Skip to main content
  • JSONPath: from blog post to RFC in 17 years

    Today the JSONPath RFC (RFC 9535) proposed standard was published, precisely 17 years after Stefan Gössner wrote his influential blog post JSONPath – XPath for JSON that resulted in some 50 implementations in various languages.

    • Glyn NormingtonRFC 9535 Editor
    21 Feb 2024
  • Stepping towards a Sustainable Internet

    The IAB’s new Environmental Impacts of Internet Technology (E-Impact) program will hold its first virtual interim meeting over two slots on 15 and 16 February 2024. These interim meetings are open to participation, and we invite all interested community members to join, participate, and contribute.

    • Jari ArkkoE-Impact Program Lead
    • Suresh KrishnanE-Impact Program Lead
    7 Feb 2024
  • What’s the deal with Media Over QUIC?

    In 2022, the IETF formed a working group for Media Over QUIC (MoQ)—a media delivery solution that has the potential to transform how we send and receive media during live streaming, real-time collaboration, gaming, and more.

    • Brett BralleyThought Leadership Content Writer, Cisco
    25 Jan 2024
  • IETF Administration LLC 2024 Budget

    The IETF Administration LLC has finalised its budget for 2024.

    • Jay DaleyIETF Executive Director
    18 Jan 2024
  • Update on the IT Infrastructure Transition Project

    Begun in the last quarter of 2023, work is underway to define and deploy a new, cloud-based infrastructure approach for services that support the work of the IETF, and to move those services onto the new infrastructure.

    • Robert SparksIETF Tools Project Manager
    12 Jan 2024

Filter by topic and date

Filter by topic and date

IETF launches post-quantum encryption working group

  • Grant GrossIETF Blog Reporter

23 Feb 2023

As research organizations and tech companies embrace quantum computing, many cybersecurity experts have worried that the upcoming super-powerful machines will be able to crack current encryption methods within minutes, exposing people to surveillance or cybercrime.

PQUIP Blog post

The IETF has responded to these concerns by launching, in January, a new working group, called Post-Quantum Use In Protocols, or PQUIP, that aims to coordinate the use of cryptographic protocols that are not susceptible to large quantum computers.

There are already efforts outside the IETF to develop post-quantum encryption methods, and a handful of IETF working groups have begun work on standardizing revised protocols to meet the quantum challenge. PQUIP aims to support “this growing body of work” at the IETF and facilitate the evolution of protocols, according to the working group’s charter.

The plan is to examine quantum-related concerns and ideas, with PQUIP leaving standardizing to other IETF working groups, noted Sofia Celi, a cryptography researcher at Brave Software and co-chair of PQUIP. The working group aims to discuss and provide suggestions for transition issues, she added.

“The idea of the working group is to be a standing venue to discuss post-quantum cryptography [PQC] from an operational and engineering side,” Celi said. “It is also a venue of last resort to discuss PQC-related issues in IETF protocols that have no associated maintenance on other working groups that the IETF has.”

It is unclear when or if so-called cryptographically relevant quantum computers [CRQCs] will be able to break existing encryption methods, with a few researchers suggesting it could happen as soon as a decade and others predicting fifty years or more. 

As Celi notes, “Experts in the field have given wildly different estimated timelines based on many factors. It is possible that CRQCs might never exist because the error rates for quantum computers might always be too high to build a large enough computer to break current cryptography.”

However, with the possibility that these powerful quantum computers will eventually exist, the IETF and other groups are working to proactively protect Internet communications. She added, “If CRQCs can be built, we want PQC algorithms specified, tested, and deployed well before the first CRQC is operational,” she said.

The good news, Celi said, is that work on post-quantum cryptography is well on its way. The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) launched a post-quantum cryptography standardization process back in 2016, and it announced its first group of algorithms in July 2022 for key exchange and signatures, with additional algorithms expected in the future. Other international organizations are also working on post-quantum computing algorithms, she noted.

Most protocols and technologies that provide security or privacy and use quantum-threatened cryptography can be migrated to post-quantum algorithms..

“Many of the algorithms that have been chosen to be standardized by the post-quantum NIST process are usable in today’s systems and networks,” Celi said. However, “these algorithms have some constraints – higher computational costs and larger sizes – that should be carefully considered when integrating them into protocols and technologies.” The PQUIP Working Group, and the other working groups in the IETF, will investigate how to integrate PQC algorithms in today’s protocols.

Discussions are already underway on the PQUIP working group mailing list, with the first meeting is expected to take place at the IETF 116 Yokohama meeting being held 25-31 March 2023.


Share this page