CFPs: Integration of Post-Quantum Cryptography Algorithms into High-Level Protocols

Scope

• The transition to post-quantum cryptography requires changing the uses of most currently deployed public-key cryptography (RSA and ECC). Research and development efforts are providing signature systems and key-exchange mechanisms that are generally accepted to withstand attacks using classical and quantum computers. Efforts are on the way to include these in core Internet protocols such as Transport Layer Security (TLS). While this is an important development, many more protocols need to be modified to be quantum-ready and to ensure backward compatibility with legacy systems. Various application areas, such as Internet of Things, cloud-based applications, and automotive, place constraints on bandwidth or processing time which may prompt different choices than those employed for TLS. Currently used high-level protocols may have components that are specific to Elliptic Curve Cryptography (ECC) or to Rivest-Shamir-Adleman (RSA) or may require additional building blocks next to or in place of signatures and key-exchange mechanisms. While applications that provide authenticity are less urgent to migrate than those for confidentiality, those using embedded hardware such as secure elements, Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA) using hardware tokens and others have a very slow turnover and need to be replaced by the time large quantum computers exist, thus requiring migrating the design in the near future.
• Activities should target one or multiple relevant high-level protocols and produce their post-quantum versions. Typically, this can be achieved through combining current and post-quantum solutions for backward compatibility. Atypical solutions with equivalent security are also welcome. Consortia composed by actors of different nature, such as, for example, research institutions, relevant public entities, and industry to ensure that PQC solutions meet real-world security demands and are robustly tested across various applications are also welcome.

Funding Information

• Budget (EUR) – Year 2025: 6 000 000
• Contributions: 2000000 to 3000000

Expected Impacts

• Support the EU’s technological capabilities by investing in cybersecurity research and innovation to further strengthen its leadership, strategic autonomy, digital sovereignty and resilience;
• Help protect its infrastructures and improve its ability to prevent, protect against, respond to, resist, mitigate, absorb, accommodate and recover from cyber and hybrid incidents, especially given the current context of geopolitical change;
• Support European competitiveness in cybersecurity and European strategic autonomy, by protecting EU products and digital supply chains, as well as critical EU services and infrastructures (both physical and digital) to ensure their robustness and continuity in the face of severe disruptions;
• Encourage the development of the European Cybersecurity Competence Community;
• Particular attention will be given to SMEs, who play a crucial role in the cybersecurity ecosystem and in overall EU digital single market competitiveness, by promoting security and privacy ‘by design’ in existing and emerging technologies.

Expected Outcomes

• Proposals are expected to contribute to some or all of the following outcomes:
  • Design and implementations of at least one high-level post-quantum cryptography protocol along with a security analysis demonstrating that no security is lost compared to the used building blocks/lower-level protocols (KEMs, signatures, AEAD,…);
  • Submission of these high-level protocols integrating PQC to standardization bodies and/or submission of the specification and implementation to the respective open source projects;
  • Requirements analysis highlighting roadblocks and needs for development of PQC solutions for missing building blocks for migrating high-level protocols to PQC.

Eligibility Criteria

• Entities eligible to participate:
  • Any legal entity, regardless of its place of establishment, including legal entities from nonassociated third countries or international organisations (including international European research organisations) is eligible to participate (whether it is eligible for funding or not), provided that the conditions laid down in the Horizon Europe Regulation have been met, along with any other conditions laid down in the specific call/topic.
  • A ‘legal entity’ means any natural or legal person created and recognised as such under national law, EU law or international law, which has legal personality and which may, acting in its own name, exercise rights and be subject to obligations, or an entity without legal personality.
• To become a beneficiary, legal entities must be eligible for funding.
• To be eligible for funding, applicants must be established in one of the following countries:
  • the Member States of the European Union, including their outermost regions:
    • Austria, Belgium, Bulgaria, Croatia, Cyprus, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden.
  • the Overseas Countries and Territories (OCTs) linked to the Member States:
    • Aruba (NL), Bonaire (NL), Curação (NL), French Polynesia (FR), French Southern and Antarctic Territories (FR), Greenland (DK), New Caledonia (FR), Saba (NL), Saint Barthélemy (FR), Sint Eustatius (NL), Sint Maarten (NL), St. Pierre and Miquelon (FR), Wallis and Futuna Islands (FR).
  • countries associated to Horizon Europe;
    • Albania, Armenia, Bosnia and Herzegovina, Canada, Faroe Islands, Georgia, Iceland, Israel, Kosovo, Moldova, Montenegro, New Zealand, North Macedonia, Norway, Serbia, Tunisia, Türkiye, Ukraine, United Kingdom.

For more information, visit EC.