Abstract
As the prospects for scaled quantum computing steadily improve, there is an important disruption emerging in response within the world of security: post-quantum cryptography, or PQC. In the 1990s, Peter Shor showed that if scaled quantum computers were to exist, they could be used to efficiently break trap door functions underlying our widely used public key cryptography algorithms (RSA, DSA, ECDSA, ECDH). Various US government agencies have issued reports on this concern, including NIST which embarked on a standardization effort to select new algorithms with the help of the cryptography community as of 2016. But while NIST will address the problem of new algorithms, many organizations feel puzzled at the uncertain timeline for PQC and the lack of guidance on the path forward with migration. In this paper, we discuss the problem of PQC readiness from an organization’s point of view, providing recommendations on how to understand the landscape and guidance on what can and should be done in a phased manner. While scaled quantum computing may seem a distant concern, we believe there are good reasons for an organization to start now in developing its understanding of the situation and creating a phased action plan toward PQC
readiness.