Action by a government standards agency on potential post-quantum cryptographic algorithms will strongly boost the PQC market over the next five years, according to an international research and consulting firm.
In its recently released post-quantum cryptography application analysis report, ABI Research predicted that PQC revenue would increase by 12% from US$196 million in 2022 to US$218.6 million in 2023 and 20%, from $328.7 million in 2026 to $395.3 million in 2027.
The report notes that the nascent market will kick into high gear when the National Standards Institute finalizes its choice of PQC algorithms.
“NIST is the primary standards development organization leading the development of PQC algorithms, and much depends on the successful conclusion of this process, after which work on integrating algorithms and updating protocols can be advanced by other organizations, industry consortia, and open source movements,” Michela Menting, ABI’s Director of Cybersecurity Applications Research, said in a statement.
“Progress in these forums will be a sign of technology maturity, and the goal for vendors will be to showcase “plug and play” types of technologies for their respective industries, thereby facilitating commercial integration and adoption. “
“The field took a significant step forward when NIST announced that it had selected four encryption and digital signature algorithms to establish quantum security standards by around 2024,” said Ray Harishankar, head of the quantum security at IBM, at TechNewsWorld.
Preparing for the PQC migration
ABI’s growth predictions came as no surprise to some in the quantum realm. “Since NIST’s last announcement, the cork has partially come out of the bottle,” Ben Packman, senior vice president of strategy at PQShield, a cryptography standards developer in Oxford, UK, told TechNewsWorld.
“Many of them were waiting to see what NIST would announce to start thinking about their plans to migrate to PQC,” he explained.
“I say partially out of the bottle because until these standards are ratified – probably in 2024 – this is just the promise of a standard. Nonetheless, it allows people to plan with some certainty,” he added.
When the standards are finalized, they will have a significant impact on the tech industry as everyone from vendors to standards bodies will need to adopt changes and update protocols that rely on cryptography, Samantha Mabey, director of product marketing management for Entrust, an identity solutions provider in Shakopee, Minnesota, explained to TechNewsWorld.
In addition to vendors and standards bodies, anyone with secrets that are to remain confidential for more than 10 years should closely monitor NIST’s work, as this period is well within the quantum risk timeframe, Anderson Cheng added. , CEO of Post Quantum, a quantum-safe crypto, blockchain and digital identity company in London.
Cheng told TechNewsWorld that the NSA, GCHQ, DOD and MI6 are having their encrypted data siphoned off right now. “From time to time, their Internet traffic is diverted to an Eastern European country for two or three hours at a stretch and then goes back to normal. The consensus is that Russia or some adversaries have done repeats for suck the data and decrypt it later.
NIST is not alone in preparing cryptography standards for the post-quantum era. “There is also work underway in other standards bodies – such as the IETF – to update secure message formats – such as S/MIME email and code signing – and secure protocols – like TLS – to embrace PQC, which includes the formalization of hybrid cryptographic data structures – like composite certificates – for those who don’t think they’re ready to put all their eggs in the post-quantum basket just yet” , Mabey said.
Achieving ABI’s projected revenue growth will require overcoming many challenges. For example, the PQ solution situation will likely remain fluid for some time. “As we transition to PQ-safe algorithms today, we need to recognize that this is a less mature set of algorithms and it is important to remain agile as these may also need to be replaced. in the future,” Mabey noted.
The technological requirements imposed by PQC solutions will be a challenge for both suppliers and customers. Mabey emphasized that organizations will need to perform a health check of their technology and the cryptography that exists in their infrastructures today to ensure they have the scale and the right technologies to support the power of additional computation required by these new algorithms.
The breadth and diversity of existing commercial cryptographic applications will be another challenge for PQC. Migrating something like TLS, for example, is relatively straightforward. You add the new cipher suites to the list, and if both peers support them, they are used. Otherwise, you go down the list to something that both peers support.
“Compare that with a data warehouse containing encrypted data for the past 30 years or a PKI-enabled ID badge, e-passport or gift card,” Mabey said. “You can upgrade the card to do PQ, but what happens when it encounters a terminal that hasn’t been upgraded since 2015?”
PQC is going to require a shift in how people think about deploying crypto, Packman said. “In the past, people would cook in something and forget about it,” he explained. “With the advancement of computers, it’s obvious now that things need to be continuously updated over time. There has to be some agility in how people implement crypto. There will be different types of algorithms for different types of scenarios.
#NIST #Action #Heat #PostQuantum #Crypto #Market #Report