The development of cryptographically relevant quantum computers (CRQCs) poses a significant threat to current public-key cryptography systems.
In fact, based on a 2023 Quantum Timeline report from the Global Risk Institute, there’s more than a 50% chance that a CRQC will emerge within the next 10 years, highlighting the urgency, and pushing industry, regulatory bodies, and even international governments to action.
Recently, the cybersecurity agencies of 18 member states of the European Union published a joint statement – Securing Tomorrow Today: Transitioning to Post-Quantum Cryptography – reinforcing this urgency, and advocating a proactive approach to mitigation of the threat.
The statement emphasizes the need to start preparing for the quantum threat immediately, particularly focusing on the concerns of the ‘store-now, decrypt later’ attack scenario, and the lengthy migration periods expected for complex systems. In addition, there’s a significant point to make around hybrid solutions – combining the power of PQC with traditional cryptography. The statement aligns with the views of European cybersecurity agencies, recommending the use of hybrid for enhanced security during the transition phase.
The key point is that preparing for the quantum threat ‘should be considered an ‘integral aspect of cyber security risk management’, and the EU statement emphasizes once again, that the transition needs to be a top priority for the following:
- Public administration
- Critical infrastructure
- IT providers
- Industry leaders
There’s little doubt that the European Union holds enormous influence on the world stage. With a GDP of $16t and its position as the world’s largest trading bloc, the EU has a powerful voice. That’s why this statement matters, and it’s encouraging to see a proactive and collaborative approach.
The statement also sets out a number of recommended actions for migration including:
- Performing a quantum threat analysis
- Developing a risk-oriented roadmap for transition, considering data sensitivity and system lifecycles
- Planning the migration process, including prioritization, budget allocation and business process adjustments
- Continuing with PQC research
- Supporting standardization efforts
In summary, the joint statement presents a unified message from the EU cybersecurity agencies on the critical need to prioritize the transition to post-quantum cryptography, to protect against attacks as soon as possible, at the latest by 2030.
For PQShield, this serves as yet another milestone point in the story of migration to quantum resilience. With the threat of ‘store now, decrypt later’ attacks, action is required, and it’s great to see the EU pushing for a collaborative approach for a successful and timely transition.