Introduction
The 2025 Australian Quantum-Resistant Cybersecurity (AusQRC) Day was a day conference that highlighted the critical challenges and strategic direction for migrating to Post-Quantum Cryptography (PQC). The Australian government, through the Australian Signals Directorate (ASD), has signalled alignment with NIST PQC standards as the most suitable cryptographic security framework for national requirements.
pSpecifically, the ASD endorses the lattice-based ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism), noting that the imperative of quantum-safety warrants the overhead. The government is prioritising future-proofing long-lived data systems against the "harvest now, decrypt later" threat, despite the associated operational costs and performance impact. The ASD generally encourages a pure-PQC transition by its 2030 goal, favouring the higher security level ML-KEM-1024 for long-term use, while accepting ML-KEM-768 until 2030.
Global Standards and Trust Landscape
The global landscape of cryptographic standards is divided between adherence to NIST-selected algorithms and independent national security mandates. While many countries align with NIST PQC standards, key nations maintain unique, stringent standards for their classified systems.
- United States: Driven by NIST for public standards and the NSA (via CNSA 2.0) for classified systems, the US sets a pure PQC requirement for National Security Systems (NSS) by 2035, viewing hybrid schemes strictly as an interim measure.
- European Union/Germany/France: Bodies like the German BSI and French ANSSI recommend NIST algorithms but also endorse alternatives (e.g., FrodoKEM, Classic McEliece) for diversification and actively recommend hybrid schemes during the transition.
- China and South Korea: Both nations have pursued developing and standardising their own national PQC algorithms separate from the NIST process (e.g., South Korea's HAETAE and China's domestic candidates), reflecting a priority for digital sovereignty.
Major Challenges and Transition Impact
The overall transition to PQC presents significant operational and financial challenges:
- Resource and Cost Overheads: The shift, particularly to lattice-based cryptography, demands an estimated 30x increase in memory for some applications.
- Data Footprint: PQC schemes generally involve significantly longer cryptographic keys and signatures, impacting data storage and transmission protocols.
- Implementation and Interoperability: Hurdles include updating codebases, ensuring backwards compatibility, and navigating the issue of multiple global standards to enforce a consistent security baseline. The risk of backwards-forcing attacks against PQC schemes is a strong motivator for a coordinated, enforced standard.
Strategic Solutions and Timelines
The conference emphasised practical solutions and set expectations for the migration:
- Hybrid Schemes: The use of hybrid cryptographic schemes (combining classical and PQC algorithms) is considered a sound and necessary transitional strategy to manage risk and security during the changeover period.
- Authentication Advancement: The increasing use of Merkle tree authentication was noted as a valuable technique to provide an extra layer of integrity and authenticity to digital signatures.
- The 2030 Goal: The consensus is that 2030 represents an ambitious, deadline for a complete transition across all industries, depending on the current state of industry
- A phased, measured approach that prioritises critical and long-lived data systems is required.
Key Speaker: Thomas Prest
The global landscape of cryptographic standards is divided between adherence to NIST-selected algorithms and independent national security mandates. While there are many countries that align with NIST PQC standards, several are creating their own.
United States: Driven by NIST for public standards and the NSA (via CNSA 2.0) for classified systems, the US sets a pure PQC requirement for National Security Systems (NSS) by 2035, viewing hybrid schemes strictly as an interim measure.
European Union/Germany/France: Bodies like the German BSI and French ANSSI recommend NIST algorithms but also endorse alternatives (e.g., FrodoKEM, Classic McEliece) for diversification and actively recommend hybrid schemes during the transition, reflecting a more flexible or open policy than the US long-term goal. This is partially due to the fact that their own governments have their own departments working on cryptography standards.
China and South Korea: Both nations have pursued developing and standardising their own national PQC algorithms separate from the NIST process (e.g., South Korea's HAETAE and China's domestic candidates), reflecting a priority for digital sovereignty and national control over cryptographic assurance. There is no further information provided on these schemes.
Key SPeaker: Prof Jonathan Katz
The overall transition to PQC presents significant operational and financial challenges:Resource and Cost Overheads: The shift, particularly to lattice-based cryptography, demands an estimated 30x increase in length for some applications.
Data Footprint: PQC schemes generally involve significantly longer cryptographic keys and signatures, impacting data storage and transmission protocols , see table below:
Hurdles include updating codebases, ensuring backwards compatibility, and navigating the issue of multiple global standards to enforce a consistent security baseline. The risk of backwards-forcing attacks against PQC schemes is a strong motivator for a coordinated, enforced standard.
Other problems are things like Certificate Authorities need to be able to understand both PQC and non-PQC certificates, so will need to be standardised earlier than the use of the certificates in question. And then they will also need to be responsible for any secure down-grade which may be required by one of the communicating parties, if they are not advanced enough to accept PQC keys.
| Protocol Stack |
Key Agreement (KA) (Bytes) |
Authenticating the Server (AS) (Bytes) |
Total Communication Cost (Bytes) |
|---|---|---|---|
| TLS |
2272 |
9884 |
12156 |
| AuthKEM |
2272 |
8424 |
10696 |
| TLS + CT |
2272 |
14724 |
16996 |
| AuthKEM + CT |
2272 |
13264 |
15536 |
| TLS + MTC |
2272 |
4468 |
6740 |
| AuthKEM + MTC |
2272 |
3008 |
5280 |
Key Speaker: Dr Danesh Jogio
The Australian government, through the Australian Signals Directorate (ASD), has signalled alignment with NIST PQC standards as the most suitable cryptographic security framework for national requirements. Specifically, the ASD endorses the lattice-based ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism), due to the quantum-safety requirements, and warrants the overhead.
The government is prioritising future-proofing long-lived data systems against the "harvest now, decrypt later" threat, despite the associated operational costs and performance impact. The ASD generally encourages a pure-PQC transition by its 2030 goal, favouring the higher security level ML-KEM-1024 for long-term use, while accepting ML-KEM-768 until 2030.
The conference emphasised practical solutions and set expectations for the migration, about the use of hybrid cryptographic schemes (combining classical and PQC algorithms) is considered a sound and necessary transitional strategy to manage risk and security during the changeover period. The consensus is that 2030 represents an ambitious, possibly unachievable, deadline for a complete transition across all industries, depending on the current state of industry readiness. A phased, measured approach that prioritises critical and long-lived data systems is required. Also, there is an increasing use of Merkle tree authentication, as it noted as a valuable technique to provide an extra layer of integrity and authenticity to digital signatures.