The new report published by the European Union Agency for Cybersecurity (ENISA) explores the necessity to design new cryptographic protocols and integrate post-quantum systems into existing protocols.
Can we integrate post-quantum algorithms to existing protocols? Can new protocols be designed around post-quantum systems? What's the role of double encryption and double signatures? What changes will new post-quantum algorithms impose to existing protocols? These are some of the questions the report published today intends to answer.
The transition to post-quantum cryptography (PQC) does not end with the selection and standardisation of post-quantum algorithms. Integration with existing systems and protocols is also required. The report focuses on the necessity to resort to future-proofing and for the acquisition of knowledge not limited to external standards.
The report expands on the initial aspects of those post-quantum cryptography challenges addressed in the study published last year by ENISA: Post-Quantum Cryptography: Current state and quantum mitigation.
Why do we need to anticipate the rise of quantum technology?
Scientists commonly agree that quantum computers will be able to break widely used public-key cryptographic schemes, when they come into being. Because, in reality, systems using this new technology do not widely exist yet.
The transition to new quantum resistant cryptographic algorithms is expected to take years due to the complex processes and financial costs. This is why we still need to anticipate this and be prepared to deal with all possible consequences.
The report answers the difficult questions raised by post-quantum cryptography in order to make sure we will avoid jeopardising today's public key cryptosystems, e-commerce, digital signatures, electronic identities, etc. This will be critical, even if rolling out new cryptographic systems might prove impossible for a number of systems with restricted accessibility such as satellites.
If quantum technology is sought after, it is because it can provide efficient solutions to the technical challenges we face today. Unfortunately though, this new technology also comes along with novel threats to the security of our equipment and systems because quantum computing will make most currently used cryptographic solutions insecure and will end up changing the existing threat models radically. We will therefore need to quickly adapt before this happens to avoid threats that might compromise our infrastructures.
So what can we do today?
The report includes a number of technical recommendations such as:
- Developing guidelines for major use cases to assess the different trade-offs and systems best matching application scenarios;
- New protocols or major changes in existing protocols should be PQC aware, taking into account the integration needs of PQC systems;
- The use of a hybrid systems which could translate into a post-quantum cryptography added as an extra layer to pre-quantum cryptography.
Background
ENISA's Work Programme foresees activities to support Knowledge Building in Cryptographic algorithms. The Agency engages with expert groups to address emerging challenges and promote good practices with the cooperation of the European Commission, Member States and other EU bodies.
Because quantum computing cryptanalytics capabilities are likely to give rise to new emerging risks, there is a need to transition to quantum safe encryption as a counter measure. The work of ENISA in the area is meant to support the EU in advancing its strategic digital autonomy.
Further information
ENISA report – Post-Quantum Cryptography: Integration Study
ENISA report (2021) - Post-Quantum Cryptography: Current state and quantum mitigation
ENISA report (2021) - Crypto Assets: Introduction to Digital Currencies and Distributed Ledger Technologies
EU Cybersecurity Strategy for the Digital Decade
Contact
For press questions and interviews, please contact press (at) enisa.europa.eu