Professional Documents
Culture Documents
EUROPE’S POLITICAL
ECONOMY PROGRAMME
17 JULY 2023
A quantum
cybersecurity
agenda for Europe
Governing the transition to
Andrea G. Rodríguez
post-quantum cryptography
Credit: CANVA
Table of contents
Executive summary 3
Introduction 4
Endnotes 9
ACKNOWLEDGEMENTS / DISCLAIMER
This Discussion Paper is the product of a workshop, interviews, and research conducted in the context of the EPC’s
‘Europe’s Quantum Frontier’ project. The project is structured as a task force bringing together actors across Europe’s
industry and policymaking community to work on EU policy questions and solutions for the development of a European
quantum ecosystem. Previous workstreams have focused on quantum value chains. The EPC’s work on this project is
supported by Quantum Delta NL as a founding partner of the EPC task force.
The support the European Policy Centre receives for its ongoing operations, or specifically for its publications, does not
constitute an endorsement of their contents, which reflect the views of the authors only. Supporters and partners cannot
be held responsible for any use that may be made of the information contained therein.
Executive summary
Cybersecurity plays an important role in Europe’s Some actors, such as the United States and some—but
economic security by allowing digital communications not all—EU member states, are taking action to counter
and services to take place safely and securely. However, these emerging threats using the tools available, such as
the rapid development of quantum computers creates planning the migration to post-quantum encryption of
a new set of challenges that compromise the level of sensitive information. Yet, a new EU Coordinated Action
security of everything happening online—of which Plan will be necessary to ensure a harmonised transition
quantum attacks on encryption are particularly to post-quantum encryption and bridge the gap between
worrisome. The advent of a cryptographically significant establishing a fully operational European quantum
quantum computer is only a matter of time, and it is information infrastructure network (EuroQCI) project
already changing the threat landscape with adversaries and the current needs of the European cybersecurity
downloading encrypted information to be decrypted landscape to respond to ‘harvest attacks’ and future
once the technology is available ‘harvest attacks’. quantum attacks on encryption.
3
Introduction
Cybersecurity is an integral part of Europe’s economic Nevertheless, the impact of quantum computing on
security, central to protecting and defending European Europe’s cybersecurity and data protection has been
interests, allowing the EU economy to operate at full mainly left out of the conversation despite sporadic
speed, and citizens to navigate online services safely mentions in some policy documents, such as the 2020
and securely. However, advances in quantum computing EU Cybersecurity Strategy or the 2022 Union Secure
put at risk Europe’s cybersecurity by rendering Connectivity Programme. Quantum computing, a field
obsolete current encryption systems and creating new developing rapidly, will disrupt online security by
cybersecurity challenges. For Europe to be serious about compromising cryptography—the algorithms that keep
its cybersecurity ambitions, it must develop a quantum information safe—or by facilitating cyberattacks such as
cybersecurity agenda. those on digital identities.
In recent years, the European Union has created a The EU can leverage its experience and successes in
resourceful cyber policy. The aim has been to level up cybersecurity, such as identifying key players and
cybersecurity with particular attention to essential relevant actors, and encourage its industrial base to
economic sectors, for example, by improving the address current strategic vulnerabilities in key quantum-
coordination between private and public actors. safe technologies, like quantum key distribution (QKD)
Furthermore, the EU has invested in identifying emerging and post-quantum cryptography (PQC).
threats that can negatively impact cyber resilience or
the ability to identify, protect, respond, and recover
from cyberattacks.
One of the most urgent directly impacts how Research suggests that by 2026, there is a 1 in 7 chance
information is secured, transmitted, and consumed that quantum computers will break the most used
online. Cryptography is the backbone of secure digital cryptographic systems, which will go as high as 50% by
communications. From web searches to sensitive 2031.1 However, research published2 in early 2023 by
intelligence, in the way that encryption goes, Chinese scholars suggests that it could happen even before.
mathematical algorithms codify information and
Table 1: Examples of most commonly used cryptographic systems and their resistance to quantum attacks.3
RSA-2048 Encryption & signature Broken Internet traffic, including the webpages of all
European Institutions, banks, energy, and transport
companies.
RSA-3072 Encryption & signature Broken VPNs, financial transactions, minimum security level
required for intelligence secrets, e-passports.
DH-3072 Key exchange Broken Internet protocols such as SSL/TLS, SSH, and IPSec.
256-bit ECDSA Signature Broken Used in Bitcoin and Ethereum exchanges,
Companies’ internal communications.
All cryptography algorithms in this table were also listed as vulnerable by the White House in the November 2022 migration memorandum -
examples of use retrieved by the author.
4
Cyberattacks on encryption using quantum computers should generally be ready for public access after 50 years,
would allow adversaries to decode encrypted and similar examples can be found in other EU countries.
information, interfere with communications, and access However, an adversary using a quantum computer could
networks and information systems without permission, steal, read, and disseminate information before it reaches
thereby opening the door to stealing and sharing the public eye—as soon as seven years.
previously confidential information.
