The National Cyber and Information Security Agency (NÚKIB) of the Czech Republic has joined the joint statement "Securing Tomorrow, Today: Transitioning to Post-Quantum Cryptography". Although the document is not legally binding, it expresses the common position of 18 European Union (EU) member states towards the transition to post-quantum cryptography (PQC).
The joint statement points out the danger of the quantum threat and urges entities from the public sector, critical infrastructure, IT providers as well as the private sector to make the transition to PQC their priority. NÚKIB agrees with the document's conclusions and supports the preparatory steps outlined in the document. These include, inter alia, performing an analysis to assess the quantum threat impact and preparing a risk-oriented implementation roadmap for the transition to PQC. General support for PQC research and standardisation in this area is also mentioned.
The joint statement emphasizes the quantum threat in the context of the "store now, decrypt later" scenario. This approach is used by attackers to collect encrypted data that they can decrypt in the future once there are cryptographically relevant quantum computers available. To ensure confidentiality protection, especially for the most sensitive use cases, it is recommended to migrate to PQC as soon as possible, ideally by 2030 at the latest. In addition, the document also highlights the risk stemming from the time required to move to PQC, especially for more complex systems. An example of such a system is the Public Key Infrastructure (PKI), which is used to distribute and manage public keys and digital certificates. If these systems do not make the transition to PQC in time, both the confidentiality and, above all, the authenticity of the data contained in them will be compromised. However, due to their complexity, the transition to PQC will take time – which is why it is recommended to start as soon as possible.
Finally, the joint statement mentions the establishment of a Workstream within the NIS Cooperation Group with a task to prepare an implementation roadmap for the transition to PQC following the recommendations of the European Commission. Together with France, Germany, the Netherlands and other EU member states, the Czech Republic is also involved in this work.
As part of its activities, the NÚKIB has long sought to increase resilience to the threat posed by quantum computers to secure communications. Recently, the Agency expressed its support for the "Position paper on Quantum Key Distribution". Last year, the NÚKIB implemented quantum-resistant (post-quantum) cryptography to ensure secure communication between a web browser and the NÚKIB Portal web application. Before that, it also prepared supporting materials that explain the nature of the quantum threat and the steps to be taken in the coming years to prevent it.