ETSI Publishes New Quantum-Safe Encryption Standards

New quantum-safe encryption standards have been published by the European Telecommunications Standards Institute (ETSI).

The specification defines a scheme for key encapsulation mechanisms with access control (KEMAC), called Covercrypt.

Key encapsulation mechanisms establish a shared secret key and transmit it to a receiver securely. This prevents anyone who doesn’t know the private key from recovering any information about the encapsulated secret keys.

Covercrypt builds on this principle by allowing data encryption based on certain user-attributes, which are kept anonymous.

Any user who has attributes which fulfil the encapsulation policy will be able to retrieve the session keys, while those who are not authorized will not be able to.

While an IT department can define who can enter applications, the ETSI KEMAC standard will help to determine who can decrypt the data inside those applications through a specific access policy.

The solution is designed to boost efficiency as well as data security. Covercrypt will take just hundreds of micro-seconds to encapsulate and decapsulate session keys.

It is also applicable to current threats and future quantum-based attacks, providing organizations with a transition to quantum-safe cryptography.

The hybrid encryption system can be easily integrated into existing commercial security products.

ETSI is a non-profit body, which supports the timely development, ratification and testing of globally applicable standards for IT systems. It is formally recognized by the European Union as a European Standards Organization (ESO).

Organizations Urged to Start Quantum Transition

The new ETSI specification follows the publication of other recent standards designed to assist organizations’ transition to quantum-safe cryptography.

In August 2024, the US National Institute of Standards & Technology (NIST) formalized the world’s first post-quantum cryptography standards. This document encompasses three quantum-safe algorithms, which include a key encapsulation mechanism and digital signatures.

In March 2025, the UK’s National Cyber Security Centre (NCSC) set out a roadmap for organizations to completely migrate their systems, services and products to post-quantum cryptography (PQC) by 2035.

These developments have come as we get closer to the date when powerful quantum computers become commercially available. These computers will be capable of breaking current encryption protocols, leaving data, connections and components used by all organizations exposed.

In February 2025, Microsoft unveiled the world’s first ever quantum chip, Majorana 1. This breakthrough offers a path to developing quantum computers that can scale to a million qubits in “years, not decades,” according to the tech giant.