Cryptography attacks can also negatively impact
Given that the prospects of a cryptographically significant the European economy and the competitiveness of
quantum computer—one able to break encryption—are European companies. Quantum computers will increase
not a question of if but rather when, cybercriminals and the probability of intellectual property theft or data
geopolitical adversaries are rushing to obtain sensitive breaches as cryptography attacks become more frequent,
encrypted information that cannot be read today to be and companies responsible for critical infrastructure,
de-coded once quantum computers are available. such as transportation, energy distribution systems,
or communications, will be particularly vulnerable.
These types of cyberattacks, known as ‘harvest attacks’ Cyberattacks on critical infrastructure can have far-
or ‘download now-decrypt later’, are already a risk to reaching consequences, with spillover effects on other
European security. In 2022, Belgium passed a law to economic sectors and international security. Only the
declassify documents following a 20, 30, and 50-year rule, recovery from the 2020 SolarWinds cyberattack4 could
depending on the level of secrecy. In France, documents cost the global economy up to $100 billion.
5
The US arguably leads the transition to post-quantum Meanwhile, the European Union’s efforts to secure
cybersecurity (see: Table 2), in which post-quantum information from quantum cyberattacks lack a clear
cryptography will be the protagonist. In 2016, the strategy about how to deal with short-term threats, such
US NIST initiated a standardisation process of post- as ‘harvest attacks’. Moreover, there are questions about
quantum cryptography algorithms, noticing the fast the role that quantum technologies will have in securing
development of quantum computing and its potential European networks against quantum cyberattacks.
impact on information security. Out of the many While the US predominates the use of post-quantum
algorithms submitted in 2022, NIST selected four of cryptography, policy-wise, the EU has only focused so
them with the perspective of finalising standardisation far on quantum key distribution, despite mentions of
efforts in 2024. the importance of post-quantum cryptography for cyber
resilience in the 2020 Cybersecurity Strategy.
In parallel with the standardisation process, the US has
sped up the number of policies dedicated to securing This has undoubtedly hindered the EU’s ability
sensitive information against quantum cyberattacks. to establish global standards for post-quantum
In 2022, the US passed the Quantum Cybersecurity cryptography, a process that the US is leading and
Preparedness Act,5 which sets up a roadmap to migrate benefits from European research. Of the 19 researchers
government information to post-quantum cryptography. within the four groups whose algorithms have been
Furthermore, the White House issued a series of selected by NIST for standardisation, 13 are affiliated
memorandums6 urging federal agencies to report with European research institutions. On top of that,
an inventory of cryptographic systems and start the EU standardisation bodies joined the race late for PQC
transition to post-quantum cryptography. standards, which has resulted in these organisations
following the facto the advancements made by NIST.9
In 2023, the new US National Cybersecurity Strategy7
established protection against quantum cyberattacks In 2022, ENISA published an integration study of
as a strategic objective. This priority encompasses the post-quantum cryptography10 and the EU Commission
use of post-quantum cryptography and the need to allocated €11 million for research on PQC.11 But the EU
replace vulnerable hardware, software, and applications Commission’s call expects results by 2026, two years
that could be compromised. On top of that, the US after the expected end of the NIST process, and the
Congress is in the process of debating a new law that ENISA paper is about the challenges to implementing
would create public-private sandboxes to accelerate the PQC on digital systems, but it is a research paper.
development of promising near-term applications of Europe has come in late.
quantum technologies.8
Standardisation Since 2016 (NIST). Ongoing: no clear results. Participate in NIST and European
process Standardisation finished by 2024. Likely to follow NIST standards. standardisation efforts.
Support for National Quantum Initiative. 2022 Ultra Secure All member states are part of the
quantum-safe Connectivity Programme. EuroQCI network.
2023 Quantum Sandbox for
technologies
Near-Term Applications. EU Quantum Flagship 12/27 have national quantum
programmes in the form of direct
EuroQCI
strategic state-led R&D programmes,
Horizon Europe. or national strategies.
6
The strengths of Europe lie in the EuroQCI project. To support and amplify the geographical range of
However, even though it could become the backbone EuroQCI, in 2022, the EU passed the Union Secure
of secure communications in the future, its focus on Connectivity Programme regulation,13 which mandates
quantum key distribution will not solve the pressing the development of a space segment for EuroQCI, the
challenges that quantum computing creates for IRIS2 space constellation. IRIS2 will be built upon the
European cybersecurity today. GOVSATCOM infrastructure. When completed, IRIS2
could become a flagship space programme along with
EuroQCI is a flagship project in the EU that aims to provide Copernico and Galileo.
secure communications by 2027. This has drawn a lot of
attention from member states. All of the 27 are signatories Yet, it is arguable that the focus of the EuroQCI network
of this project, which in 2021 saw the first interstate and its promising applications divert policymakers
quantum-safe communication (100.5km) between Trieste from paying attention to today’s needs of the European
(Italy), Ljubljana (Slovenia), and Zagreb (Croatia).12 cybersecurity agenda about quantum cybersecurity
threats. Furthermore, as the supporting technology of the
EuroQCI is a quantum key distribution, there are questions
about whether the EU will be able to meet the 2027
deadline for operational capacity. Moreover, even when
The focus on the EuroQCI network and its fully deployed, the EuroQCI will have limited functionality
compared to the functionality of PQC. The EuroQCI
promising applications divert policymakers
network is meant to secure governmental communications
from paying attention to today’s needs of and critical infrastructure, which does not necessarily
the European cybersecurity agenda about prevent threats to other critical areas for cybersecurity,
quantum cybersecurity threats. such as third-party or supply chain cyberattacks.
