-hours of virtual knowledge sharing
HashiTalks returns on February 20, 2025. Join our global community for 24-hours of knowledge sharing. The call for proposals is open through December 1, 2024.
5 reasons to visit HashiCorp at AfroTech ‘24
Raffles, free certifications, and recruiter conversations are just a few reasons to visit the HashiCorp booth during AfroTech.