MEPs call for ‘urgent action’ to implement post-quantum encryption standards
Twenty members of the European Parliament have called for urgent action to develop a new standard for data encryption
that would protect against quantum computers being used for maliciopurposes. In their letter,
the members urge the European Commission to develop security measures and regulations to
ward off the threat of quantum computers for cybercrime and data breaches.
Quantum computers, once fully developed, have the potential to calculate complex processes that cannot be easily carried out by classical devices.
There is, however, a real threat that they may also be used to hack encrypted information, even present-day information that is currently considered unhackable.
Experts estimate that the commonly used RSA-2048 keys can be cracked by a quantum computer within 24 hours. This puts secret information,
for example held by governments or companies, at risk of being stolen.
Even though practical quantum computers still need years, if not decades, to become practical,
the complexity of any new encryption standard could take a similar amount of time to implement.
Transitioning to a new cryptographic standard to incorporate a wide range of technological domains,
such as internet servers, banking and internet-of-things devices, has already started.
The National Institute of Standards and Technology (NIST) in the US has determined the algorithms
that will be included as post-quantum encryption standards and these are currently being developed by collaborations around the world.
The new standards will be applied to public-key encryption and for digital signatures.
In their letter, the MEPs urge the European Commission to create an inventory of current encryption algorithms that are used by organisations.
They want a review of which new (classical) cryptographic libraries can be easily included in current infrastructure and are keen to ensure that hybrid
– classical as well as post-quantum cryptographic – encryption is deployed where possible.
The MEPs also want a phased implementation to begin as soon as NIST has adopted relevant standards.
“The [relevant] commissions should play an important role in spurring this transition now, by explaining in joint guidance what taking ‘appropriate’
security measures under the different regulatory regimes means,
in the view of the development of quantum computers,” the letter states.
译文:
欧洲议会二十名议员呼吁采取紧急行动制定新的数据加密标准
这将防止量子计算机被用于恶意目的。 在他们的信中,
成员敦促欧盟委员会制定安全措施和法规,
抵御量子计算机对网络犯罪和数据泄露的威胁。
量子计算机一旦完全开发出来,就有可能计算传统设备无法轻松执行的复杂过程。
然而,真正的威胁是它们也可能被用来破解加密信息,甚至是目前被认为无法破解的当今信息。
专家估计,常用的RSA-2048密钥可以在24小时内被量子计算机破解。 这放置了秘密信息,
例如,由政府或公司持有,有被盗的风险。
尽管实用的量子计算机仍然需要数年甚至数十年才能变得实用,
任何新的加密标准的复杂性都可能需要类似的时间来实施。
过渡到新的加密标准以纳入广泛的技术领域,
例如互联网服务器、银行和物联网设备,已经启动。
美国国家标准与技术研究所(NIST)确定了算法
这将被纳入后量子加密标准,目前正在由世界各地的合作开发。
新标准将应用于公钥加密和数字签名。
欧洲议会议员在信中敦促欧盟委员会创建一份组织当前使用的加密算法的清单。
他们希望审查哪些新的(经典)密码库可以轻松包含在当前基础设施中,并热衷于确保混合
– 经典以及后量子加密 – 尽可能部署加密。
欧洲议会议员还希望在 NIST 采用相关标准后立即开始分阶段实施。
“[相关]委员会现在应该在促进这一转变方面发挥重要作用,通过在联合指导中解释采取‘适当’的措施
不同监管制度下的安全措施意味着,
从量子计算机的发展来看,”信中写道。
