The Linux Foundation today announced the launch of the Post-Quantum Cryptography Alliance, an open and collaborative effort that brings together chip makers, cloud providers, researchers and developers to address the cryptographic security challenges posed by quantum computing.

The founding members of the Post-Quantum Cryptography Alliance include Amazon Web Services Inc., Cisco Systems Inc., Google LLC, International Business Machines Corp. (IBM), IntellectEU N.V., Keyfactor Inc., Kudelski IoT,  NVIDIA Corp., QuSecure Inc., SandboxAQ and the University of Waterloo.

Quantum computing poses significant cryptographic security challenges given its potential to break the current cryptographic protocols that secure digital communications and data.

Traditional cryptographic systems such as RSA and Elliptic Curve Cryptography rely on the computational difficulty of problems that are feasible for classical computers to solve in a reasonable time frame. However, with their ability to process information through quantum bits, quantum computers can solve these problems much more efficiently, a capability that threatens to render current encryption methods obsolete.

The PQCA aims to be the central foundation for organizations and open-source projects seeking production-ready libraries and packages to support their alignment with the U.S. National Security Agency’s Cybersecurity Advisory concerning the Commercial National Security Algorithm Suite 2.0. The PQCA will strive to enable cryptographic agility across the ecosystem for the timelines described therein.

The alliance will engage in various technical projects to support its objectives, including developing software for evaluating, prototyping and deploying new post-quantum algorithms. In doing so, the Linux Foundation seeks to facilitate the practical adoption of post-quantum cryptography across different industries.

The work of the PQCA builds on the foundation laid by many of the founding members over the last decade, preparing for the transition to post-quantum cryptography. Members of the PQCA have played major roles in the standardization of post-quantum cryptography to date, including as co-authors of the first four algorithms selected in the NIST Post-Quantum Cryptography Standardization Project: CRYSTALS-Kyber, CRYSTALS-Dilithium, Falcon and SPHINCS+.

One of the launch projects for the PQCA is the Open Quantum Safe project. Founded at the University of Waterloo in 2014 and said to be one of the world’s leading open-source software projects devoted to post-quantum cryptography. The PQCA will also host the new PQ Code Package Project, which will build high-assurance production-ready software implementations of forthcoming post-quantum cryptography standards, starting with the ML-KEM algorithm.

“Post-quantum cryptography is an emerging area of cryptographic security that AWS has already started to invest in by contributing to post-quantum key agreement and post-quantum signature schemes,” Matthew Campagna, senior principal engineer for cryptography and privacy at AWS, said ahead of the announcement.

Jon Felten, senior director of the Trustworthy Technologies, Security & Trust Organization at Cisco, adding that “the necessary conversion to post-quantum cryptography represents one of the largest and most complex technology migrations in the digital era.”

Image: Linux Foundation