Closed

Transition towards Quantum-Resistant Cryptography

HORIZON Innovation Actions

Basic Information

Identifier
HORIZON-CL3-2022-CS-01-03
Programme
Increased cybersecurity 2022
Programme Period
2021 - 2027
Status
Closed (31094503)
Opening Date
June 30, 2022
Deadline
November 16, 2022
Deadline Model
single-stage
Budget
€17,300,000
Keywords
Internet of Things, embedded/pervasive systemsPost-quantum cryptographyDigital AgendaArtificial IntelligenceCryptology (Cryptography and Cryptanalysis) Measurement and assessment of security levels.Quantum resistant cryptographic primitiveshigh-speed field-programmable gate arrayinteger factorizationquantum-resistant infrastructuresmart cardlarge-scale quantum attackside channel attack

Description

ExpectedOutcome:

Projects are expected to contribute to at least three of the following expected outcomes:

  • Measuring, assessing and standardizing/certifying future-proof cryptography
  • Addressing gaps between the theoretical possibilities offered by quantum resistant cryptography and its practical implementations
  • Quantum resistant cryptographic primitives and protocols encompassed in security solutions
  • Solutions and methods that could be used to migrate from current cryptography towards future-proof cryptography
  • Preparedness for secure information exchange and processing in the advent of large-scale quantum attacks

The proposal should provide appropriate indicators to measure its progress and specific impact.

Scope:

During the next decades the European Union should seize the opportunities that quantum technologies will bring. However, quantum technologies will also pose a significant risk to the security of our society. The advent of large-scale quantum computers will compromise much of modern cryptography, which is instrumental in ensuring cybersecurity and privacy of the digital transition. Any cryptographic primitive based on the integer factorization and/or the discrete logarithm problems will be vulnerable to large-scale quantum-powered attacks. The digital data/products/systems that derive their security ultimately from the abovementioned primitives will be compromised and must be upgraded -including their replacement when needed- to quantum-resistant cryptography. The massive scale of this foreseen upgrade shows that preparations are needed today in order to widely implement the relevant mitigations in the future. Many companies and governments cannot afford to have their protected communications/data decrypted in the future, even if that future is a few decades away. There is a need to advance in the transition to quantum-resistant cryptography.

Applicants should propose approaches to tackle the abovementioned challenges, with the goal to develop cryptographic systems that are secure against attacks using both quantum or/and classical computers. Proposals may also try to better understand the expected capabilities of quantum computers (e.g. novel relevant quantum algorithms) and to further assess their implications to cybersecurity.

The proposed actions responding to this topic should take stock of and build on the relevant outcomes from other research fields (such as mathematics, physics, electrical engineering) and actions (e.g. H2020 projects, NIST Post-Quantum Cryptography competition, efforts in ETSI), and are encouraged to plan engaging and cooperating with them to the extent possible. Participation of SMEs is encouraged.

Applicants should demonstrate innovative ways to design, build, and deploy the new quantum-resistant infrastructures (including relevant hardware, software and IT processes). This should include switching from nowadays infrastructures to the proposed new ones with practical migration paths, aiming to efficiently manage the total time needed and the total costs associated, while also paying attention to affordable energy consumption.

Applicants should look at the implementation of quantum-resistant algorithms on software as well as specific hardware, such as. resource constrained IoT devices, smart cards, high-speed field-programmable gate arrays.

Proposals should devise, develop and validate metrics, methodologies, conformity assessment tests and tools for assessing and quantifying the security and the privacy of the proposed systems and services. Furthermore, proposals should strive to encompass a thorough comprehensive security evaluation of the engineering and deploying of efficient and secure implementations of the proposed solutions. Due consideration should be given to countermeasures against side channel attacks.

Applicants should strive to use the most promising relevant cryptographic primitives as well as to adapt the used cryptographic protocols accordingly.

Proposals may analyse how to develop combined quantum-classical[1] cryptographic solutions in Europe, for those use cases where these hybrid solutions might bring gains to the overall security. To this end, the analysis should take into account relevant actions in quantum cryptography (e.g. H2020 OpenQKD project, EuroQCI).

Proposals should validate their concept by exercising and deploying pilot demonstrators in relevant use cases. The demonstrators should include exercises on executing different migration strategies for real use cases and applications that would allow their implementation in large-scale, complex systems. Lessons learned from the exercises should be transformed into practical, multidisciplinary guidelines that support entities to plan and execute their own migration, considering the technical, the economical and legal contexts.

For expanding the proposed work in terms of including additional quantum-resistant infrastructures, additional pilot sites, additional countries and users the actions may involve financial support to third parties in line with the conditions set out in Part B of the General Annexes. Each consortium will define the selection process of the third parties for which financial support will be granted (typically in the order of EUR 50 000 to 300 000 per party). Up to 20% of the EU funding requested by the proposal may be allocated to the purpose of financial support to third parties.

In this topic the integration of the gender dimension (sex and gender analysis) in research and innovation content is not a mandatory requirement.

Specific Topic Conditions:

Activities are expected to achieve TRL 6 by the end of the project – see General Annex B.

Cross-cutting Priorities:

Digital Agenda
Artificial Intelligence

[1]Here “classical” is used with the meaning of non-quantum. Hence “post-quantum cryptography” is considered as advanced classical cryptography.

