RFAs: Security Evaluations of Post-Quantum Cryptography Primitives

Scope

• The intrinsic security of PQC algorithms is based on mathematical problems that are believed to be intractable for both classical and quantum computers. To assess the quantum security of post-quantum primitives is fundamental in order to boost their confidence on post-quantum cryptosystems. The development of quantum algorithms demonstrating a significant quantum speed-up would represent a major breakthrough, necessitating a reassessment of the security of cryptosystems (lattice-based, code-based, and others). Conversely, if no significant quantum speed-up is discovered, it would bolster their confidence in the security of these post-quantum cryptosystems, though some parameters may still require fine-tuning. Moreover, up to now existing quantum attackers have been analyzed mostly in a theoretical way. However, their application to nowadays cryptosystems fail due to a lack of efficient implementations and hardware. Studies are also needed on AI-based approaches that may be used to attack certain schemes with certain implementation choices, and the discovery of eventual vulnerabilities can help the research community develop more robust post-quantum cryptosystems.
• Proposals on the assessment of the security of post-quantum primitives, via studies focused on eventual quantum algorithms with demonstrable speed-up, eventually also in combination with AI, or on solely AI-based approaches, are welcome. The security of lattice and code-based PQC algorithms may be prioritized, but tackling other mathematical problem classes is not excluded. As the unprecedented computational power of quantum computing can greatly enhance AI capabilities, combination of different approaches may also be considered. Consortia with team of applicants with background in post-quantum cryptography and in quantum computing are particularly encouraged. Projects should lead to identification of vulnerabilities of current post-quantum cryptographic building blocks and to practical recommendations for parameters for the design of post-quantum cryptosystems with improved security against quantum attacks and future advances in code-breaking and AI.

Funding Information

• Budget (EUR) – Year 2025: 4 000 000
• Contributions: 2000000 to 3000000

Expected Impacts

• Support the EU’s technological capabilities by investing in cybersecurity research and innovation to further strengthen its leadership, strategic autonomy, digital sovereignty and resilience;
• Help protect its infrastructures and improve its ability to prevent, protect against, respond to, resist, mitigate, absorb, accommodate and recover from cyber and hybrid incidents, especially given the current context of geopolitical change;
• Support European competitiveness in cybersecurity and European strategic autonomy, by protecting EU products and digital supply chains, as well as critical EU services and infrastructures (both physical and digital) to ensure their robustness and continuity in the face of severe disruptions;
• Encourage the development of the European Cybersecurity Competence Community;
• Particular attention will be given to SMEs, who play a crucial role in the cybersecurity ecosystem and in overall EU digital single market competitiveness, by promoting security and privacy ‘by design’ in existing and emerging technologies.

Expected Outcomes

• Projects’ results are expected to contribute to some or all of the following outcomes:
  • Breakthroughs in understanding the quantum hardness of various mathematical problem classes that underpin the security of current and future post-quantum cryptosystems;
  • New quantum algorithms with significant quantum speed-up for lattice-based, code-based, and potentially other mathematical problem-classes;
  • Improved implementation of quantum algorithms using high-level quantum programming languages to solve mathematical problems forming the core of cryptosystems;
  • Establishment of environments testing the robustness of cryptosystems regarding quantum attackers;
  • AI-based approaches to help discovering vulnerabilities of lattice-based or other mathematical problem-classes;
  • Cryptanalysis results;
  • Parameter suggestions to create a robust set of cryptographic building blocks for post-quantum cybersecurity and design of post-quantum cryptosystems with improved security against quantum or AI-based attacks.

Eligibility Criteria

• Entities eligible to participate:
  • Any legal entity, regardless of its place of establishment, including legal entities from nonassociated third countries or international organisations (including international European research organisations) is eligible to participate (whether it is eligible for funding or not), provided that the conditions laid down in the Horizon Europe Regulation have been met, along with any other conditions laid down in the specific call/topic.
  • A ‘legal entity’ means any natural or legal person created and recognised as such under national law, EU law or international law, which has legal personality and which may, acting in its own name, exercise rights and be subject to obligations, or an entity without legal personality.
• To become a beneficiary, legal entities must be eligible for funding.
• To be eligible for funding, applicants must be established in one of the following countries:
  • the Member States of the European Union, including their outermost regions:
    • Austria, Belgium, Bulgaria, Croatia, Cyprus, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden.
  • the Overseas Countries and Territories (OCTs) linked to the Member States:
    • Aruba (NL), Bonaire (NL), Curação (NL), French Polynesia (FR), French Southern and Antarctic Territories (FR), Greenland (DK), New Caledonia (FR), Saba (NL), Saint Barthélemy (FR), Sint Eustatius (NL), Sint Maarten (NL), St. Pierre and Miquelon (FR), Wallis and Futuna Islands (FR).
  • countries associated to Horizon Europe;
    • Albania, Armenia, Bosnia and Herzegovina, Canada, Faroe Islands, Georgia, Iceland, Israel, Kosovo, Moldova, Montenegro, New Zealand, North Macedonia, Norway, Serbia, Tunisia, Türkiye, Ukraine, United Kingdom.

For more information, visit EC.