In a significant shift for cyber security, NIST has announced the deprecation of RSA, ECDSA, and EdDSA encryption algorithms by 2030, with a full disallowance by 2035. This transition, outlined in the NIST IR 8547 document (currently in draft), is driven by the growing quantum threat and sets a clear timeline for organizations to update their cryptographic systems.

While there may be no cryptographically relevant quantum computers yet that currently threaten levels of security, these long-standing public-key algorithms remain vulnerable to Shor’s Algorithm on such future quantum systems. On the other hand, NIST-approved symmetric primitives providing at least 128 bits of security are unaffected by this change.

NIST has posted a transition schedule for post-quantum cryptography (PQC), outlining key milestones to help organizations adopt quantum-resistant algorithms. Three PQC standards to strengthen modern public-key cryptography infrastructure for the quantum era include ML-KEM, ML-DSA, and SLH-DSA.

The proposed timeline is expected to significantly influence the industry, with global attention now also on the European Union’s position on PQC, as many await its stance before proceeding with full-scale implementations.

To learn more, read the full NIST IR 8547 draft here.