ETSI launches new standard for Quantum-Safe Hybrid Key Exchanges to secure future post-quantum encryption

"Today, ETSI announces the launch of its post-quantum security standard to guarantee the protection of critical data and communications in the future. The specification “Efficient Quantum-Safe Hybrid Key Exchanges with Hidden Access Policies” (ETSI TS 104 015) has been developed to enhance security mechanisms, ensuring that only authorized users with the correct permissions can access sensitive data to decrypt them.

The new ETSI specification defines a scheme for Key Encapsulation Mechanisms (KEMs) with Access Control (KEMAC), called Covercrypt, that ensure both pre-quantum and post-quantum security through hybridization. This means that encryption remains secure against both current threats and future quantum computing capabilities, offering a seamless transition to a more advanced cryptographic landscape. Namely, session keys will be locked based on user-attributes, kept anonymous and any user having attributes fulfilling the encapsulation policy will be able to retrieve the session keys, while those who are not authorized will not be able to. For instance, while an IT department can define who enters applications, the ETSI KEMAC standard helps to determine who can decrypt the data inside those applications through a specific access policy."