Guest: Jeremy Allison
Company: CIQ
Show: Secure By Design
Topic: Cybersecurity

Your encrypted data is being stolen right now. Not to decrypt today, but to store it until quantum computers become powerful enough to crack it. This is the reality of “Harvest Now, Decrypt Later” attacks, and if your organization handles sensitive information with a shelf life beyond five to ten years, you’re already vulnerable.

Jeremy Allison, Distinguished Engineer at CIQ and Co-Creator of the widely-used Samba project, recently sat down to discuss post-quantum cryptography and why the industry needs to act now, not later. CIQ has achieved a significant milestone in this space: their NSS module for Rocky Linux became the first to receive Cryptographic Algorithm Validation Program (CAVP) certification from NIST for post-quantum cryptography algorithms, and Rocky Linux is advancing toward full FIPS 140-3 validation for PQC.

The threat is real and ongoing. “I’m sure that’s happening right now,” Allison says about harvest-now-decrypt-later attacks. “Governments and bad actors are collecting as much encrypted data over TLS as they can possibly get their hands on and storing it away in the hope that when quantum computers arrive, they can just decrypt this and read it as though people were conducting plain text conversations over the internet.”

Storage is cheap. Adversaries can afford to warehouse encrypted communications, financial transactions, medical records, and classified information indefinitely. When quantum computers mature—potentially sooner than many expect—all that harvested data becomes readable plain text.

Post-quantum cryptography addresses this threat by implementing algorithms that resist quantum computer attacks. The National Institute of Standards and Technology has standardized two critical algorithms: ML-KEM for key exchange and ML-DSA for digital signatures. These protect the TLS protocol that secures virtually all web traffic, cloud computing, and online transactions.

“The goal is to protect the key exchange,” Allison explains. “The bulk data encryption is mostly considered safe from quantum computers, but if you can get the keys that are exchanged when you first make that connection, then it doesn’t matter how good your encryption is after that. You know how to decrypt it.”

The transition to post-quantum cryptography isn’t straightforward. Many open source cryptographic libraries have feature-complete PQC implementations, but FIPS certification requires far more than working code. Allison describes the unglamorous but essential work: “You have to zero things out. When the library is first loaded, you have to prove you ran this algorithm through a certain test vector and it created the correct output. All of that code—this is the unglamorous part of making these algorithms. This is the FIPS certification part.”

CIQ had to add extensive security hardening to the existing open source code, including zeroing out intermediate memory copies left by automated Rust-to-C conversion, implementing known answer tests, and adding pairwise consistency tests for key generation. The company has published all this work openly, enabling other organizations to benefit from their certification efforts.

The certification process itself is expensive and time-consuming. “You have to work with them on feedback. You have to propose patches. They have to agree with them. All the algorithms have to be tested,” Allison says. “It’s a detailed process because the labs are putting their reputation on the line. They’re saying we guarantee that if you use this code, you are using correct algorithms, correctly implemented and tested.”

CIQ is tracking PQC implementation across five different FIPS cryptographic modules because the ecosystem is fragmented. Different projects use different implementations—NSS, OpenSSL, GnuTLS, and others—and securing the entire stack requires certifying each one. NSS was first; OpenSSL validation is starting later this year.

Who needs to care about this transition? Everyone, eventually. Defense, finance, and healthcare organizations face the most immediate compliance pressure and regulatory scrutiny, but Allison emphasizes that security is only as strong as the weakest link. “My big fear is the Internet of Things devices where you have these $20 devices that use TLS. They’re never going to get fixed. No one’s ever going to upgrade the code on those, so they have to get replaced.”

The NSA’s Commercial National Security Algorithm Suite 2.0 sets transition milestones starting in 2027 with full migration by 2035. That sounds like a long runway, but Allison urges organizations to start now. “You need to start turning off older algorithms. You have to start looking at the applications that your business depends on and the libraries that they depend on, and you have to conduct an audit of what algorithms these libraries are using and whether those algorithms are going to be FIPS compliant and also post-quantum secure.”

The audit is critical because modern software stacks are built on layers of open source dependencies. “Everybody uses open source code,” Allison notes. “Even Microsoft uses open source code. You need to know what it is that you have in your organization, what algorithms are being used, and create a migration plan to move to a more modern, more secure future.”

CIQ expects full FIPS 140-3 validation for NSS in the second quarter of 2027. The company has made all their work publicly available, enabling other vendors and organizations to accelerate their own transitions. “We stand on the shoulders of giants. We’ve taken open source code, worked with it, passed it through the certification,” Allison says. “Other people can do the same. Hopefully other people will take the code that we’ve published and do the same for them.”

For organizations running infrastructure that needs to remain secure five or ten years from now, the message is clear: start your post-quantum migration today. The data being harvested now won’t wait for your compliance timeline.