The rise of quantum computing has led to a review of cryptographic algorithms. While similar reviews have occurred in the past, this transition is notably more complex, affecting a wide range of cryptographic primitives. Unlike previous changes, where simply increasing the key length—such as with RSA or AES—was often sufficient, the current shift requires the implementation of entirely new algorithms rather than just modifying existing ones. The previous approach of lengthening keys is no longer adequate for ensuring security in a post-quantum era.

Complete replacement of an algorithm is required when no amount of key expansion can enhance security or when expanding the key length is technically unfeasible. Notable examples include the replacement of the symmetric algorithm DES with 3DES and the deprecation of hash functions like MD2 and SHA-1. Interestingly, despite being considered insecure for over 20 years, these outdated algorithms are still in use in legacy systems.

Various agencies issue guidelines that specify which cryptographic algorithms and configurations are considered safe to use. The most recent guidance from NIST can be found in SP 800-131A Rev. 3 (https://csrc.nist.gov/pubs/sp/800/131/a/r3/ipd), and similar documents are published by agencies around the world. In the past, these guidelines were relatively static, but the development of quantum computing has introduced a new dynamic, making frequent updates necessary—something the industry is not accustomed to.

NIST itself acknowledges that, as quantum computing continues to evolve, revisions may become increasingly frequent. The organisation has stated, "When NIST foresees the need for a transition of symmetric key algorithms, hash functions, key-establishment methods, or digital signature schemes to protect against threats from quantum computers, NIST and the CMVP will issue guidance regarding such transitions."

The statement serves as guidance from the agency, encouraging the adoption of cryptographic agility principles. As cryptographic protocols continue to evolve, organisations can no longer afford to treat cryptography as a static benefit that simply works in the background. This shift necessitates a reconsideration of how cryptography is integrated into operational processes.

It is also essential to recognise that individual countries provide specific guidelines on approved cryptographic algorithms, and multinational organisations often have their own internal standards. Therefore, it is necessary to consult both country-specific and company-specific guidelines when navigating cryptographic transitions.