Navigating International Post-Quantum Cryptography Requirements: Key Insights for Vendors
As quantum computing improves, governments worldwide are developing post-quantum cryptography (PQC) regulations to protect national security systems. The document "International PQC Requirements" gives a comprehensive examination of the changing regulatory landscape in various nations. This developing change presents both obstacles and opportunities for technology suppliers looking to ensure compliance with national cryptographic standards, especially as disparities between these standards emerge.
According to the report, countries including the United States, United Kingdom, Germany, France, and others have already begun to include PQC algorithms into their national cryptographic frameworks. Notably, the US National Institute of Standards and Technology (NIST) is at the forefront of standardizing novel key encapsulation mechanisms (KEMs), such as ML-KEM. NIST's work is used as a reference point in many nations, however misalignments continue amongst national bodies, particularly when it comes to quantum-resistant KEMs.
For example, the US Committee on National Security Systems (CNSA 2.0) accepts the highest variation of ML-KEM for National Security Systems (NSS), while the UK's National Cyber Security Centre (NCSC) supports a lower variant. Germany's BSI and France's ANSSI provide more diversified suggestions, including algorithms such as FrodoKEM and Classical McEliece, complicating the compliance picture. When faced with this diversity, providers may need to support and certify several KEMs to suit the requirements of different countries. Fortunately, the majority of examined countries agree on some version of ML-KEM, allowing suppliers to focus on it as a basic algorithm.
Signature algorithms, which are necessary for secure software and firmware signing, tell a similar scenario. NIST is currently standardizing numerous post-quantum signature systems, and its decisions have influenced suggestions from other countries. However, different preferences are obvious. The USA's CNSA 2.0 requires Stateful Hash-Based Signatures (HBS) such as LMS/XMSS for software signing but does not endorse some methods recommended by other countries such as the UK and France. This difference affects vendors' decisions, particularly when it comes to managing the intricacies of stateful signature schemes.
Hybrid key exchange, which mixes conventional and post-quantum methods for increased security, is widely accepted in the examined countries, albeit with variable degrees of excitement. NIST's acceptance of hybrid techniques has been widely accepted, however the US's CNSA 2.0 argues for pure post-quantum solutions within the next decade. In the meantime, other countries, such as Germany and France, have demonstrated a greater willingness to use hybrid approaches. In contrast, hybrid signatures—a similar concept but applied to signatures—are viewed with suspicion, with certain European governments advocating their adoption while the USA and UK prefer pure post-quantum signatures to prevent potential migration difficulties.
Hash function and symmetric encryption recommendations are less divergent, with most countries agreeing on the usage of algorithms such as SHA-256 and SHA-384, as well as AES-128 and AES-256. However, there is significant divergence in terms of conservativeness; for example, while the United States continues to recommend AES-128, its CNSA 2.0 has long demanded AES-256 because to increased worries about quantum attacks.
The publication emphasizes that, while there is broad consensus on the sorts of algorithms being used, there are considerable disparities in specific suggestions and criteria between countries. These distinctions are likely to endure as countries weigh security against the practical obstacles of cryptographic transformations. As a result, vendors looking for worldwide compliance face a complicated environment. They must manage a patchwork of legislative regulations while also addressing the technical problems of deploying numerous cryptography methods. This compliance expense may be especially burdensome for companies operating in countries with differing recommendations.