ETSI guidance for a quantum-safe world

ETSI guidance for a quantum-safe world

Business news |
By Nick Flaherty

European standards group ETSI has released a quantum-safe report on how to protect organisations from quantum computers that can crack existing encryption systems.

Post-quantum encryption technology is being standardised, but organisations need to be aware of the risks to existing cryptography as quantum computing becomes mainstream.

The Technical Report TR 103 619 defining migration strategies and recommendations for Quantum-Safe schemes, and enhancing cryptography awareness across all business sectors

ETSI has highlighted the threat of quantum computing to existing asymmetric cryptography. However, recognizing the threat is not sufficient, nor is knowing that a quantum-safe cryptographic algorithm exists to enable encrypted assets in a business to be protected. The entire business must now be ready to migrate to a new Fully Quantum-Safe Cryptographic State (FQSCS). In anticipation of this, the technical report defines a framework of actions that an organization should take to enable migration to a Fully Quantum-Safe Cryptographic State.

“What we lay out in the migration Report is getting the role of cryptography and the depth of its integration in a business better understood. We need to increase cryptography awareness so that people send out encrypted data keeping in mind that it may be commercially sensitive years later when attacks are possible. This helps counter harvesting attacks,” said Scott Cadzow, the Rapporteur of the Technical Report in the ETSI QSC group.

The quantum-safe migration framework is in three parts.

The first stage makes the simple point that migration cannot be planned without knowledge of the assets in the organization that will be impacted by a quantum computer. This stage outlines that compiling the inventory is a business process that will require a dedicated manager and a budget assigned to its development and maintenance, recognizing that this may be an extension of existing inventory management with a particular focus on cryptographic properties.

Stage two involves detailed planning, and is again treated as a business process. The broad assumption is that migration will be on a like-for-like basis, that an asymmetric cryptographically protected asset will be protected in the same manner after migration, and that symmetric cryptographically protected assets will likewise also be protected in the same manner after migration. However, it has been documented that during migration planning some assets may be substantially redesigned and perhaps even retired.

One aspect stressed in stage two is that both migration and initial deployment designs will achieve the same end point but migration differs only insofar as there is an existing working deployment to support business functions sensitive to disruption. The role of stage 2 is to ensure that the entire business is aware of the migration and that its importance is recognized.

The final stage is the turnkey element of the migration itself. The ETSI Report offers a series of checklists to address the management and planning of migration in some detail.

Technical Report TR 103 619

Related quantum-safe articles

Other articles on eeNews Europe


If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :    eeNews on Google News


Linked Articles