Australia moves to drop some cryptography by 2030 – before quantum carves it up

Australia's chief cyber security agency has decided local orgs should stop using the tech that forms the current cryptographic foundation of the internet by the year 2030 – years before other nations plan to do so – over fears that advances in quantum computing could render it insecure.

The Land Down Under's plans emerged last week when the Australian Signals Directorate (ASD) published guidance for High Assurance Cryptographic Equipment (HACE) – devices that send and/or receive sensitive information – that calls for disallowing the cryptographic algorithms SHA-256, RSA, ECDSA and ECDH, among others, by the end of this decade.

Bill Buchanan, professor in the School of Computing at Edinburgh Napier University, wrote a blog post in which he expressed shock that the ASD aims to move so quickly.

"Basically, these four methods are used for virtually every web connection that we create, and where ECDH is used for the key exchange, ECDSA or RSA is used to authenticate the remote server, and SHA-256 is used for the integrity of the data sent," he wrote. "The removal of SHA-256 definitely goes against current recommendations."

The ASD's stated reason for disallowing these algorithms in HACE systems by 2030 is "projected technological advances in quantum computing."

Quantum computing has been deemed a sufficiently plausible threat to legacy encryption schemes that the US National Institute for Standards and Technology (NIST) in 2016 issued a call for quantum-resistant algorithms. The Institute's concern is that some future quantum machines may be able to crunch numbers so efficiently that current encryption – applied with the assumption that data protection will last decades – could be easily cracked.

• Heart surgery device maker's security bypassed, data encrypted and stolen
• Salt Typhoon forces FCC's hand on making telcos secure their networks
• Data broker leaves 600K+ sensitive files exposed online
• Now Online Safety Act is law, UK has 'priorities' – but still won't explain 'spy clause'

In August 2024, three post-quantum cryptographic algorithms – ML-KEM [PDF], ML-DSA [PDF], and SLH-DSA [PDF] – were approved by NIST in the hope they can keep encrypted data safe from anticipated code cracking capabilities.

Three months later, NIST published draft guidance for the "Transition to Post-Quantum Cryptography Standards" in a bid for public comment. The proposal deprecates certain standards by 2030 – among them the RSA algorithm – and disallows them by 2035.

As with the ASD, NIST's guidelines aim to mitigate the risk that cryptographic standards "could be vulnerable to an attack by a Cryptographically Relevant Quantum Computer (CRQC)" by 2035. That's according to US National Security Memorandum (NSM) 10.

The National Security Agency (NSA) issued similar guidance [PDF] in September, and also set 2035 as the transition date, per NSM 10.

Australia – as a member of the Five Eyes intelligence sharing alliance – aims to move more quickly than NIST (at least for HACE devices) by declaring that various legacy cryptographic algorithms "will not be approved for use beyond 2030."

Whether Aussie government agencies will be afforded the flexibility to upgrade their cryptography-dependent kit after the 2030 deadline remains to be seen. It may be that systems not deemed HACE could get a bit more wiggle room.

With regard to the algorithms used to hash data – particularly SHA-224 and SHA-256 – Buchanan expressed surprise that neither will be approved for use beyond 2030.

"The migration within five years will not be easy, as every single web connection currently uses ECDH and RSA/ECDSA," he wrote. "These methods are also used for many other parts of a secure infrastructure."

Looks like we could be in for interesting times. ®