Post-Quantum Cryptography Conference

The U.S. National Institute of Standards and Technology (NIST) has been actively engaged in the solicitation, evaluation, and standardization of quantum-resistant public-key cryptographic algorithms. This year, in August, marked a significant milestone as NIST released a request for comments on the first three draft Federal Information Processing Standards (FIPS) for Post-Quantum Cryptography, following their successful completion of the initial four evaluation rounds.

In this presentation, Mr. Bill Newhouse and Dr. Dustin Moody from NIST will provide a comprehensive update, offering insights into the status of standardization, and the development of practices to ease migration from quantum-vulnerable public-key cryptography to quantum-resistant public-key cryptography.

Furthermore, in his Wednesday presentation, Dr. Dustin Moody will offer a more comprehensive examination of the standardization process for additional signature schemes. The first round of candidates was unveiled in July, and during his presentation, Dr. Moody will illuminate the various approaches taken and the feedback received since their initial announcement.

Considering the rapidly evolving landscape in the realm of quantum computing and its potential implications for cybersecurity, this talk delves into the governance and regulatory framework surrounding Post-Quantum Cryptography in the United States.

The backdrop for this discussion is the enactment of HR 7535, known as the “Quantum Computing Cybersecurity Preparedness Act,” on December 21, 2022, by President Joe Biden. Among its many facets, this legislation underscores the critical role of cryptography in ensuring the national security of the United States and the continued functionality of its economy.

Mr. Bill Newhouse, will provide valuable insights into how the United States is proactively preparing both its federal government and a spectrum of organizations, with a particular focus on those supporting critical infrastructure, for the era of Post-Quantum Cryptography. This presentation highlights the collaborative efforts of key entities, including the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the National Institute of Standards and Technology (NIST), in shaping the governance and regulatory landscape that will govern Post-Quantum Cryptography within the nation.

The speaker(s) for this session will be announced soon!

* This is a 40 minute session

As quantum computing revolutionizes the cybersecurity landscape, this session delves into the European perspective on governance and regulation in the era of Post-Quantum Cryptography.

In this presentation, we will discuss the EU approach to safeguarding critical digital infrastructure, data, and communications through the adoption of post-quantum cryptography as the default cryptographic standard. The session will offer insights into collaborative efforts across European nations and outline the roadmap for navigating the quantum future.

In the point of view of the Federal Office for Information Security in Germany (BSI), the question of “if” or “when” there will be quantum computers is no longer paramount. First post-quantum algorithms have been selected by NIST for standardisation and post-quantum cryptography will be used by default. Therefore, the migration to post-quantum cryptography should be pushed forward.

In this presentation, the BSI will expound upon its post-quantum cryptography policy and roadmap. We will emphasize the significance of the migration to post-quantum algorithms in safeguarding critical digital infrastructure, data, and communications. The presentation will elucidate the BSI’s approach, outlining the trajectory of post-quantum cryptography adoption as the default cryptographic standard.

Stateful hash based signatures provide thorough security and a high level of maturity. However, their requirement of proper handling the state of the key raises concerns for certain use cases. In this talk we want to shade some light on the state handling challenge and how an ideal solution should look like to allow a smooth transition into the PQC era.

* This is a 40 minute session

In this presentation, we will delve into the Netherlands’ approach to Post-Quantum Cryptography (PQC) governance and regulation. Positioned at the forefront of quantum-resilient cryptography, the Netherlands has crafted a resource that extends beyond theoretical discussions, offering organizations concrete steps and invaluable advice.

The Netherlands’ commitment to fortifying global cybersecurity is exemplified by the PQC Migration Handbook. This indispensable resource equips organizations with pragmatic guidance on how to proactively mitigate the imminent threat posed by quantum computers to today’s cryptographic systems.

Join us to discover how the Netherlands is diligently preparing both government entities and organizations to seamlessly transition to quantum-resilient cryptographic solutions.

The speaker(s) for this session will be announced soon!

* This is a 40 minute session

An engaging Q&A session on the global Governance and Regulation of Post-Quantum Cryptography. In this panel discussion, esteemed speakers from previous sessions will come together to answer your burning questions and provide a comprehensive overview of how various nations are addressing the impending quantum threat.

