To prepare organizations for Q-Day, the day when quantum computers will be able to break certain widely used cryptography, the General Intelligence and Security Service (AIVD), Centrum Wiskunde & Informatica (CWI), and TNO are publishing a renewed handbook for quantum-safe cryptography. This extended second edition contains the latest developments and advice for transitioning to a quantum-safe environment, including more concrete advice on finding cryptographic assets, assessing quantum risks, and setting up cryptographic agility. It was presented on 3 December 2024 to the State Secretary for Digital Affairs and Kingdom Relations, Zsolt Szabó, during the 'Post-Quantum Cryptography' Symposium in The Hague.
AIVD, CWI, and TNO publish renewed handbook for quantum-safe cryptography
The General Intelligence and Security Service (AIVD), Centrum Wiskunde & Informatica (CWI), and TNO published a renewed handbook for quantum-safe cryptography.
Publication date
3 Dec 2024
Share this page
Q-Day
Cryptography is used to protect data that should not be accessible by others. However, not every form of cryptography is safe against attacks by quantum computers. This Q-Day could occur within the next five to fifteen years, according to some experts. Malicious actors, such as hostile state actors, could then largely bypass certain contemporary cryptography. However, the risks to certain currently used cryptography begin today. This includes RSA and ECC (elliptic curve cryptography), which are used for encryption and digital signatures. Secured data can be intercepted today and then deciphered with a quantum computer from Q-Day onwards.
Additionally, transitioning to new cryptography might take ten years or longer. Therefore, organizations that work with important encrypted information — such as state or corporate secrets — must already be working on transitioning to a quantum-safe environment. This handbook helps organizations identify risks and provides concrete steps to work on a migration strategy.
Second Edition and PQChoiceAssistant
Since the publication of the first edition, more knowledge has been gained in the field of post-quantum cryptography (PQC). PQC is a collection of encryption methods that, unlike certain current methods, should be safe against attacks with quantum computers. This revised and extended second edition includes the latest developments and advice in the field of PQC. Additionally, several essential actions for companies and organizations in the PQC migration have been examined in more detail. Furthermore, more concrete advice is included for inventorying cryptographic components in software used by organizations, assessing quantum risks, and cryptographic agility. It also provides a list of steps that are useful for any organization, regardless of the quantum threat ("no-regret moves"), and a detailed overview of PQC methods and international legislation. Practical experiences around the migration are also shared, and it includes the new advisory tool PQChoiceAssistant, which helps companies choose a PQC method.
European Cooperation
Since 2021, the CWI Cryptology research group and TNO have been organizing a series of symposia on post-quantum cryptography with the theme 'Act now, not later.' The aim is to bring government, business, and science together. The event on December 3 in The Hague, the 7th episode of this series, focused on internationalization and was organized with the help of the Ministry of the Interior and Kingdom Relations. One of the main topics was the development of the European Roadmap to make the European digital infrastructure quantum-safe. This roadmap should lead to a coordinated transition, with attention to interoperability, standards, and knowledge sharing within Europe. The Netherlands plays a leading role in this, together with Germany and France. These three countries jointly coordinate the EU working group.
This is a joint news release from AIVD, CWI and TNO.
