Industry and government in Australia have only about five years left to fully replace all current cryptography algorithms as they are being used in common deployments today.
In its Guidelines for Cryptography, published on 12th December 2024, the Australian Cyber Security Centre (ACSC) has recommended the following cryptography algorithms not to be approved for use beyond 2030:
This change is triggered by advances in Quantum Computing, which put at risk most of the cryptography algorithms which have been deemed to be robust against brute force attacks from Conventional Computing. As highlighted during presentations hosted by OSS Group and IBM in July this year on quantum-safe encryption, new algorithms are needed which are robust against attacks from Quantum and Conventional Computing.
The ACSC, Australia’s lead agency on cyber security, is the equivalent to New Zealand’s National Cyber Security Centre (NCSC). While each country sets its own standards and determines its own pace, the decision is likely to be relevant to New Zealand because of our strong economic Trans-Tasman ties in the banking and insurance sectors.
New Zealand's banking sector is dominated by four big banks - ANZ, ASB, Bank of New Zealand (BNZ) and Westpac, all of which are Australian-owned. In the New Zealand insurance industry, Australian based Suncorp owns most of AA Insurance, Vero Insurance, and Asteron Life. State and AMI Insurance are brands of Australian giant IAG, along with NZI.
The ACSC, in its decision, follows in the footsteps of NIST, the US standards institute, which has previously assigned the same standards as deprecated for 2030 and scheduled their removal for 2035. Australia is progressing much more aggressively in its approach, however, considering the recent advances in Quantum Computing, this may well be warranted.
Migrating away from these encryption technologies within five years will not be easy. For example, every single Web connection currently uses ECDH and RSA/ECDSA. These methods are also used for many other parts of secure communications infrastructure, such as VPN connections, banking and other financial services, secure email and digitally signed documents.
Some of the algorithms that are going to replace existing technologies are now certified for post-quantum cryptography, and have been published by NIST in August 2024:
Get in touch with our team to learn more about Quantum-safe encryption for your business!