The alliance seeks to address the security challenges posed by quantum computing through the development and adoption of post-quantum cryptography
SAN FRANCISCO – FEBRUARY 6, 2024 – The Linux Foundation is excited to announce the launch of the Post-Quantum Cryptography Alliance (PQCA), an open and collaborative initiative to drive the advancement and adoption of post-quantum cryptography. The PQCA brings together industry leaders, researchers and developers to address cryptographic security challenges posed by quantum computing, through the production of high-assurance software implementations of standardized algorithms, while supporting the continued development and standardization of new post-quantum algorithms.
The PQCA aims to be the central foundation for organizations and open source projects seeking production-ready libraries, and packages, to support their alignment with U.S. National Security Agency’s Cybersecurity Advisory concerning the Commercial National Security Algorithm Suite 2.0. The PQCA will strive to enable cryptographic agility across the ecosystem for the timelines described therein.
With the rapid advancements in quantum computing, the need for robust cryptographic solutions that can withstand attacks from future cryptographically-relevant quantum computers has become paramount. With support from founding members Amazon Web Services (AWS), Cisco, Google, IBM, IntellectEU, Keyfactor, Kudelski IoT, NVIDIA, QuSecure, SandboxAQ, and the University of Waterloo, the PQCA will support the advancement of securing sensitive data and communications in the post-quantum era.
The PQCA will engage in various technical projects to support its objectives, including the development of software for evaluating, prototyping, and deploying new post-quantum algorithms. By providing these software implementations, the foundation seeks to facilitate the practical adoption of post-quantum cryptography across different industries.
The work of the PQCA builds on the foundation laid by many of the founding members over the last decade preparing for the transition to post-quantum cryptography. Several members of the PQCA have played major roles in the standardization of post-quantum cryptography to date, including as co-authors of the first four algorithms selected in the NIST Post-Quantum Cryptography Standardization Project (CRYSTALS-Kyber and CRYSTALS-Dilithium, Falcon, and SPHINCS+).
One of the launch projects of the PQCA is the Open Quantum Safe project, which was founded at the University of Waterloo in 2014 and is one of the world’s leading open-source software projects devoted to post-quantum cryptography. The PQCA will also host the new PQ Code Package Project, which will build high-assurance production-ready software implementations of forthcoming post-quantum cryptography standards, starting with the ML-KEM algorithm.
The PQCA welcomes organizations and individuals to get involved and participate. To participate in the Alliance, collaborate with the technical community, and learn more about its mission and initiatives, please visit the PQCA website or GitHub.
“At AWS, helping to maintain the confidentiality, integrity, and authenticity of our customers’ data is a top priority, which is why we are deeply invested in advancing the state of the art in security,” said Matthew Campagna, Senior Principal Engineer, Cryptography and Privacy at AWS. “Post-quantum cryptography is an emerging area of cryptographic security that AWS has already started to invest in by contributing to post-quantum key agreement and post-quantum signature schemes. By joining the PQCA, we will be able to better promote the development of the open standards and software that will be essential to help advance the state of the industry and keep customer data secure.”
“Quantum computing offers the potential to solve previously unapproachable problems while simultaneously threatening many digital protections we take for granted,” said Jon Felten, Senior Director, Trustworthy Technologies, Security & Trust Organization, Cisco Systems. ”Cryptography is foundational for securing data, users, devices, and services. The necessary conversion to post-quantum cryptography represents one of the largest and most complex technology migrations in the digital era and that is why Cisco is proud to partner with the Linux Foundation and other members of the PQCA to advance quantum safe cryptography.”
“At Google, our work on PQC focuses on four areas: 1) driving industry contributions to standards bodies; 2) moving the ecosystem beyond theory and into practice (primarily through testing PQC algorithms); 3) taking action to ensure that Google is PQC ready; and 4) helping customers manage the transition to PQC,” said Phil Venables, CISO, Google Cloud. “With this deeply technical and nuanced technology, it is ever more important that leaders in the space come together to help the broader technology ecosystem adopt it. Through joining the PQCA, Google continues our longstanding commitment to helping organizations become crypto-agile as we prepare for the post-quantum transition.”
“IBM has already played a key role in driving the development and adoption of post-quantum cryptography, and with quantum technology advancing rapidly, industry collaboration will be key to addressing current and potential future threats from cryptographically relevant quantum computers,” said Ray Harishankar, IBM Fellow and Lead for IBM Quantum Safe Technology. ”Consistent with our support of the Linux Foundation, we are proud to be among the founding members of the Post-Quantum Cryptography Alliance to facilitate the development and adoption of quantum-safe cryptography.”
