![« Enfin débarrassé de la corvée » : le nouveau défroisseur Calor va vous faire oublier le repassage [Sponso]](https://images.frandroid.com/wp-content/uploads/2025/03/calor-aerosteam-d2c-affiliation-frandroid-homme.jpg?#)
.webp)
NCSC publishes new post-quantum guidance - Arqit comments
NCSC publishes new post-quantum guidance - Daniel Shiu, Chief Cryptographer of quantum-resistant encryption specialist Arqit, comments - Opinion
The National Cyber Security Centre (NCSC) has today issued new guidance for large organisations to protect themselves from the threats posed by quantum computing.
In its new Post-Quantum Cryptography Migration Timelines guidance, the NCSC is recommending that organisations completely migrate their systems to post-quantum cryptography (PQC) by 2035, with the planning process beginning within the next three years.
PQC refers to a set of cryptographic standards that have been designed to resist the enhanced compute power of quantum computers, which threaten to decimate currently used encryption technologies. The first PQCs were formally recognised by cybersecurity agencies in late 2024. However, there is not yet a global consensus on the most effective PQC.
Daniel Shiu, Chief Cryptographer of quantum-resistant encryption specialist Arqit, comments:
"It is great to see the "Timelines for migration to post-quantum cryptography" published by the NCSC. As one would hope from a technically capable and influential organisation, the advice is concise, specific, and achievable.
"The capability to act on the advice will vary from organisation to organisation. It's not trivial even to complete the first step of understanding your current usage of cryptography. The challenges of then understanding which systems will need changing, which have an easy fix, which are less urgent, and which will require significant effort starting as soon as possible require specialised skills that may be outside of the expertise of highly-qualified security experts.
"Even with the necessary cryptographic expertise, there will still be the challenges of deploying agile solutions (to cope with sudden catastrophic cryptographic failures such as SIKE or Rainbow) or which satisfy the security advice of all jurisdictions where the organisation operates (the advice of the NCSC offers different nuance to US advice, the EU varies from both, and nations such as Ukraine, Korea, China, and Russia all propose national alternatives).
"Organisations can best navigate the ever-changing journey to quantum safety with the support of partners in encryption expertise. For example, Arqit and its partners Ampliphae developed their Encryption Intelligence product which helps with the first steps in NCSC advice: carrying out a full cryptographic discovery and building an initial plan for migration. This can identify all uses of the major cryptographic protocols on your network, and highlight those that will be quantum-vulnerable.
"From there it can be determined whether the issue can be corrected by a quick fix such as a change of configuration on a VPN or a browser, or whether service providers you use will need to upgrade their offer. Overall, this can help you identify the most challenging migration problems — those in embedded systems or with necessary legacy requirements — that will require the longest path to safety and offer options to how it might be achieved."