Discover how nations are navigating the intricate balance between innovation and security, and gain valuable insights into the diverse regulatory approaches that have emerged. Whether you’re interested in the regulatory intricacies of a specific region or seeking a broader understanding of global efforts, this Q&A session promises to offer a wealth of knowledge and expert perspectives on the Governance and Regulation of Post-Quantum Cryptography worldwide. Don’t miss this opportunity to engage with our panelists and explore the evolving landscape of quantum cybersecurity governance.

The rapid development of quantum computing creates a new set of challenges for European cybersecurity. In recent years, the European Union has pursued an ambitious cybersecurity agenda but nevertheless, there are still questions about the current framework’s fitness to respond to these new challenges. Particularly worrisome is the advent of quantum attacks on encryption that risk rendering current cryptographic systems obsolete as they are in use. In July 2023, the European Policy Centre, with the support of Quantum Delta NL, published a discussion paper in which it analyses the criticality of preparing for quantum attacks on encryption by the creation of a new quantum cybersecurity agenda that improves technical and political coordination between EU member states and EU bodies and institutions for the transition to post-quantum cryptography and the future use of other quantum-safe technologies.

The European Policy Centre (EPC) is an independent, not-for-profit think tank dedicated to fostering European integration through analysis and debate, supporting and challenging decision-makers at all levels to make informed decisions based on evidence and analysis, and providing a platform for engaging partners, stakeholders and citizens in EU policy-making and in the debate about the future of Europe.

The whole industry is working on standardizing and implementing post-quantum cryptography, in order to mitigate the risk from future quantum computers. One question that is (and will probably remain) unanswered is “when are quantum computers going to be powerful enough to break cryptography?”. At the same time, there are regular press releases about new methods of breaking cryptography in the short term. These publications often cause panic and confusion which is counter-productive to the process of mitigating the quantum risk.

In this presentation we give a high-level description on how quantum algorithms work, and what still needs to happen before such algorithms can be implemented on real hardware. A simple model can be used to make sense of past and future announcements on the nearing moment of the cryptopocalypse (the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack public-key cryptography). We discuss some of the examples from the past year.

The NIST PQC standardization has emerged in three FIPS drafts for quantum-safe KEM and Signatures. While the guidance on which PQC standards to adopt is getting clearer, many institutions like ANSSI and BSI recommend hybrid, or multi-key mechanisms for the transition to quantum-safe cryptography, typically combing a classical with a quantum-safe scheme to benefit from the security of both. The question how to perform multi-key exchange and multi-signature schemes (MKE/MSS) lead to several proposals for the integration in protocols like TLS, IPsec and X.509 certificates.

An implementer of a cryptographic protocol can usually rely on a cryptographic library to implement the primitives and algorithms such as for key exchange and authentication. In the case of MKE/MSS this is usually not the case, and it becomes the implementers task to combine multiple schemes. We argue that it is preferable to have a common abstraction for multi-key schemes in the core cryptographic library that can be used by different protocol stacks. To address this challenge, we propose a common software interface, which is usable for various protocol stacks. We focus on MSS and go through scenarios show how to integrate the interface.

The GSMA Post Quantum Telco Network Task Force has been dedicated to exploring the implications of Post-Quantum Cryptography (PQC) within the telecommunications space. Our mission extends beyond theoretical discussions, focusing on the tangible impacts on Network Operators and the broader telco supply chain.

The task force is a collaborative effort involving more than 50 companies representing operators, government and the wider Telco supply chain, including over 20 major network operators globally.

Earlier this year, we published a comprehensive Post Quantum Telco Network Impact Assessment Whitepaper. Building on this groundwork, we are now actively developing Quantum Risk Management guidelines tailored specifically to the telecommunications industry. Additionally, we are crafting best practice guidelines that delve into Telco use cases, with a particular emphasis on Public Key Infrastructure (PKI) implications.

In this presentation, we will provide insights into our findings and ongoing initiatives, shedding light on the practical steps being taken to ensure the resilience and security of Telco networks in the age of quantum computing. Our comprehensive approach ensures that the telecommunications industry is well-prepared to face the security challenges and opportunities presented by the quantum era.