On November 12, 2024, the National Institute of Standards and Technology (NIST) published the initial public draft of NIST Internal Report (IR) 8547, titled “Transition to Post-Quantum Cryptography Standards.” The report outlined NIST’s expected approach to phasing out quantum-vulnerable cryptographic algorithms and migrating to post-quantum standards, with a public comment period open through January 10, 2025.
According to the draft report, quantum-vulnerable algorithms providing 112-bit security strength would be deprecated after 2030, while all quantum-vulnerable public-key algorithms would be disallowed in NIST standards after 2035 regardless of key length. IR 8547 identified existing quantum-vulnerable cryptographic standards and mapped them to their quantum-resistant replacements.
NIST stated that the report was intended to inform the efforts and timelines of federal agencies, industry, and standards organizations for migrating information technology products, services, and infrastructure to post-quantum cryptography. The timeline aligned with National Security Memorandum 10’s goal of completing the migration of federal systems by 2035. Systems with long-term confidentiality needs, such as VPN and TLS implementations, were identified as early migration priorities.