European researchers are among the leaders in the field of quantum-secure cryptography – but as the race for quantum standard-setting ramps up in the US, they might have to give up their intellectual property (IP) rights in exchange for a voice in the process.
Adopting quantum-secure cryptography is crucial to keep personal data and digitally connected devices secure in the post-quantum era to protect companies, governments and critical infrastructure from decryption.
While the EU is establishing its ecosystem of super- and quantum computers, the international race for the technical standards in post-quantum cryptography has already begun.
“In a globally competitive quantum race, failure to define and assert European standards results in a competitive disadvantage. It will lead to diminished influence over technological advancements, give rise to potential security vulnerabilities, and missed opportunities for cross-border innovation,” Markus Pflitsch, quantum physicist and founder of Terra Quantum AG, told Euractiv.
In February 2022, the Commission presented a standardisation strategy to boost Europe’s voice in international standard-setting processes around quantum technology. Still, despite the EU’s strive for technological sovereignty, the bloc seems relegated to a passenger seat for what concerns the technical standards of one of the most disruptive technologies on the horizon.
“Setting robust standards is a matter of technical leadership and a strategic imperative for the EU. It’s crucial to secure the continent’s role in shaping the future of quantum technologies and maintaining a resilient and cohesive digital ecosystem,” Pflitsch added.
From research to standards
Due to a strong research tradition in applied cryptography, European researchers, funded at national and EU level, played a central role in the design and evaluation of cryptographic competitions, including post-quantum cryptography (PQC), organised by the American National Institute for Standards and Technology (NIST).
The NIST’s post-quantum cryptography standards will become the benchmark for cybersecurity globally, Axel Poschmann, Head of Product Innovation and Security at PQShield, told Euractiv. As such, the European Commission sees EU participation as an opportunity to influence international standard-setting.
“The team behind the Kyber [cryptographically-secure] algorithm selected by NIST are all based in Europe, and agencies across Europe – including the BSI in Germany, ANSSI in France and NCSC in the UK – are all encouraging the adoption of NIST’s standards,” Poschmann added.
“The participation of European researchers in the NIST Post-Quantum Cryptography Standardisation contest reflects the need for the EU to take a global approach to the global field of PQC and to participate in international standard-setting efforts with like-minded partners,” a Commission spokesperson told Euractiv.
“It also testifies to the globally competitive work of European experts in this field,” the Commission official added.
However, if an algorithm by an EU researcher is selected and standardised by the American institute, the researcher agrees to give up all Intellectual Property rights.
“Researchers have been mostly satisfied with the decisions taken by NIST,” Bart Preneel, cryptographer and cryptanalyst teaching at the Katholieke Universiteit Leuven, told Euractiv.
But, “with the caveat that behind the scenes at NIST, the [US National Security Agency] NSA is always exerting its influence, resulting in a lack of full transparency,” the cryptographer added.
The European role in this field has mostly been taking place in the European Telecommunications Standards Institute (ETSI), a standardisation body that has had a conflictual relationship with the Commission in the past years.
European standardisation efforts
ETSI’s security experts group, SAGE, is responsible for cryptographic algorithms for telecommunications networks and user data privacy, while the SOG-IS Crypto Working Group focuses on standard criteria evaluations.
As academics are also not invited to participate, “[i]n both cases, these are closed working groups that lack transparency,” Preneel added.
The EU is also involved in cryptographic solutions, such as quantum key distribution (QKD), deployed in the European Quantum Communication Infrastructure (EuroQCI).
“This reflects its belief in a need for a robust and diverse approach to future threats to current cryptographic techniques,” the Commission official told Euractiv.
Yet, quantum key distribution is not a solution to threats of quantum computers as it cannot run on networks with millions of users, rendering it ineffective for messaging apps.
“QKD does not provide authentication, leaving it vulnerable to man-in-the-middle attacks,” Axel Poschmann, Head of Product Innovation and Security at PQShield, told Euractiv.
“The public-key cryptographic algorithms recently standardised by NIST, which overcome these issues, are the most secure and reliable way of staying ahead of attackers,” Poschmann added.
EU member states also consider cryptography part of national security, a subject they jealously guard from any interference from Brussels.
“The logical consequence is that the EU cannot play a leading role at a geopolitical level in this area, and neither can the member states,” Preneel added.
Lack of strategy
Standard setting is only one crucial element to prepare for the next technological era. Another essential role to foster development and research in post-quantum cryptography includes funding, and most EU funding is focused on quantum key distribution.
“The main conclusion of these decisions is that there is no viable EU-wide post-quantum migration strategy – most EU member states are running far behind, and EU vendors will have problems developing their markets,” Preneel said, considering the lack of an EU-wide top-down strategy highly problematic.
“To retain its quantum talent pool, the EU must enhance funding, foster collaborative research environments, and prioritise quantum education. Setting standards is crucial, not only for technological leadership but also for securing data and communications in the quantum era,” Pflitsch concluded.
[Edited by Luca Bertuzzi]
Read more with Euractiv
