PQC algorithms have been through a rigorous standardisation process run by NIST (the US national standards body) with extensive global scrutiny from experts in academia, industry and governments. Implementations are already being developed and deployed in some operational systems, and PQC will continue to be integrated into security protocols and widely used libraries. As well as offering authentication, PQC also includes mechanisms for agreeing cryptographic keys. The NCSC recommends PQC as the primary mitigation to the threat to cryptography from quantum computing, and has issued guidance on timelines for PQC migration.”
The NCSC will not support the use of QKD for government or military applications. PQC is the best mitigation to the threat to cryptography from quantum computers.
For other sectors, the NCSC recommends that QKD should not be solely relied upon for generating and distributing cryptographic keys. The use of QKD systems should not constitute evidence towards assessments of security of data-in-transit under the NCSC’s Cyber Assessment Framework.
Where organisations are considering using QKD, they should ensure that robust quantum-resistant mechanisms for authentication are implemented alongside them, and that they take appropriate steps to ensure they manage any additional cyber security risks arising from the increased complexity.
Origin of text and information: https://www.ncsc.gov.uk/whitepaper/quantum-networking-technologies
Picture by Dynamic Wang on Unsplash