Standardization Contributions

Introduction 

The transition to Post-Quantum Cryptography (PQC) is not only a technological challenge, but also a standardization challenge. Quantum-safe solutions will only be adopted at scale if they are interoperable, compatible with existing infrastructures, and aligned with the standards used by industry, network operators, software vendors, and open-source communities. 

For QUBIP, standardization plays a central role in ensuring that the project results do not remain as isolated prototypes but become usable building blocks for the broader post-quantum transition. This includes contributions to standardization bodies, industrial associations, and collaborating with open-source initiatives, with a particular focus on browsers, identity systems, telecom infrastructures, virtualized networks, embedded systems, and secure cloud-native environments. 

The QUBIP standardization strategy is based on three complementary pillars: 

1. Engagement with standardization bodies, where technical specifications, recommendations, and migration guidelines are defined. 
2. Interaction with industrial groups, which helps to identify real deployment requirements and build consensus before formal standardization. 
3. Contribution to open-source communities, where reference implementations can accelerate adoption and provide practical feedback to standardization activities. 

This approach is especially important for Quantum-safe transition, where the migration must preserve backward compatibility with existing systems while introducing new cryptographic primitives, hybrid mechanisms, crypto-agility, and quantum-safe protocol updates. 

Targeted Standardization Bodies 

ETSI 

The European Telecommunications Standards Institute (ETSI) is one of the most relevant standardization bodies for QUBIP, especially because of its strong position in telecommunications, cybersecurity, NFV, QKD, and network automation. 

Within ETSI, QUBIP follows several areas of interest. ETSI TC CYBER is relevant for quantum-safe cryptography, implementation guidance, performance considerations, and security architectures. ETSI ISG QKD is particularly important for interfaces and architectures related to Quantum Key Distribution, including specifications such as ETSI GS QKD 004 for application interfaces and other documents on SDN-based QKD control and orchestration. These standards support the network integration with PQC and QKD hybrid approaches. 

ETSI groups focused on network technologies are also natural targets for QUBIP results related to current telecom environments. Since modern telecom infrastructures increasingly depend on NFV, SDN, and cloud-native network functions, the introduction of PQC into these environments must be aligned with existing network virtualization concepts. In addition, ETSI ZSM offers opportunities related to zero-touch security, automated lifecycle management, and intent-based secure network operations. 

IETF and IRTF 

The Internet Engineering Task Force (IETF) and Internet Research Task Force (IRTF) focus on the evolution of Internet protocols. QUBIP follows and contributes to several groups working on PQC integration into existing protocol stacks. 

• The PQUIP working group is especially relevant due to its focus on the use of PQC in protocols and migration guidance. Its work on terminology and hybrid cryptography provides a common language for combining traditional and post-quantum mechanisms. 

• The LAMPS working group is relevant for PQC migration in PKI, X.509 certificates, S/MIME, and CMS. This is directly related to QUBIP activities around browsers, certificates, authentication, and secure identity. 

• The TLS working group is also highly relevant, since TLS is one of the most widely deployed security protocols. Hybrid post-quantum key exchange in TLS 1.3, ML-KEM-based groups, and PQC authentication mechanisms are all areas with direct impact on QUBIP’s browser and infrastructure scenarios. 

• The QIRG research group is focused on the architecture, protocols, and technical challenges required to build quantum networks and the Quantum Internet, including routing, resource management, interoperability, security, and APIs. 

• Other WGs from the security area also deal with the PQ transition mostly relying on the results of the WGs mentioned above. 

3GPP 

The 3rd-Generation Partnership Programme (3GPP) is essential for the telecommunications domain. In particular, SA3 is responsible for security and privacy in mobile networks and it is therefore a natural target for PQC migration in 5G and future 6G systems. 

QUBIP tracks the evolution of 3GPP security specifications, especially the identification of cryptographic assets exposed to quantum risk and the expected introduction of quantum-safe mechanisms in future releases. This is important for aligning QUBIP telecom pilots with the broader mobile ecosystem, including core network security and IP exchange scenarios. 

ITU-T 

The International Telecommunication Union – Telecommunication Standardization Sector (ITU-T) contributes to international recommendations for telecommunications and security. Study Group 17 is particularly relevant because of its work on quantum-based security and QKD network security. 

For QUBIP, ITU-T is relevant in areas such as quantum-safe key management, hybrid approaches combining QKD and PQC, and the secure operation of future telecom infrastructures. These topics are closely aligned with the project’s work on hybrid quantum/post-quantum environments. 

CEN/CENELEC and ISO 

The European Committee for Standardization (CEN) and the European Committee for Electrotechnical Standardization (CENELEC) provide a European standardization framework for quantum technologies, including terminology, roadmaps, and use cases. Their work is important for aligning QUBIP with broader European initiatives on quantum communications, quantum metrology, and quantum computing. 

The International Standards Organization (ISO) is also relevant, especially in relation to digital identity, digital wallets, and crypto-agility. Since digital wallets and identity frameworks will need to remain secure against quantum attackers, QUBIP’s work on PQC-enabled identity and verifiable credentials can provide valuable input to this area. 

