"Cryptocalypse": EU demands quantum-safe encryption – partly by 2030

With the support of the Commission, the EU Member States have drawn up a roadmap to drive forward the transition to quantum-safe encryption. The background to this is that powerful quantum computers could overcome common encryption methods in the blink of an eye ("cryptocalypse"). According to the agenda of the EU Cooperation Group on Network and Information Security (NIS), all member states should at least start switching to post-quantum cryptography (PQC) by the end of 2026. The experts also warn that PQK should be used in critical infrastructures (Kritis) such as the energy and telecommunications sectors "as soon as possible, but by the end of 2030 at the latest".

The NIS Group's timetable is a response to a Commission recommendation from 2024, which emphasizes that Europe must act now considering the rapid development of quantum computers. In particular, the experts warn of the growing risk of the attack strategy: "Store now – decrypt later" ("Store now – decrypt later"): Malicious actors could therefore collect conventionally encrypted data today to decrypt it later using quantum computers. The German Federal Office for Information Security (BSI) assumes – that, without unexpected technological breakthroughs, conventional encryption will last for another ten to 20 years. Europol expects it to last up to 15 years. The search for a replacement for currently used algorithms for public key cryptography is therefore in full swing to continue to secure e-mails, online banking, medical data, access to control systems and national security tasks.

PQK uses special encryption algorithms that are significantly more complex than standard program routines. The NIS Group describes this technology as an "important milestone in the defense against complex cyber threats". The EU countries should therefore take the first steps by carrying out risk analyses, setting up national awareness and communication programs and not forgetting the supply chains. Subsequent goals include supporting "cryptographic agility" and a "quantum-safe upgrade path", i.e. making algorithms interchangeable. The member states should also provide the necessary resources for migration, develop certification procedures and set up pilot projects.

Various hurdles in quantum key distribution

PQK considers the NIS group to be "the most promising solution". The electrical engineering and IT association VDE, on the other hand, is promoting alternative quantum key distribution (Quantum Key Distribution – QKD). This exchange involves using quantum effects to enable two remote parties to agree on a secret key via an insecure channel. Researchers from the Fraunhofer Institute for Systems and Innovation Research (ISI) have examined this technology in a study as part of the Quantum Communication Germany (SQuaD) project. According to the study, QKD offers the potential for long-term security in many areas, such as public administration, the financial and medical sectors, for Kritis and in industry. Despite "promising properties", however, "some challenges" still need to be overcome before a possible broad market launch.

According to the analysis, fibre-optic-based QKD is currently limited to distances of around 100 kilometers. Although this could be increased by using trusted nodes, this is likely to entail new security risks. In the future, quantum repeaters could play an important role here, promising longer ranges with the same security profile. Other hurdles include the insufficient stability and robustness of many QKD systems, vulnerabilities to external attacks that need to be closed, difficulties with integration into existing IT infrastructures and high costs. The lack of standards as well as certified and approved QKD systems is also hampering the spread. Considerable efforts are needed in politics, research and industry to overcome these obstacles.

(mack)