The French Nationwide Info Programs Safety Company (ANSSI) revealed on April 9 the French State’s cybersecurity roadmap for 2026-2027, which features a chapter devoted to the transition to post-quantum cryptography with particular deadlines for all ministries.
Based on the doc, data programs that course of labeled information should function with post-quantum cryptography earlier than the top of 2030and from that 12 months onwards solely encryption merchandise that incorporate this safety might be deployed.
The roadmap establishes three phases previous to that ultimate deadline:
- Earlier than the top of 2026every ministry might want to stock its sturdy and delicate information to determine which of them require precedence post-quantum safety.
- Earlier than the top of 2027should determine the affected technical parts, comparable to encryption and digital signature programs.
- And earlier than the top of 2030should full the deployment of post-quantum cryptography in all programs that course of labeled data.
Why is France appearing now?
The ANSSI doc cites two causes for appearing earlier than quantum {hardware} exists. The primary is the time required for a migration of that scale. Updating the cryptography of a State’s total infrastructure is a course of that, based on the doc, “should be anticipated and began now.”
The second is the danger often known as «harvest now, decrypt later» (retailer now, decrypt later): The follow whereby malicious actors seize encrypted information right now with the intention of decrypting it once they have enough quantum {hardware}. That threat exists no matter when Q-Day arrives.
With this roadmap, France joins establishments comparable to Google, which introduced that it’s concentrating on 2029 emigrate its personal infrastructure, and the US Nationwide Institute of Requirements and Know-how (NIST), which set post-quantum migration deadlines for 2030 and 2035, as reported by CriptoNoticias.
