MITRE launches post-quantum cryptography coalition to boost adoption in commercial, open source technologies

Not-for-profit organization MITRE announced Tuesday the launch of post-quantum cryptography (PQC) coalition to drive progress toward broader understanding and public adoption of PQC and the National Institute of Science and Technology’s (NIST) PQC algorithms. Made up of a community of technologists, researchers, and expert practitioners, the PQC Coalition has as its founding coalition members – IBM Quantum, Microsoft, MITRE, PQShield, SandboxAQ, and University of Waterloo.

The PQC Coalition will apply its collective technical expertise and influence to facilitate global adoption of PQC in commercial and open-source technologies. Coalition members will contribute their expertise to motivate and advance interoperable standards and technical approaches and step forward as knowledgeable experts in providing critical outreach and education. 

MITRE added that with the collective energies of the coalition, maturing technology and readying the ecosystem for the post-quantum transition can be worked in parallel with NIST and alongside the National Cybersecurity Center of Excellence’s PQC Migration Project to provide comprehensive information, technology, and guidance for the community.

The July 2022 selection by NIST of four PQC algorithms represented the first step toward enabling a PQC migration. In August 2023, NIST released draft standards for three of the four algorithms. A draft standard for FALCON, the fourth algorithm, is expected to be released in 2024. 

“Moving from developing and assessing the theory behind these algorithms toward transition planning and standardization and integration of the algorithms into libraries, protocols, and commercial technology is no small task,” MITRE assessed. “Preparing for a PQC transition includes developing standards for the algorithms; creating secure, reliable, and efficient implementations of those algorithms; and integrating the new post-quantum algorithms into cryptographic libraries and protocols. The defensive value of post-quantum cryptography to the world depends on all these preparatory steps, plus the actual deployment of PQC in computer systems and products.”

The coalition initially will focus on four workstreams – advancing standards relevant to PQC migration; creating technical materials to support education and workforce development; producing and verifying open-source, production-quality code, and implementing side-channel resistant code for industry verticals, and ensuring cryptographic agility.

“Quantum computers may not be here yet, but their impending arrival is already bringing both opportunities and threats to national and economic security,” Charles Clancy, chief futurist and senior vice president at MITRE, and general manager of MITRE Labs, said in a media statement. “Government and industry need to move together with urgency so that sensitive data and communications are not vulnerable to exposure in the future.”

“The PQC Coalition is well-positioned with both the knowledge and expertise to facilitate a smooth and rapid global transition to PQC and the adoption of crypto-agility for widespread quantum resistance,” according to Jen Sovada, president of the public sector at SandboxAQ. “As a charter coalition member, SandboxAQ will leverage its deep public- and private-sector connections to create broader issue awareness, drive development and implementation of PQC solutions, and help streamline the process for organizations to migrate to PQC.”

“IBM has played a key role in driving the development of the new NIST algorithms and has also begun implementing the algorithms in our own technologies and client solutions,” Mike Osborne, CTO, Quantum Safe, IBM Quantum, commented. “Now the time has come to look at the greater industry perspective, and we are delighted to be a charter member of this coalition.”

“In the ever-evolving landscape of cybersecurity and as quantum technology continues to advance and change the world, our commitment to the security of our products and customers has never been stronger,” said Inbar Badian, Quantum Safe Program Lead, Office of the CTO, Microsoft Security. “Joining the Post-Quantum Cryptography Coalition is another example of our dedication to being a trusted partner across industry and government towards building a quantum-safe future together.”

Ben Packman, senior vice president, PQShield, added, “PQShield is proud to be a founding member of the PQC Coalition, where our expertise and already commercially deployed PQC hardware and software can be leveraged, alongside fellow members, to help to modernize the vital systems and components in the world’s technology supply chain—a key building block to support both government and enterprise migration plans globally.”

“The research community has been working for the past decade to design and evaluate post-quantum cryptography algorithms that we can rely on,” said Douglas Stebila, professor at the University of Waterloo and co-founder of the Open Quantum Safe open-source software project. “The PQC Coalition will advance the deployment and adoption of these algorithms by bringing together key players across industry, academia, and government.”

Earlier this month, MITRE’s Caldera team released Caldera for OT, a collection of plugins designed to support common industrial protocols in the realm of operational technology (OT). These initial Caldera for OT (operational technology) extensions were developed in partnership with the Homeland Security Systems Engineering and Development Institute (HSSEDI), a federally funded research and development center that is managed and operated by MITRE for the U.S. Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA) to increase the resiliency of critical infrastructure.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.