Quantum-Safe Cryptography


Quantum Computing and the risk to security and privacy

The advent of large-scale quantum computing offers great promise to science and society, but brings with it a significant threat to our global information infrastructure. Public-key cryptography - widely used on the internet today - relies upon mathematical problems that are believed to be difficult to solve given the computational power available now and in the medium term.

However, popular cryptographic schemes based on these hard problems – including RSA and Elliptic Curve Cryptography – will be easily broken by a quantum computer. This will rapidly accelerate the obsolescence of our currently deployed security systems and will have dramatic impacts on any industry where information needs to be kept secure.

Quantum-safe cryptography refers to efforts to identify algorithms that are resistant to attacks by both classical and quantum computers, to keep information assets secure even after a large-scale quantum computer has been built.

What is at risk?

Without quantum-safe cryptography and security, all information that is transmitted on public channels now – or in the future – is vulnerable to eavesdropping. Even encrypted data that is safe against current adversaries can be stored for later decryption once a practical quantum computer becomes available. At the same time it will be no longer possible to guarantee the integrity and authenticity of transmitted information, as tampered data will go undetected. From business, ethical, and legal perspectives, this would violate the regulatory requirements for data privacy and security that are in existence today.

Our Role & Activities

Cryptanalysis and the standardization of cryptographic algorithms require significant time and effort for their security to be trusted by governments and industry. ETSI is taking a proactive approach to define the standards that will secure our information in the face of technological advance.

Quantum-safe cryptography and security is essential for:

  • Protecting government and military communications
  • Securing financial and banking transactions
  • Assuring the confidentiality of medical data and healthcare records
  • Safeguarding the storage of personal data in the cloud
  • Restricting access to confidential corporate networks

ETSI Quantum-Safe Cryptography (QSC) Industry Specification Group (ISG)

The ISG QSC has been closed early 2017 and the work has been transferred to ETSI TC Cyber WG QSC.

The ETSI Quantum-Safe Cryptography (QSC) ISG aimed to assess and make recommendations for quantum-safe cryptographic primitives and protocols, taking into consideration both the current state of academic cryptology and quantum algorithm research, as well as industrial requirements for real-world deployment. ETSI QSC ISG seeked to standardize the relevant algorithms, primitives, and risk management practices as needed to seamlessly preserve our global information security infrastructure.

This group considered the security properties of the proposed algorithms and protocols along with practical considerations, such as extensible security architectures and technology switching costs, which allow these recommendations to support a variety of industrial use cases. We aimed to make pragmatic comparisons and concrete characterisations and recommendations to assist the global technology community to select and deploy the best available quantum-safe alternatives.


The following is a list of the latest published ETSI specifications on quantum-safe cryptography.

A full list of related specifications in the public domain is accessible via the ETSI standards search. Via this interface you can also subscribe for alerts on updates of ETSI standards.

For work in progress see the ETSI Work Programme on the Portal.

Standard No. Standard title.
GR QSC 004 Quantum-Safe Cryptography; Quantum-Safe threat assessment
GR QSC 003 Quantum Safe Cryptography; Case Studies and Deployment Scenarios
GR QSC 006 Quantum-Safe Cryptography (QSC); Limits to Quantum Computing applied to symmetric key sizes
GR QSC 001 Quantum-Safe Cryptography (QSC); Quantum-safe algorithmic framework