Skip to main content
  • IETF Administration LLC 2025 Budget

    A draft budget was shared previously for community consultation and the IETF Administration LLC now has finalised its budget for 2025.

    22 Jan 2025
  • RFC Production Center management transition

    After an extensive review of recent developments in the RFC Editor function, the IETF Administration LLC (IETF LLC) and Association Management Solutions LLC (AMS) have agreed that the IETF LLC will assume management of existing RFC Production Center (RPC) staff, under an Employer of Record arrangement with AMS, the employer of the RPC team.

    5 Jan 2025
  • Workshop on the Decentralization of the Internet at ACM CoNEXT 2024

    The recent Decentralization of the Internet (DIN) workshop at ACM CoNEXT-2024 brought together network researchers, law and policy experts, and digital right activists to discuss the consolidation and centralization of the existing Internet applications, services, and infrastructure observed in recent years.

    19 Dec 2024
  • Launch of the IETF Community Survey 2024

    The IETF Community survey is our major annual survey of the whole of the IETF community and is used to inform the actions of IETF leadership throughout the year. The 2024 IETF Community Survey is live and we want to hear from you!

    19 Dec 2024
  • Second IASA2 Retrospective Report

    The IETF Administration LLC (IETF LLC) has now completed the second IETF Administrative Support Activity (IASA 2.0) retrospective. The report was developed with community input and review, and is now available online.

    18 Dec 2024

Filter by topic and date

Filter by topic and date

IETF launches post-quantum encryption working group

23 Feb 2023

As research organizations and tech companies embrace quantum computing, many cybersecurity experts have worried that the upcoming super-powerful machines will be able to crack current encryption methods within minutes, exposing people to surveillance or cybercrime.

PQUIP Blog post

The IETF has responded to these concerns by launching, in January, a new working group, called Post-Quantum Use In Protocols, or PQUIP, that aims to coordinate the use of cryptographic protocols that are not susceptible to large quantum computers.

There are already efforts outside the IETF to develop post-quantum encryption methods, and a handful of IETF working groups have begun work on standardizing revised protocols to meet the quantum challenge. PQUIP aims to support “this growing body of work” at the IETF and facilitate the evolution of protocols, according to the working group’s charter.

The plan is to examine quantum-related concerns and ideas, with PQUIP leaving standardizing to other IETF working groups, noted Sofia Celi, a cryptography researcher at Brave Software and co-chair of PQUIP. The working group aims to discuss and provide suggestions for transition issues, she added.

“The idea of the working group is to be a standing venue to discuss post-quantum cryptography [PQC] from an operational and engineering side,” Celi said. “It is also a venue of last resort to discuss PQC-related issues in IETF protocols that have no associated maintenance on other working groups that the IETF has.”

It is unclear when or if so-called cryptographically relevant quantum computers [CRQCs] will be able to break existing encryption methods, with a few researchers suggesting it could happen as soon as a decade and others predicting fifty years or more. 

As Celi notes, “Experts in the field have given wildly different estimated timelines based on many factors. It is possible that CRQCs might never exist because the error rates for quantum computers might always be too high to build a large enough computer to break current cryptography.”

However, with the possibility that these powerful quantum computers will eventually exist, the IETF and other groups are working to proactively protect Internet communications. She added, “If CRQCs can be built, we want PQC algorithms specified, tested, and deployed well before the first CRQC is operational,” she said.

The good news, Celi said, is that work on post-quantum cryptography is well on its way. The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) launched a post-quantum cryptography standardization process back in 2016, and it announced its first group of algorithms in July 2022 for key exchange and signatures, with additional algorithms expected in the future. Other international organizations are also working on post-quantum computing algorithms, she noted.

Most protocols and technologies that provide security or privacy and use quantum-threatened cryptography can be migrated to post-quantum algorithms..

“Many of the algorithms that have been chosen to be standardized by the post-quantum NIST process are usable in today’s systems and networks,” Celi said. However, “these algorithms have some constraints – higher computational costs and larger sizes – that should be carefully considered when integrating them into protocols and technologies.” The PQUIP Working Group, and the other working groups in the IETF, will investigate how to integrate PQC algorithms in today’s protocols.

Discussions are already underway on the PQUIP working group mailing list, with the first meeting is expected to take place at the IETF 116 Yokohama meeting being held 25-31 March 2023.


Share this page