“As a historical founding member of the Linux Foundation’s Hyperledger initiative, we are now equally delighted to become a founding member of the PQCA,” said Dirk Avau, Founder and CEO of IntellectEU. “This step positions us better to serve financial organizations and help them understand and mitigate the impact of quantum computing on current-generation blockchain protocols. We look forward to contributing to technological progress in the field of post-quantum information security.”
“The transition to Quantum-Resistant standards, algorithms, and protocols will undoubtedly be a challenging one,” said Ted Shorter, CTO of Keyfactor. “At Keyfactor, we’re working hard to prepare our customers for this migration, with our stewardship over cryptographic libraries, PKI software, certificate discovery and lifecycle automation, and signing solutions. But this task will require careful coordination from everyone in this space, and we are excited to partner with the PQCA to cooperate in this effort.”
“As advocates for robust cybersecurity solutions, we are thrilled to see the formation of the Post-Quantum Cryptography Alliance,” said Karine Villegas, Senior Principal Security Architect, Kudelski IoT. “This initiative marks a significant step in protecting our digital infrastructure against the emerging threats posed by quantum computing. At Kudelski IoT, we understand the critical importance of developing, implementing advanced cryptographic technologies and anticipating threats. Our support for the PQCA underscores our commitment to ensuring the highest standards of security in the post-quantum era. We look forward to collaborating with the Alliance and contributing our expertise to develop resilient cryptographic solutions that can safeguard sensitive data, communications and digital life against the most advanced cyber threats.”
“The mission of the Post-Quantum Cryptography Alliance is to develop and promote open source software solutions that address the security challenges posed by quantum computing,” said Jim Zemlin, Executive Director of the Linux Foundation. “By establishing an open and collaborative environment for innovation, the PQCA will help accelerate the development and adoption of post-quantum cryptography in open source and beyond.”
“The AI revolution has led to an explosion of sensitive data generation, and ensuring the security of data is of the utmost importance”, said Timothy Costa, Director of Quantum and HPC at NVIDIA. “NVIDIA joins as a founding member of the PQCA to empower the global community in addressing the transition to quantum-safe cryptography.”
“QuSecure is dedicated to securing networks and data in a dynamic ecosystem of new algorithms, implementations, attacks, and standards. We are proud to be working with the Linux Foundation to bring clarity and cryptographic agility across the ecosystem,” said Rebecca Krauthamer, Chief Product Officer at QuSecure. “We are using the advent of quantum computing to act as a catalyst to fix the foundation of data security infrastructure. For us, being a founding member of the PQCA means collaboratively engineering a more secure post-quantum future for all.”
“The PQCA closely aligns with SandboxAQ’s ongoing efforts to create awareness of and support the global transition to PQC, including delivering modern cryptographic management solutions and open source tools to organizations across critical industries and the public sector,” said Marc Manzano, General Manager, Quantum Security Group at SandboxAQ. “Our close collaboration with standardization bodies like ETSI, ISO, NIST and IETF, combined with our foundational investment in contributing to the community advancements on PQC, will help the PQCA achieve its mission to promote open cryptography software, and eventually help organizations prepare for cybersecurity threats now and in the coming quantum era.”
“We are proud that the Open Quantum Safe project is continuing with the launch of the Post-Quantum Cryptography Alliance,” said Norbert Lütkenhaus, Executive Director, Institute for Quantum Computing (IQC) at the University of Waterloo. “Indeed, the important work of Michele Mosca and Douglas Stebila since starting the open-source project a decade ago will greatly impact post-quantum technologies and the security of data for industry and customers.”
“The post-quantum transition is an imminent challenge that the global IT industry must be prepared to confront,” said Douglas Stebila, Associate Professor of Cryptography at the University of Waterloo and Co-Founder of the Open Quantum Safe (OQS) project. “The Open Quantum Safe project has built a platform to support ongoing scientific research in post-quantum cryptography by bringing together academic, industry, and individual contributors. We’re excited to see the OQS project find a permanent home in the Post-Quantum Cryptography Alliance as we continue our mission of open collaboration and scientific inquiry to help future-proof the global IT infrastructure together.”
About the Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenSSF OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.
The Linux Foundation