Quantum computers pose a grave threat to today’s encryption. Powerful quantum devices could break many widely used algorithms (like RSA and ECC) by solving their underlying math problems efficiently. Such advances mean that any “quantum encryption” based on these classical schemes would be broken. The solution is quantum-resistant cryptography (also called post-quantum cryptography, or PQC), new algorithms designed to resist attacks by quantum computers.
Quantum Cryptography vs. Post-Quantum Cryptography
There are two broad approaches to quantum-era security. Quantum cryptography (for example, Quantum Key Distribution) uses the laws of physics to secure communication. It relies on exchanging keys via quantum particles (photons), making eavesdropping detectable and theoretically unbreakable. However, quantum cryptography is still mostly experimental and requires expensive hardware.
Post-quantum cryptography (PQC), by contrast, uses advanced mathematical problems (lattice math, hash functions, etc.) to protect data from quantum attacks. PQC algorithms form the basis of post quantum encryption and quantum-proof encryption. They enable modern systems to perform encryption and signing in a way that even a quantum computer cannot easily defeat. In short, PQC provides practical quantum-resistant cryptography available today. ‘Quantum-proof encryption’ (sometimes written quantum proof encryption) refers to the same concept, encryption that remains secure against future quantum computers.
Understanding CNSA 2.0
CNSA 2.0 (Commercial National Security Algorithm Suite 2.0) is the NSA’s updated guideline for national-security encryption. Published in 2022 and updated in 2024, it specifies a suite of quantum-resistant algorithms for classified networks. CNSA 2.0 updates the earlier Suite 1.0 by removing or replacing algorithms vulnerable to quantum attacks. For example, CNSA 2.0 plans to phase out conventional RSA and ECC and instead use lattice- and hash-based algorithms that are believed to be secure against quantum attacks.
CNSA 2.0 also includes strict timelines for migration. The NSA is planning a gradual move to quantum-safe cryptography for National Security Systems (NSS). While organizations aren’t required to switch to post-quantum code signing before December 31, 2025, all new NSS systems must follow CNSA 2.0 standards by January 1, 2027. By 2031, quantum-resistant algorithms will be required across the board, with a full transition targeted by 2035. In practice, this means all new code should be signed with PQC schemes now, and existing signed code must be updated. The goal is that by 2030, NSS networks will exclusively use the CNSA 2.0 suite. Other key milestones outlined in the CNSA 2.0 roadmap include support for quantum-resistant algorithms in web browsers and cloud services by 2025, with full adoption expected by 2033. The NSA’s published timeline, often visualized in their official CNSA 2.0 transition graphic, helps organizations understand when and how to phase in compliant cryptography across systems. Including a version of this timeline can provide clarity and assist stakeholders in aligning their security upgrades with federal expectations.
Quantum-Safe Algorithms and Code Signing
What algorithms are included in CNSA 2.0? The suite prioritizes well-vetted post-quantum schemes:
- Hash-based Signatures: LMS and XMSS (from NIST SP 800-208) will be used for code signing and firmware validation. These hash-based methods are highly secure but require careful management of the signing state.
- Lattice-based Cryptography: CRYSTALS-Kyber (for encryption/key encapsulation) and CRYSTALS-Dilithium (for digital signatures) are included. These lattice-based algorithms were standardized by NIST as ML-KEM and ML-DSA respectively, and offer strong security with reasonable performance.
- Other PQC Candidates: Algorithms like SPHINCS+ and Falcon (stateless hash-lattice signatures) are approved as backup signature methods.
By implementing these algorithms, systems achieve true quantum-resistant encryption, ensuring the confidentiality and integrity of data even against future quantum attacks. The NSA and cryptographers stress crypto-agility: systems should be able to add or swap algorithms as standards evolve. In the transition period, many recommend hybrid approaches (combining classical and PQC) to guard against “harvest now, decrypt later” attacks where adversaries record encrypted data today for future decryption.
Preparing for a Post-Quantum Future
The move to PQC requires proactive planning. Here are key steps for organizations:
- Inventory All Crypto Assets: Catalog where keys, certificates, and encrypted data are used across infrastructure and software.
- Hybrid and Agile Solutions: Begin using products that support both traditional and quantum-resistant algorithms. This crypto-agile posture eases the eventual full switch to PQC.
- Upgrade Infrastructure: Ensure HSMs and cryptographic libraries can handle larger keys and new PQC algorithms.
- Audit and Test Legacy Systems: Examine all applications and devices handling cryptography. Identify systems tied to outdated algorithms and test PQC integration in a controlled environment. Plan upgrades or replacements so that software and hardware continue to operate smoothly under new ciphers.
- Stay Informed on Standards: NIST has finalized core PQC standards (CRYSTALS-Kyber, CRYSTALS-Dilithium, and SPHINCS+) and continues work on others. Follow CNSA 2.0 updates and related directives (such as the U.S. Executive Order on quantum security) to align your roadmap.
- Governance and Audit: Centralize cryptographic administration and visibility across your IT environment, and update security policies to require quantum-safe algorithms.
- Engage Experts and Platforms: Work with crypto specialists and consider unified PKI or crypto-management platforms. For example, Garantir provides enterprise crypto services that can integrate post-quantum encryption methods and manage code signing at scale, helping companies meet CNSA 2.0 requirements smoothly.
As NIST’s Dustin Moody advises, “anything worth doing takes time”, full integration of PQC will not happen overnight. Starting migration now reduces risk. Training, pilot projects, and architecture updates will ensure compliance with CSNA 2.0 (CNSA 2.0) guidelines and avoid costly retrofits later.
Urgency: The Race to Quantum-Safe
Multiple factors make the transition to quantum-resistant encryption urgent. In 2022, President Biden issued a memo directing U.S. agencies to deploy quantum-resistant cryptography. Similarly, many countries are moving toward PQC standards. The fundamental reason is data longevity: sensitive data might need to stay secret for decades. Adversaries could capture encrypted records today and decrypt them later, a “harvest now, decrypt later” attack.
NIST’s PQC project illustrates the timeline. The first post-quantum standards (CRYSTALS-Kyber and CRYSTALS-Dilithium,) were finalized in mid-2024, and more are in process. Agencies and vendors are expected to begin integration immediately. Given lengthy development and testing cycles, many security teams see 2025–2030 as a critical transition window. The quantum clock is ticking: organizations that ignore post quantum encryption will have to scramble to update outdated systems.