7
Moreover, by aligning strategic objectives between
member states and the European Commission, the
EU can foster stronger cooperation between national
A crucial step towards cyber resilience in
cybersecurity agencies and ENISA to determine
technological priorities and identify relevant use cases the face of quantum computing will be
for quantum technologies. This would be fundamental developing a detailed migration plan that
in a time when some member states are individually moves information susceptible to quantum
evaluating the use of post-quantum cryptography, attacks on encryption (see, for example,
quantum key distribution or a combination of the
two to secure their systems, especially when clear
Table 1) to post-quantum encryption.
divergences in use exist.
8
1
Mosca, Michele (2016), Quantum Computing: A New Threat to 12
EU Quantum Flagship (2021), “First intergovernmental quantum
Cybersecurity. Global Risk Institute. In addition, see: Table 1. communication”, [online] Available at: https://qt.eu/news/2021/first-
2
Waters, Richard (2023), “Chinese researchers claim to find a way intergovernmental-quantum-communication.
to break encryption using quantum computers”, Financial Times, 13
European Commission (2022), Regulation of the European Parliament
January 5. and of the Council establishing the Union Secure Connectivity
3
Bernstein, Daniel J. and Tanja Lange (2017), “Post-quantum Programme for the period 2023-2027, Strasbourg: France.
cryptography”, Nature 549: 188-194. 14
The European Union plays an essential coordinating role in Europe’s
4
The 2020 SolarWinds cyberattack was a supply chain attack in cybersecurity. Policies like NIS 2 or the Cyber Resilience Act have
which hackers gained access to the systems of multiple government helped governments identify priorities and establish ambitious
agencies and private companies by compromising SolarWinds, a cybersecurity requirements for the areas deemed more sensitive
leading software provider. The company clients received a malware- for Europe’s economic security. Hence, it is arguable that the EU is
infected file as a software update, allowing attackers to gain access equipped with sufficient experience in coordinating cybersecurity
to sensitive information and networks. The attack was attributed to a preparedness and response to also play a key role in the transition to
Russian hacking group and is considered one of the most significant quantum-safe systems.
cyberattacks in history. 15
Quantum nodes would receive, store, and transmit information in
5
US Congress (2022), Quantum Computing Cybersecurity Preparedness quantum states but the technology is not there yet. Current quantum
Act, Washington D.C. networks use trusted nodes that receive information in quantum
states, store them in classical states, and transmit them in quantum
6
White House (2022), “Memorandum for the Heads of Executive states again. This adds a new layer of vulnerability as attackers could
Departments and Agencies: Migrating to Post-Quantum Cryptography”, read and steal information once put back in zeroes and ones.
November 18, Washington D.C. 16
Agence nationale de la sécurité des systems d’information (2022)
7
White House (2023), National Cybersecurity Strategy, Washington D.C. “ANSSI views on the post-quantum cryptography transition”, [online]
8
US Congress (2023), Quantum Sandbox for Near-Term Applications Available at: https://www.ssi.gouv.fr/en/publication/anssi-views-on-
Act, Washington D.C. the-post-quantum-cryptography-transition/.
9
See for example ETSI’s review of NIST algorithms or CEN-CENELEC 17
Gable, Jim, Shannon Gray, and Denis Mandich (2023), “Is PQC
standardisation roadmap acknowledging NIST. broken already? Implications of the successful break of a NIST
10
ENISA (2022), Post-Quantum Cryptography — Integration Study. finalist”, [online] Available at: https://cloudsecurityalliance.org/
[online] Available at: https://www.enisa.europa.eu/publications/post- blog/2023/04/03/is-pqc-broken-already-implications-of-the-
quantum-cryptography-integration-study. successful-break-of-a-nist-finalist/.
11
European Commission (2022), “Transition towards Quantum-Resistant
Cryptography”, Funding and Tender Opportunities Portal. [online]
Available at: https://ec.europa.eu/info/funding-tenders/opportunities/
portal/screen/opportunities/topic-details/horizon-cl3-2022-cs-01-03.
9
NOTES
10
NOTES
11
The European Policy Centre is an independent, not-for-profit think
tank dedicated to fostering European integration through analysis and
debate, supporting and challenging European decison-makers at all levels
to make informed decisions based on sound evidence and analysis, and
providing a platform for engaging partners, stakeholders and citizens in
EU policymaking and in the debate about the future of Europe.
EUROPEAN POLICY CENTRE | 14-16 RUE DU TRÔNE/TROONSTRAAT | B -1000 BRUSSELS | BELGIUM | WWW.EPC.EU