MID-082: Post-quantum Cryptography

Mitigation Tier: Intermediate

Description

Post-quantum cryptography refers to a class of cryptographic algorithms that are resistant to attacks by quantum computers, which could otherwise undermine the non-quantum-resistant algorithms’ cryptographic guarantees (e.g., RSA, Diffie-Hellman, ECC, etc.). By using these post-quantum algorithms, devices can make their communications more secure against attacks by future quantum computers which may enter practical use during the expected lifetime of the device.

Limitations: Current post-quantum cryptographic schemes and algorithms are still emerging [2][3] and may require some time before implementations become widely available in cryptographic libraries (see MID-027) and hardware modules (MID-060).

IEC 62443 4-2 Mappings

• CR 4.3 – Use of cryptography

References

[1] L. Chen, S. Jordan, Y. Liu, D. Moody, R. Peralta, R. Perlner, and D. Smith-Tone. “NIST IR 8105 - Report on Post-Quantum Cryptography.” nist.gov. Accessed: Aug. 28, 2024. [Online.] Available: https://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8105.pdf

[2] NIST. “NIST Announces First Four Quantum-Resistant Cryptographic Algorithms.” nist.gov. Accessed: Aug. 28, 2024. [Online.] Available: https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms

[3] NIST. “NIST Releases First 3 Finalized Post-Quantum Encryption Standards.” nist.gov. Accessed: Sep. 5, 2024. [Online.] Available: https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards

MID-082