Posts
To Go:
| year | day | hour | minute | second |
Detail:
In a short-on-detail post Google are indicating a 2029 cutoff for, and we assume, the use classical algorithms for authentication related activities.
They indicate that Android 17 is going to use ML-DSA for digital signatures.
They don’t indicate if there will be any legacy capacity, for example will they still accept older non-PQC signatures created before 2029 or will it be a hard cutoff.
To Go:
| year | day | hour | minute | second |
Brief Summary
The NIS Cooperation group, PQC Workstream have published the following timeline:
First Steps by 31.12.2026
Initiate transition planning and pilots for high and medium risk use cases. All member states to establish a transition roadmap.
- Identify and involve stakeholders.
- Support mature cryptographic asset management.
- Create dependency maps.
- Perform quantum risk analysis.
- Include the supply chain.
- Create a national awareness and communication program.
- Share knowledge and get involved with the NIS CG work stream on PQC.
- Develop a timeline and an implementation plan.
To Go:
| year | day | hour | minute | second |
Next Steps by 31.12.2030
PQC Transition for high risk use cases has been completed and transition planning and pilots for medium risk use cases should be completed and Quantum safe software and firmware upgrades are enabled by default.
To Go:
| year | day | hour | minute | second |
Detail:
NSM-10 mandates a target date of not after 2035.
Any digital system that uses existing public standards for public‑key cryptography, or that is planning to transition to such cryptography, could be vulnerable to an attack by a Cryptographically Relevant Quantum Computer (CRQC). To mitigate this risk, the United States must prioritize the timely and equitable transition of cryptographic systems to quantum-resistant cryptography, with the goal of mitigating as much of the quantum risk as is feasible by 2035.
To Go:
| year | day | hour | minute | second |
Brief Summary
The National Cyber Security Centre (NCSC) of the United Kingdom makes the following timelines for mitigation known:
| Year | Description |
|---|---|
| 2028 | Complete discovery, make initial plans, communicate with suppliers. |
| 2031 | Complete higest priorty migrations, ready infrastructure, clear path to 2035 |
| 2035 | Complete your migration |
They expect large organisations to take two to three years to carry out discovery, define a migration strategy and to finally develop an initial migration plan with the expectation that it will take another two to three years to “carry out early migration activities” and to refine the plan.
To Go:
| year | day | hour | minute | second |
Detail
The Australian Signals Directory (ASD) makes it known that the following algorithms will no longer be acceptable from the following cutoff dates.
Dates marked 2025 indicate parameter sets that are not acceptable now.
| Algorithm | Cutoff Date |
|---|---|
| DH | 2030 |
| ECDH | 2030 |
| ECDSA | 2030 |
| ML-DSA-44 | 2025 |
| ML-DSA-65 | 2030 |
| ML-KEM-512 | 2025 |
| ML-KEM-768 | 2030 |
| RSA | 2030 |
| SHA-224 and SHA-256 | 2030 |
| AES-128 and AES-192 | 2030 |
Source: Guidelines for cryptography