Definition and purpose

The purpose of quantum-safe cryptography initiatives by ETSI is to prepare digital infrastructures for the eventuality of quantum computing. It is about creating and promoting cryptographic methods that cannot be easily compromised by quantum algorithms, ensuring the long-term protection of sensitive data and communication.

Governing Body

The European Telecommunications Standards Institute (ETSI) is the organization that leads these efforts, often through specific Industry Specification Groups (ISGs) or Task Forces dedicated to quantum-safe cryptography.

Last updated

ETSI continuously works on quantum-safe cryptography initiatives, and as such, updates can be frequent. Technical Report TR 103 619 was released in 2020.

Applies to

Quantum-safe cryptography is relevant to all industries that rely on encryption to protect sensitive data. This includes sectors like finance, healthcare, government, defense, and information technology, among others.

Controls and requirements

While a specific control list for an ETSI quantum-safe cryptography framework is not provided, typical elements would include:

• Quantum-Resistant Algorithms: Development and standardization of encryption algorithms that can withstand quantum computing attacks.
• Transition Strategies: Guidelines on how to transition from current cryptographic methods to quantum-safe alternatives.
• Implementation Guidelines: Best practices for the implementation of quantum-safe cryptography in various systems and software.
• Key Management: Ensuring the secure creation, distribution, storage, and destruction of cryptographic keys in a quantum-safe environment.

Please refer to the official ESTI Quantum Safe Cryptography page for details on requirements.

Audit type, frequency, and duration

Audits related to quantum-safe cryptography standards would likely focus on compliance with recommended algorithms and protocols, and the secure implementation of these within systems. Given the rapidly evolving nature of quantum computing and cryptography, audits might be frequent to ensure ongoing compliance and adaptability of systems.

The duration of an audit would depend on the complexity of the systems being audited and the extent to which quantum-safe practices have been implemented.