The Linux Foundation has announced the formation of the Post-Quantum Cryptography Alliance (PQCA), a collaborative initiative to drive the development and adoption of post-quantum cryptography. The PQCA brings together industry leaders, researchers, and developers to address the security challenges posed by quantum computing, through the production of high-assurance software implementations of standardized algorithms, while supporting the continued development and standardization of new post-quantum algorithms.
Quantum computing is a technology that uses the principles of quantum physics to perform computations that are exponentially faster than classical computers. Quantum computing has the potential to enable breakthroughs in various fields, such as artificial intelligence, medicine, and chemistry. However, quantum computing also poses a threat to the current cryptography that secures the internet and other digital systems.
Current cryptography relies on mathematical problems that are hard to solve for classical computers, but easy to verify. For example, the widely used RSA algorithm is based on the difficulty of factoring large numbers into their prime factors. However, quantum computers can use algorithms such as Shor’s algorithm to solve these problems much faster than classical computers, and thus break the encryption.
Therefore, there is a need for new cryptographic algorithms that can resist quantum attacks, and that can be integrated into existing systems and protocols. These algorithms are known as post-quantum cryptography, or quantum-resistant cryptography.
PQCA aims to be the central foundation for post-quantum cryptography
The PQCA aims to be the central foundation for organizations and open source projects seeking production-ready libraries and packages to support their alignment with the U.S. National Security Agency’s Cybersecurity Advisory concerning the Commercial National Security Algorithm Suite 2.0. The PQCA will support the advancement of securing sensitive data and communications in the post-quantum era.
The PQCA will engage in various technical projects to support its objectives, including the development of software for evaluating, prototyping, and deploying new post-quantum algorithms. By providing these software implementations, the foundation seeks to facilitate the practical adoption of post-quantum cryptography across different industries.
The PQCA will also host the new PQ Code Package Project, which will build high-assurance production-ready software implementations of forthcoming post-quantum cryptography standards, starting with the ML-KEM algorithm.
PQCA has support from leading companies and institutions
The PQCA has support from leading companies and institutions in the fields of technology, security, and research. The founding members of the PQCA include Amazon Web Services (AWS), Cisco, Google, IBM, IntellectEU, Keyfactor, Kudelski IoT, NVIDIA, QuSecure, SandboxAQ, and the University of Waterloo.
Several members of the PQCA have played major roles in the standardization of post-quantum cryptography to date, including as co-authors of the first four algorithms selected in the NIST Post-Quantum Cryptography Standardization Project (CRYSTALS-Kyber and CRYSTALS-Dilithium, Falcon, and SPHINCS+).
One of the launch projects of the PQCA is the Open Quantum Safe project, which was founded at the University of Waterloo in 2014 and is one of the world’s leading open-source software projects devoted to post-quantum cryptography.
The PQCA also collaborates with other organizations and initiatives that are working on post-quantum cryptography, such as the Open Source Security Foundation (OpenSSF), the Cloud Native Computing Foundation (CNCF), and the Internet Engineering Task Force (IETF).