AIVD, CWI, and TNO publish renewed handbook for quantum-safe cryptography

Thema:
Information and sensor systems
Quantum-safe technology
3 December 2024

To prepare organizations for Q-Day, the day when quantum computers will be able to break certain widely used cryptography, the General Intelligence and Security Service (AIVD), Centrum Wiskunde & Informatica (CWI), and TNO are publishing a renewed handbook for quantum-safe cryptography.

This extended second edition (pdf) contains the latest developments and advice for transitioning to a quantum-safe environment, including more concrete advice on finding cryptographic assets, assessing quantum risks, and setting up cryptographic agility. It was presented to the State Secretary for Digital Affairs and Kingdom Relations, Zsolt Szabó, during the 'Post-Quantum Cryptography' Symposium in The Hague.

Cryptography is used to protect data that should not be accessible by others. However, not every form of cryptography is safe against attacks by quantum computers. This Q-Day could occur within the next five to fifteen years, according to some experts. Malicious actors, such as hostile state actors, could then largely bypass certain contemporary cryptography.

However, the risks to certain currently used cryptography begin today. This includes RSA security and ECC (elliptic curve cryptography), which are used for encryption and digital signatures. Secured data can be intercepted today and then deciphered with a quantum computer from Q-Day onwards. Additionally, transitioning to new cryptography might take ten years or longer.

Therefore, organizations that work with important encrypted information—such as state or corporate secrets—must already be working on transitioning to a quantum-safe environment. This handbook helps organizations identify risks and provides concrete steps to work on a migration strategy.

pqc-handbook-presentation
PQC handbook presentation

Second Edition

Since the publication of the first edition, more knowledge has been gained in the field of post-quantum cryptography (PQC). PQC is a collection of encryption methods that, unlike certain current methods, should be safe against attacks with quantum computers. This revised and extended second edition includes the latest developments and advice in the field of PQC.

Additionally, several essential actions for companies and organizations in the PQC migration have been examined in more detail. Furthermore, more concrete advice is included for inventorying cryptographic components in software used by organizations, assessing quantum risks, and cryptographic agility. It also provides a list of steps that are useful for any organization, regardless of the quantum threat ("no-regret moves"), and a detailed overview of PQC methods and international legislation. Practical experiences around the migration are also shared, and it includes the new advisory tool PQChoiceAssistant, which helps companies choose a PQC method.

European Cooperation

Since 2021, the CWI Cryptology research group and TNO have been organizing a series of symposia on post-quantum cryptography with the theme 'Act now, not later.' The aim is to bring government, business, and science together. The event on December 3 in The Hague, the 7th edition in this series, focused on internationalization and was organized with the help of the Ministry of the Interior. One of the main topics was the development of the European Roadmap to make the European digital infrastructure quantum-safe. This roadmap should lead to a coordinated transition, with attention to interoperability, standards, and knowledge sharing within Europe. The Netherlands plays a leading role in this, together with Germany and France. These three countries jointly coordinate the EU working group.

Get inspired

1 resultaat

Cyber security through post quantum crypto

Informatietype:
Article
The quantum computer offers both opportunities and risks. At TNO, we help companies secure quantum-safe crypto networks and solve legacy problems.