scope:

The present document addresses business continuity arising from the concern that Quantum Computing (QC) is likely to invalidate the problems that lie at the heart of both RSA and ECC asymmetric cryptography. The present document considers the transition to the post-quantum era of how to re-assert CAs in a PKI, the distribution of new algorithms, and the distribution of new keys, and advises that business continuity planning addresses the impact of QC on ICT.

The current assumptions that underpin the security strength of RSA and ECC are that the solution to the prime factoring, and the discrete logarithm problems are infeasible without prior knowledge. It has been widely suggested that the application of quantum computing to these problems removes the assertion of infeasibility. Whilst it is not known when quantum computing will arrive or how long it will be until the factorisation and discrete logarithm problems are themselves solved the present document reviews the nature of the algorithms when subjected to QC attack and why they become vulnerable.

The present document applies to ETSI TBs undertaking work in the selection and definition of cryptographic algorithms, and to non-ETSI members who have deployed cryptographic algorithms and need to be aware of the impact of QC on ICT.