To prepare organizations for Q-Day, the day when quantum computers are able to break certain commonly used cryptography, the General Intelligence and Security Service (AIVD), Centrum Wiskunde & Informatica (CWI) and TNO are publishing an updated handbook on quantum secure cryptography. This expanded second edition contains, among other things, the latest developments and advice for moving to a quantum-secure environment, including more concrete advice for finding cryptographic components, assessing quantum risks and establishing cryptographic agility. It was presented to State Secretary for Digital Affairs and Kingdom Relations Zsolt Szabó during the Symposium "Post-Quantum Cryptography" in The Hague.
Cryptography is used to protect data that should not be readable by others. Yet not every form of cryptography is safe from attacks by quantum computers. The AIVD has been warning since 2014 that Q-Day could take place in 2030. Malicious actors, such as hostile state actors, could then largely bypass certain contemporary cryptography. These include RSA security and ECC (elliptic curve cryptography), which are used for encryption and digital signatures. But the risks to today's cryptography begin today. Secure data can be intercepted now and then decrypted with a quantum computer from Q-Day.
In addition, switching to new cryptography sometimes takes up to a decade or more. Hence, organizations that work with important encrypted information - such as state or corporate secrets - should be working now to move to a quantum-secure environment. This handbook helps organizations identify risks and provides concrete steps to work on a migration strategy, drawing on knowledge gained since the first printing.
Furthermore, it shares practical experiences regarding the migration and includes the new advice tool PQChoiceAssistant that helps companies with their choice of PQC method.
The AIVD is always looking ahead to technologies that could become important to the Netherlands. Among other things, the AIVD is investigating (the secure use) of post quantum crypography.
