Skip to main content

Post-Quantum Cryptography

A cryptographically relevant quantum computer (CRQC) will render most contemporary public key cryptography (PKC) insecure, thus making ubiquitous secure communications based on current PKC technology infeasible. The Australian Signals Directorate (ASD) is aware of the risks presented by the creation of a CRQC and encourages organisations to consider anticipating future requirements and dependencies of vulnerable systems during the transition to PQC standards.

Alert status
LOW

The US National Institute of Standards and Technology (NIST) has announced the selection of PQC algorithms that address the risks arising from the creation of a CRQC and this will inform the ASD PQC algorithm selection process.

Background / What has happened?

Post-quantum cryptography is a field of cryptography dedicated to the creation and analysis of cryptographic algorithms that derive their security from mathematical problems considered difficult for both classical and quantum computers. PQC offers a low-cost, practical path to maintain the properties of secure communications systems in the presence of a CRQC.

ASD has not currently selected preferred PQC algorithms.

Selection will be informed by the NIST process to develop and standardise PQC algorithms. Candidate algorithms are evaluated and scrutinised in successive rounds to ensure the new standards will meet the requirements to protect sensitive data. ASD will evaluate each PQC algorithm based on its merits. Organisations can choose to pilot and prototype with candidate algorithms in test environments, ahead of use in production systems.

Mitigation / How do I stay secure?

ASD assesses that currently approved cryptography provides the most effective communications security option at this time. ASD will provide updated advice and doctrine, including a roadmap outlining a transition to PQC, in due course.

Those organisations with particularly sensitive cryptographic systems are encouraged to pilot PQC algorithms in separate test environments and discuss their anticipated PQC needs with vendors or those involved in post-quantum cryptographic research.

More broadly – including outside of cryptographic applications – Australian industry is encouraged to continue research and development of quantum technologies. This should include practical vulnerability research to better understand the risks associated with employing quantum technologies.

Assistance / Where can I go for help?

There are further details on the NIST PQC standardisation process, including a detailed status report.

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via cyber.gov.au/report, or 1300 CYBER1 (1300 292 371).

Was this information helpful?
Was this information helpful?

Thanks for your feedback!

 
Optional

Tell us why this information was helpful and we’ll work on making more pages like it