Report
To address the security challenges presented by emerging quantum technologies, many countries have created national Post-Quantum Cryptography (PQC) initiatives.
One example is the U.S. National Institute of Standards and Technology (NIST) announcement [54] in July 2022 announcing the first PQC algorithm standardisation candidates for the quantum computing era.
The telecom industry needs to mobilise to define guidelines and processes for the PQC adoption to secure networks, devices and systems, given that this affects the entire telecom supply chain and ecosystem: operators, network and IT vendors, integrators, regulators, standards and open source communities.
To date, significant work in the telecom industry has focused on Quantum Key Distribution (QKD) and Quantum Random number generation with limited concerted focus on PQC adoption.
Scope
Scope of this report is to analyse the dependencies and timelines for a responsible industry transition to Quantum-Safe technology.
This includes algorithms considered capable of resisting attacks by Cryptographically Relevant Quantum Computers (such as those selected by the NIST process) and how to introduce and maintain quantum resistance and/or crypto agility where applicable within the telco ecosystem. It considers a wide range of aspects such as PQC technology and standards, business processes, security, policy and regulation. The risk assessment will inform and guide a set of priority actions needed to mitigate the various risks and maintain defence capacity.
In this report “quantum computer” refers to a Cryptographically Relevant Quantum Computer.
Technologies out of scope of this document include quantum computing, quantum networking, Quantum-Safe mechanisms which rely on quantum properties such as QKD, quantum sensing, and quantum internet. While other architectures may be studied over time, this report focuses on 5G wireless architecture to provide a baseline