SecAppDev 2025 lecture details
The quantum threat and post-quantum cryptography
Post-Quantum Cryptography (PQC) answers the threat posed by quantum computers. We cover the status of PQC standards and national agencies' and EU recommendations. We conclude with performance benchmarks and crypto agility challenges.
Download handoutsWednesday June 4th, 11:00 - 12:30
Room Lemaire
Abstract
Post-Quantum Cryptography (PQC) is a crucial response to the imminent threat posed by quantum computers to conventional cryptographic systems. Following an examination of quantum computing advancements, we discuss NIST's ongoing competition to establish PQC standards, presenting both the first stage winners and the current 4th round candidates. Additionally, we explore the current state of IETF standards and recommendations from national agencies and the EU. Our talk concludes with an overview of performance benchmarks and an exploration of the challenges surrounding cryptographic agility.
Key takeaway
2025 is a good year to start the 10-year post-quantum migration journey
Content level
Deep-dive
Target audience
Developers, architects
Prerequisites
None
Bart Preneel
Full professor, COSIC - University of Leuven
Expertise: Applied cryptography, privacy, cybersecurity policy
Related lectures
Verifiable Credentials: Concepts to Practice
Introductory lecture by Kristina Yasuda in room Lemaire
Monday June 2nd,
14:00 - 15:30
Also available as a recorded session on
Tuesday June 3rd,
11:00 - 12:30
A technical introduction to Verifiable Credentials, highlighting use cases, implementation lessons, interoperability profiles, and recent updates to the related specifications.
Key takeaway: Interoperability in the wallet model requires aligned choices across the stack that meet use case requirements in terms of UX, security, privacy, etc.
PKI and eIDAS
Introductory lecture by Bart Preneel in room Lemaire
Wednesday June 4th, 09:00 - 10:30
This talk covers PKI technologies, their role in web security, key failures and fixes (e.g., EV, pinning, transparency), and the impact of eIDAS 2.0 on EU PKI services and upcoming European Digital Identity Wallets.
Key takeaway: PKI is a core technology that are essential to secure large open systems; surprisingly, it is technically complex and presents governance challenges.
COED Technologies: what they can and can't do
Introductory lecture by Cyprien de Saint Guilhem in room Lemaire
Tuesday June 3rd, 11:00 - 12:30
MPC, FHE and ZKP are complementary COED technologies that provide different flavours of confidentiality and verifiability within different trust settings and threat models. Often, neither one of them is a miracle solution alone.
Key takeaway: Preserving data confidentiality during computation is a real-world possibility given the right choice and combination of COED tools.