As part of the Post-Quantum Telco Network Taskforce, GSMA – with contributions from members IBM, Vodafone and others – has published the Post Quantum Telco Network Impact Assessment: an in-depth analysis of the quantum security threats facing the telecommunications industry and a detailed, step by step list of potential solutions to prepare for these threats.

The report, which debuted ahead of GSMA’s annual Mobile World Congress in Barcelona, maps out a clear path for telco organizations to work across their ecosystems to protect data from cybercriminals acting today to tap into the potential power of future quantum computers. It includes:

* A telco-specific assessment of the business risk of quantum cyber threats, including four of the highest impact attack types: store now, decrypt later; code signing and digital signatures; rewriting history; and key management attacks.

* Discussion of standardisation for hardware and software changes, such as SIM cards, public key infrastructure, digital certificates and CPE devices.

* Specific approaches to quantum-safe algorithms and risk assessment frameworks, including code-based, lattice-based, hash-based, multivariate-based, and hybrid approaches.

* Timelines of several government plans that have been launched to implement quantum-safe encryption (Australia, Canada, China, France, Germany, Japan, New Zealand, Singapore, South Korea, the UK and the US).

* Examples of quantum-safe applications to several telco domains, including devices, 5G networks, SIMs, Operating systems, ERP, infrastructure and the cloud.

According to the report, it is widely considered that by 2032 there will be completion of a large fault-tolerant quantum computer capable of running crypto-analytic algorithms that could threaten current cryptographic approaches.

The advent of such technology requires immediate preparation, as some forms of attack may be retrospective (e.g. “store now, decrypt later”). Motivated bad actors may be harvesting and storing data now in order to decrypt it once certain quantum computing capabilities become available. As stated in the report, such actors may do this to “undermine the security of data with long-lived confidentiality needs, such as corporate IP, state secrets or individual bio-data.”