AIVD, CWI, and TNO publish renewed handbook for quantum-safe cryptography
To prepare organizations for Q-Day, the day when quantum computers will be able to break certain widely used cryptography, the General Intelligence and Security Service (AIVD), Centrum Wiskunde & Informatica (CWI), and TNO are publishing a renewed handbook for quantum-safe cryptography. This extended second edition contains the latest developments and advice for transitioning to a quantum-safe environment, including more concrete advice on finding cryptographic assets, assessing quantum risks, and setting up cryptographic agility. It was presented to the State Secretary for Digital Affairs and Kingdom Relations, Zsolt Szabó, during the 'Post-Quantum Cryptography' Symposium in The Hague.
Cryptography is used to protect data that should not be accessible by others. However, not every form of cryptography is safe against attacks by quantum computers. The AIVD has already warned since 2014 that Q-Day could occur in 2030. Malicious actors, such as hostile state actors, could then largely bypass certain contemporary cryptography. This includes RSA security and ECC (elliptic curve cryptography), which are used for encryption and digital signatures. Secured data can be intercepted today and then deciphered with a quantum computer from Q-Day onwards.
Additionally, transitioning to new cryptography might take ten years or longer. Therefore, organizations that work with important encrypted information—such as state or corporate secrets—must already be working on transitioning to a quantum-safe environment. This handbook helps organizations identify risks and provides concrete steps to work on a migration strategy, which uses the know-how that has been gained since the first edition.
Practical experiences around the migration are also shared, and it includes the new advisory tool PQChoiceAssistant, which helps companies choose a PQC method.
The AIVD always looks ahead at technologies that couild become important to the Netherlands. The AIVD amongs other things looks into (the safe use) of post quenatum cryptography.