《PQC迁移实地指南.pdf》由会员分享,可在线阅读,更多相关《PQC迁移实地指南.pdf(24页珍藏版)》请在三个皮匠报告上搜索。
1、14/05/2025A Field Guide to PQC MigrationTactics,Techniques,and ProceduresMark CarneyQ-Day is coming.What the Quantum Threat means to common cybersecurity requirements ConfidentialityIntegrityAvailabilityCertificate ManagementTransport Layer SecurityDigital SignaturesEncrypted Confidential CommsIPSec
2、 TunnelsKey ManagementIdentity ManagementData ClassificationsInfrastructure Administration=potentially Affected by quantum techThe Dragon-Q-Day is Coming!14THAPRIL 2030Quantum technology is expected to reach the maturity enough to be a valid threat against currently in-use cryptography on:Source:htt
3、ps:/cloudsecurityalliance.org/research/working-groups/quantum-safe-security/(its a Sunday)Yr2425262728293031323334Time to Q-DayUK PoliceCommercial DataTax RecordsFinancial RecordsGovernment RecordsMortgages/Govt Bonds(digital signatures)-30-50yrsData Retention Periods vs.Q-Day Estimates a ChartNIST
4、Is Coming Look Busy!New Algo NameOld Algo NameFIPS#FIPS TitleML-KEMCRYSTALS-KYBER203Module-Lattice-Based Key-Encapsulation MechanismML-DSACRYSTALS-DILITHIUM204Module-Lattice-Based Digital Signature StandardSLH-DSASPHINCS+205Stateless Hash-Based Digital Signature StandardFN-DSA*FALCONTBCTBC Something
5、 Something FFT over NTRU Lattices Something something DSA or sim.*Falcon was also called NL-DSA in initial documentation,but this was too close to ML-DSA so FN-DSA is currently used.Source-https:/ Agility OODA Loops for CryptographersCompare cryptographic assets to Requirements(Regulations or best p
6、ractices)Decide where to make changes and in what order.Replace any cryptography identified as not fit for purposeMonitor changes in cryptography standards and/or internal codeLocate all cryptography in an initial discoveryBenefits of Crypto-AgilityAbility to automate cryptography-e.g.Certificates n