W3C 

The World Wide Web Consortium (W3C) is relevant to QUBIP because of its work on decentralized identifiers and verifiable credentials. These technologies are central to self-sovereign identity and digital trust on the Web. 

The transition of decentralized identity systems to PQC requires new cryptographic suites, new signature mechanisms, and potentially hybrid approaches that combine traditional and post-quantum authentication. QUBIP can contribute practical experience from the implementation of PQ and hybrid verifiable credentials, helping the community to deal with quantum-safe migration for web identity standards. 

Industrial Groups 

In addition to formal standardization bodies, QUBIP also targets industrial associations that shape adoption strategies and practical requirements. 

The Global System Mobile Alliance (GSMA) is highly relevant for telecom operators. Its Post-Quantum Telco Network Taskforce addresses quantum risk management, telecom use cases, and PQC migration guidelines. QUBIP’s telecom pilots and network-security results can contribute practical insights to these discussions. 

The Trusted Computing Group (TCG) is relevant for trusted platforms, TPMs, DICE, and remote attestation. These technologies are important for verifying the integrity of devices and workloads before enabling sensitive post-quantum operations. 

The 6G Smart Networks and Services Industry Association (6G-IA) is another important forum, especially through its security, pre-standardization, and open SNS activities. QUBIP results can contribute to the discussion on how 6G networks should incorporate PQC, QKD, secure orchestration, and crypto-agility. 

Eurosmart and PSA Certified are also relevant for embedded systems, secure elements, IoT certification, and roots of trust. These areas are important because many constrained devices will need a realistic and certifiable path toward PQC migration. 

Open-Source Initiatives 

Open-source communities are a crucial part of the QUBIP standardization strategy. They allow the project to validate ideas, provide reference implementations, and accelerate adoption. 

OpenSSL and NSS are especially relevant for browser and TLS scenarios. QUBIP’s work on provider-based architectures and loadable modules can help integrate PQC algorithms into real-world cryptographic stacks without requiring disruptive changes to the core libraries. 

Mbed-TLS is important for embedded and constrained environments. Fedora Linux offers a platform for early PQC experimentation and distribution-level integration. Mozilla Firefox provides a real browsing environment for testing PQC-enabled security libraries. 

Activities and Contributions 

Up to now, QUBIP has carried out activities across multiple standardization and open-source communities. 

In ETSI, the project has participated in quantum-safe cryptography events and has contributed to discussions related to QKD monitoring, NFV, ZSM and security proof-of-concept activities across different working groups. The QUBIP consortium collaborated in quantum-safe cryptographic considerations for the upcoming network technologies, such as the contribution and consolidation of the ETSI GS QKD 023 “Quantum Key Distribution (QKD); Monitoring Interface and Data Model”. 

In GSMA, QUBIP partners have contributed to quantum risk management and PQC telecom guidelines, including work related to future scenarios such as non-terrestrial networks and IoT. 

In IETF and IRTF, QUBIP has participated in discussions on hybrid cryptography, X.509 migration, secure network paths, symmetric key exchange, capability modelling, and PQC experimentation through hackathons. We highlight the “Post-Quantum Cryptography (PQC) in X.509, Signatures, KEMs, and protocols” Hackathon ​[1]​ with activities on network design and PQC, covering the results from IETF 115 to IETF 125 in ​[2]​.  

In 3GPP, QUBIP has followed and supported work related to the future adoption of PQC in mobile network specifications. In ISO/IEC and W3C, the project has contributed to discussions on quantum preparedness, digital wallets, verifiable credentials, and PQ/T hybrid approaches. 

Open-source activities include work around OpenSSL, NSS, Fedora, and IOTA Identity. 

Conclusions 

Standardization is essential to the success of the post-quantum transition. Without interoperable standards, shared terminology, migration guidance, and open implementations, PQC adoption could become fragmented and difficult to deploy at scale. 

QUBIP addresses this challenge through a broad and practical standardization strategy. The project engages with ETSI, IETF, IRTF, 3GPP, ITU-T, CEN/CENELEC, ISO, W3C, ENISA, GSMA, TCG, 6G-IA, and relevant open-source communities. This ensures that its results are connected to the ecosystems where PQC migration will actually happen: browsers, identity systems, IoT devices, telecom infrastructures, cloud-native platforms, and virtualized networks. 

By combining contributions to standardization bodies, industrial groups, and open-source projects, QUBIP helps build the foundations for a secure, interoperable, and future-proof post-quantum transition. 

References 

[1]       IETF 118 Hackathon, “Post-Quantum Cryptography (PQC) in X.509, Signatures, KEMs, and protocols”, [Online]. Available: https://wiki.ietf.org/en/meeting/118/hackathon

[2]       IETF Hackathon repository, “PQC Certificates”, [Online]. Available: https://github.com/IETF-Hackathon/pqc-certificates