Skip to main content

Post-Quantum Cryptography

Content complexity
Advanced
This rating relates to the complexity of the advice and information provided on the page.

Introduction

A cryptographically relevant quantum computer (CRQC) will render most contemporary public key cryptography (PKC) insecure, thus making ubiquitous secure communications based on current PKC technology infeasible.

The Australian Signals Directorate (ASD) is aware of the risks presented by the creation of a CRQC and encourages organisations to consider anticipating future requirements and dependencies of vulnerable systems during the transition to PQC standards.

Background

Post-quantum cryptography is a field of cryptography dedicated to the creation and analysis of cryptographic algorithms that derive their security from mathematical problems considered difficult for both classical and quantum computers. PQC offers a low-cost, practical path to maintain the properties of secure communications systems in the presence of a CRQC.

ASD has not currently selected preferred PQC algorithms.

Selection will be informed by the National Institute of Standards and Technology (NIST) process to develop and standardise PQC algorithms. Candidate algorithms are evaluated and scrutinised in successive rounds to ensure the new standards will meet the requirements to protect sensitive data. ASD will evaluate each PQC algorithm based on its merits. Organisations can choose to pilot and prototype with candidate algorithms in test environments, ahead of use in production systems.

Additional information

ASD continues to monitor PQC standardisation efforts. In addition, ASD will evaluate the parameters for PQC standardisation and include the results of updates to ASD-Approved Cryptographic Algorithms in the Information Security Manual.

ASD encourages research, testing and practical trials of these algorithms and signatures while NIST finalises the standardisation process. Research into the further development of PQC algorithms will be a practical and cost-effective step towards securing real-world communications systems in a post-quantum (computing) environment.

ASD assesses that currently approved cryptography provides the most effective communications security option at this time. ASD will provide updated advice and doctrine, including a roadmap outlining a transition to PQC, in due course.

Those organisations with particularly sensitive cryptographic systems are encouraged to pilot PQC algorithms in separate test environments and discuss their anticipated PQC needs with vendors or those involved in post-quantum cryptographic research.

More broadly – including outside of cryptographic applications – Australian industry is encouraged to continue research and development of quantum technologies. This should include practical vulnerability research to better understand the risks associated with employing quantum technologies.

Further information

The Information Security Manual is a cyber-security framework that organisations can apply to protect their systems and data from cyber threats. The advice in the Strategies to Mitigate Cyber Security Incidents, along with its Essential Eight, complements this framework.

There are further details on the third round of the NIST PQC standardisation process, including a detailed status report.

Contact details

If you have any questions regarding this guidance you can write to us or call us on 1300 CYBER1 (<1300 292 371).

Was this information helpful?
Was this information helpful?

Thanks for your feedback!

 
Optional

Tell us why this information was helpful and we’ll work on making more pages like it