SSH Communications joins NIST PQC migration consortium focused on quantum security

September 04, 2023

Defensive cybersecurity company SSH Communications Security has become part of the U.S. National Institute of Standards and Technology (NIST) Post-Quantum Cryptography Building Block Consortium, operated by the National Cybersecurity Center of Excellence (NCCoE). The consortium is a collaborative hub within NIST that works with industry, government, and academia to address cybersecurity challenges, paving the path for quantum-safe solutions in the U.S. and beyond.

The mission of the Consortium is to bring awareness to the issues involved in migrating to post-quantum algorithms and to develop practices to ease migration from current public-key algorithms to replacement algorithms. NIST does not evaluate commercial products under this Consortium or endorse any product or service used.

The collaborative research and development agreement CRADA (National cybersecurity center of excellence migration to post-quantum cryptography building block consortium cooperative research and development agreement) has been officially signed by SSH and NIST, solidifying the partnership between the two organizations. The agreement was signed on July 31, 2023, marking the company’s official inclusion in the NIST PQC (post-quantum cryptography) migration consortium.

In response to the critical need for enhanced cybersecurity against quantum threats, NIST published the first Federal Information Processing Standards (FIPS) draft of the preferred PQC algorithms, including CRYSTALS-KYBER and CRYSTALS-DILITHIUM, on Aug. 24, 2023. These algorithms were already selected for standardization last year and are expected to be finalized in 2024.

SSH welcomes the standardization move and is keen on the wider adoption of CRYSTALS-KYBER Key Encapsulation Mechanism (KEM) and future migration to the preferred PQC signature algorithms.

“The retroactive attacks on key exchange in network communication protocols like TLS, SSH, and IPsec require migration to PQC urgently in a safe manner to protect the key agreement from the quantum threat,” SSH Fellow Suvi Lampila, said in a Friday media statement. “We are pleased to contribute to the NIST PQC migration effort and also looking forward to the next step of migrating to quantum-safe signature algorithms that require even more industry-wide effort.”

“I am immensely proud that SSH Communications Security stands at the forefront of quantum-safe solutions, safeguarding the future of cybersecurity,” said Teemu Tunkelo, SSH CEO. “Our experts are not only engaged in pioneering quantum computing-resistant solutions but are also driving the search for the most robust algorithms to ensure the security of our customers and society’s communications once again. As we join hands with the NIST PQC Migration Consortium, we embark on a journey to shape a quantum-secure world for generations to come.”

In addition to the publication of the draft documents, the NIST has also sought comments on three draft FIPS documents covering post-quantum cryptography by Nov. 22.