The National Security Agency published comprehensive guidelines for organizations to begin transitioning to post-quantum cryptographic algorithms before 2030.
The National Security Agency has published its highly anticipated guidelines for transitioning to post-quantum cryptographic algorithms. The document outlines a timeline for federal agencies and critical infrastructure operators to migrate away from algorithms that could be broken by future quantum computers.
The NSA recommends immediate adoption of CRYSTALS-Kyber for key encapsulation and CRYSTALS-Dilithium for digital signatures, both recently standardized by NIST. Organizations are advised to begin their cryptographic inventory now to identify systems requiring upgrades.
The guidance acknowledges that while large-scale quantum computers capable of breaking current encryption may still be years away, the threat of harvest now decrypt later attacks, where adversaries collect encrypted data today to decrypt when quantum computers become available, makes immediate action necessary.
Critical infrastructure sectors including energy, finance, and telecommunications are given priority migration timelines. Federal agencies must complete their transitions by 2030 under the new mandate.
The NSA has also published technical implementation guides for each recommended algorithm, along with testing frameworks organizations can use to validate their implementations.