A government standards agency’s crackdown on potential post-quantum cryptographic algorithms will strongly stimulate the PQC market over the next five years, according to an international research and advisory firm.

In its recently released Post-Quantum Cryptography Applications Analysis report, ABI Research predicts PQC revenue to grow 12% from US$196 million in 2022 to $218.6 million in 2023 and 20% from $328.7 million in 2026 to 2027 395.3 million dollars.

The nascent market will kick into high gear once the National Institute of Standards finalizes its choice of PQC algorithm, the report said.

“NIST is the foremost standards development organization leading PQC algorithm development, and depends on the successful completion of this process, after which work on algorithm integration and protocol updates is advanced by other organizations, industry associations, and open source movements.” “ABI Cyber ​​Security Applications Research Director Michaela Menting said in a statement.

“The progress of work in these forums will be a sign of technology maturity, and the goal for vendors will be to introduce ‘plug and play’ type technologies to their respective industries, allowing commercial integration and ease of adoption.”

Ray Harishankar, quantum safe lead at IBM, told TechNewsWorld, “When NIST announced that it has selected four encryption and digital signature algorithms to build quantum-secure standards by 2024, the field took an important step.” Is.”

Preparing for PQC Migration

The ABI’s growth forecast was not surprising to some in the quantum domain. “Since the latest NIST announcement, the cork has partially come out of the bottle,” Ben Packman, senior vice president of strategy at PQShield, a cryptography standards developer in Oxford, UK, told TechNewsWorld.

“They were a lot of people who were waiting to see what NIST would announce to think about their plans for migration to PQC,” he explained.

“I say out of the bottle partly because until those standards are ratified in 2024 – it is just the promise of a standard. Still, it allows people to plan with some certainty, ” They said.

When the standards are finalized, they will have a significant impact on the technology industry because everyone from vendors to standards bodies relying on cryptography will need to adapt to the changes and updated protocols, Samantha Mabe, product marketing management for Entrust Director, an identity solutions provider from Shakopee, Minn., explained to TechNewsWorld.

Post CEO Anderson Cheng said, in addition to vendors and standards bodies, anyone who needs to keep a secret for more than 10 years needs to follow NIST’s work closely, because that time period is at quantum risk. Well within the time limit. Quantum, a quantum-secure encryption, blockchain and digital identity company based in London.

Cheng told TechNewsWorld that the NSA, GCHQ, DOD and MI6 are seeing their encrypted data stolen right now. “From time to time, their internet traffic is being diverted to some Eastern European country for two or three hours at a time and then back to normal. The consensus is that Russia or some adversary is conducting rehearsals to suck up the data and decrypt it later.

NIST is not alone in crafting cryptography standards for the post-quantum era. “Work is also underway at other standards bodies – such as the IETF – to update secure message formats – such as S/MIME email and code signing – and secure protocols – such as TLS – to adopt PQC, which includes hybrid cryptographic data structures. including formalizing systems — such as composite certificates — for those who don’t think they’re ready yet to put all their eggs in the post-quantum basket,” Mabe said.

infrastructure review

Achieving the revenue growth forecast by ABI will require overcoming several challenges. For example, the PQ solution state is likely to remain unstable for some time. Mabe said, “While we move to PQ-safe algorithms today, we must acknowledge that they are a less mature set of algorithms and that it is important to remain agile as they may still need to change in the future. “

The technology demands posed by PQC solutions will be a challenge for both vendors and customers. Mabe pointed out that organizations will need to do a health check on their technology and the cryptography that exists in their infrastructure today to ensure that they have the right scale to support the additional computing power required by these new algorithms. There are other technologies.

Another challenge facing PQC will be the breadth and diversity of existing commercial cryptographic applications. For example, migrating to something like TLS is relatively simple. You add new cipher suites to the list, and if both peers support it, it is used. Otherwise, you go down the list that both partners support.

“Contrast that with data warehouses containing encrypted data over the last 30 years or with PKI-enabled ID badges, ePassports or gift cards,” Mabe said. “You can upgrade the card to PQ, but what happens when it encounters a terminal that hasn’t been upgraded since 2015?”

Packman said that PQC requires a change in the way people think about implementing cryptography. “In the past, people would cook in something and forget about it,” he explained. “With the advancement of computers, it is now clear that things need to be constantly updated over time. There needs to be some agility in the way people implement cryptography. Different types for different types of scenarios. will have algorithms.”