- What is cryptography?
- What is quantum-safe cryptography?
- How do quantum-safe cryptography and post-quantum cryptography compare?
- How likely is the arrival of quantum computers?
- What risks does my organisation face?
- How can I protect my organisation?
- Does the Government-Wide Quantum-Safe Cryptography programme function independently?
- Which team or role is responsible for migrating to quantum-safe cryptography?
- What does the QvC-Rijk programme entail?
- What is the duration of the programme?
- Who should I contact if I have questions?
1. What is cryptography?
Cryptography is a technique used to securely transmit information, preventing unauthorised parties from reading it. This technique involves encrypting and decrypting data. Moreover, cryptography is used for authentication and identity verification, enabling secure online money transfers and payments by bank card, traffic light and bridge control, as well as the encryption of business secrets and confidential information.
2. What is quantum-safe cryptography?
Quantum-safe cryptography is cryptography that cannot be broken, even by a powerful quantum computer.
3. How do quantum-safe cryptography and post-quantum cryptography compare?
Quantum-safe cryptography is an umbrella term for all approaches that protect against quantum threats. Post-quantum cryptography is a specific subset of quantum-safe cryptography. For example, symmetric encryption (like AES) with sufficiently long keys is already quantum-safe; it doesn’t need to be ‘post-quantum’ because it’s secure even against quantum attacks. So while post-quantum cryptography is 1 solution, quantum-safe cryptography includes additional proven methods.
4. How likely is the arrival of quantum computers?
Quantum computers already exist. However, they are not yet capable of undermining or breaking cryptography. Experts estimate that a quantum computer capable of doing so could become available between 2030 and 2050. The Government-Wide Quantum-Safe Cryptography programme follows the AIVD’s advice, which states that a powerful quantum computer could be here as early as 2030.
5. What risks does my organisation face?
Powerful quantum computers could compromise or disable widely used cryptographic systems, substantially weakening the security of processes, data, and information that rely on them. Such advancements could have serious repercussions, both digitally and physically. Personal data might no longer be protected, and control of traffic lights, flood defences, or medical and industrial equipment could potentially be at risk.
6. How can I protect my organisation?
Replacing cryptographic tools is complex, expensive, and time-consuming. This is why it’s important to start preparations as soon as possible. For guidance, we refer you to (the first pages of) the PQC-migration handbook and the NSCS’s practical guide (Dutch).
7. Does the Government-Wide Quantum-Safe Cryptography programme function independently?
The Government-Wide Quantum-Safe Cryptography (QvC-Rijk) programme is part of the I-Strategy Rijk, theme 2: Digital Resilience. It is overseen by the Digital Resilience Steering Group.
8. Which team or role is responsible for migrating to quantum-safe cryptography?
Departments and executive agencies are accountable for information security and for managing the risks posed by quantum computers. They are also responsible for implementing measures to mitigate these risks.
9. What does the QvC-Rijk programme entail?
The programme assists departments and executive agencies in managing the risks of this emerging threat in a timely manner. An interdepartmental working group, consisting of over 30 colleagues from diverse organisations, is implementing the programme. Additionally, there is collaboration with research and academic institutions.
The programme organises ‘awareness sessions’ for different target groups within the government, develops guiding frameworks and tools, and offers support in reducing risks.
10. What is the duration of the programme?
The programme has been running since 2023. No end date has been set as of yet.
11. Who should I contact if I have questions?
If you have any questions or require further information, please email: QvC-Rijk@rijksoverheid.nl.
