EU publishes recommendation on Post-Quantum Cryptography

The European Commission’s new recommendations on Post-Quantum Cryptography urges Member States to unite in adopting advanced security measures against the threat of quantum computing. Embracing software-based solutions, like Post-Quantum Cryptography, will fortify digital infrastructures for the future.

EU flags in front of European Commission

The European Commission has issued recommendations on Post-Quantum Cryptography, urging member states to embrace a unified strategy as the EU moves towards this advanced cryptographic system. With the looming threat of quantum computing jeopardizing current security measures, the recommendations stress the necessity of protecting digital infrastructures and services in the future digital realm.

Post-quantum cryptography presents a remedy by exploiting mathematical challenges that even quantum computers find daunting. As a software-based solution, it can be rapidly incorporated into existing infrastructures across different sectors. This coordinated approach aims to streamline Europe’s transition to a quantum-safe digital framework, ensuring coherence among member states and encouraging interoperability.

The recommendations are also based on the latest report published by ENISA. This study provides an overview of the current state of Post-Quantum Cryptography (PQC) standardization efforts, outlining the five main families of PQC algorithms. It discusses the NIST Round 3 finalists and alternative candidate schemes. As the NIST process continues, it suggests two immediate proposals for system owners to protect data confidentiality against quantum-capable attackers: hybrid implementations combining pre-quantum and post-quantum schemes, and incorporating pre-shared keys into all keys established via public-key cryptography.

Why does this matter?

The recommendations align with ongoing global endeavours to develop and standardize post-quantum cryptography algorithms, including initiatives sponsored by EU-funded projects and reports issued by cybersecurity agencies. It also mirrors dialogues within platforms like the EU-US Trade and Technology Council and Cyber Dialogue.