View on EU Portal →

Destination & Scope

Europe is in the midst of a digital transformation. Digital technologies are profoundly changing our daily life, our way of working and doing business, and the way people travel, communicate and relate with each other. Digital communication, social media interaction, artificial intelligence, e-government, e-commerce and digital enterprises are steadily transforming our world. They are generating an ever-increasing amount of data, which, if pooled and used, can lead to a completely new means and levels of value creation. The more interconnected we are, however, the more we are vulnerable to cyber threats.

Digital disruption, notably caused by malicious cyber activities, not only threaten our economies but also our way of life, our freedoms and values, and even try to undermine the cohesion and functioning of our democracy in Europe.

Regardless of the economic, political or personal motivations behind the cyber threats, securing our future wellbeing, freedoms, democratic governance, and prosperity depend on improving our capacity to shield the EU from malicious attacks and to address digital security weaknesses in general. The digital transformation requires improving cybersecurity substantially, so as to ensure the protection of the increasing number of connected devices and the safe operation of network and information systems, including the ones used in power grids, drinking water supply and distribution services, vehicles and transport systems, hospitals and the overall health system, finances, public institutions, factories, and homes. Europe must build resilience to cyber-attacks and create effective cyber deterrence, while making sure that data protection and freedom of citizens are strengthened. These efforts should include considerations for particularly vulnerable organisations and citizens.

The technological tools of cybersecurity are strategic assets, as well as being key growth technologies for the future. It is in the EU's strategic interest to ensure that the EU retains and develops the essential capacities to secure its digital economy, society and democracy, to protect critical hardware and software and to provide key cybersecurity services.

Cybersecurity research and innovation activities will support a Europe fit for the digital age, enabling and supporting digital innovation while highly preserving privacy, security, safety and ethical standards. They will contribute to the implementation of the digital and privacy policy of the Union, in particular the NIS Directive[[Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (NIS Directive).]], the EU Cybersecurity Act[[Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act).]], the EU Cybersecurity Strategy[[Joint Communication to the European Parliament and the Council The EU's Cybersecurity Strategy for the Digital Decade JOIN/2020/18 final.]], the GDPR[[Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).]], and the future e-Privacy Regulation.

Research and innovation will build on the results of Horizon 2020 such as the pilot projects funded under SU-ICT-03-2018[[Establishing and operating a pilot for a Cybersecurity Competence Network to develop and implement a common Cybersecurity Research & Innovation Roadmap.]].and other relevant H2020 topics and cybersecurity activities (e.g. carried out by ENISA[[https://www.enisa.europa.eu/]] or relevant parts of work of the EIT Digital[[https://www.eitdigital.eu/]]). The activities will be aligned as relevant with the objectives of the Cybersecurity Competence Centre and Network of National Coordination Centres[[Regulation (EU) 2021/887 of the European Parliament and of the Council of 20 May 2021 establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres.]]. They will be complementary to actions under the Digital Europe Programme, Specific Objectives 3 and 4, which will strengthen EU cybersecurity capacity by support to deployment of cybersecurity infrastructures and tools across the EU, for public administrations, businesses, and individuals, and support digital skills including in cybersecurity. For example support is foreseen to specialised education programmes or modules in key capacity areas such as cybersecurity. Generally, cybersecurity is a horizontal challenge and is not be limited to Horizon Europe Cluster 3. In addition to the calls of the Horizon Europe of Cluster 3 - Civil Security for Society, other activities relevant for Cybersecurity will be supported in particular in the Work Programme part of Cluster 4 - Digital, Industry and Space.

Research and innovation results may feed into the operational work on preparedness and response in the Joint Cyber Unit[[Commission Recommendation (EU) 2021/1086 of 23 June 2021 on building a Joint Cyber Unit.]].

Expected impact:

Proposals for topics under this Destination should set out a credible pathway contributing to the following impact of the Strategic Plan 2021-2024: "Increased cybersecurity and a more secure online environment by developing and using effectively EU and Member States’ capabilities in digital technologies supporting protection of data and networks aspiring to technological sovereignty in this field, while respecting privacy and other fundamental rights; this should contribute to secure services, processes and products, as well as to robust digital infrastructures capable to resist and counter cyber-attacks and hybrid threats".

More specifically, proposals should contribute to the achievement of one or more of the following impacts:

  • Strengthened EU cybersecurity capacities and European Union sovereignty in digital technologies
  • More resilient digital infrastructures, systems and processes
  • Increased software, hardware and supply chain security
  • Secured disruptive technologies
  • Smart and quantifiable security assurance and certification shared across the EU
  • Reinforced awareness and a common cyber security management and culture

Eligibility & Conditions

General conditions

1. Admissibility conditions: described in Annex A and Annex E of the Horizon Europe Work Programme General Annexes

 

 

Proposal page limits and layout: described in Part B of the Application Form available in the Submission System

 

 

2. Eligible countries: described in Annex B of the Work Programme General Annexes

A number of non-EU/non-Associated Countries that are not automatically eligible for funding have made specific provisions for making funding available for their participants in Horizon Europe projects. See the information in the Horizon Europe Programme Guide.

 

3. Other eligibility conditions: described in Annex B of the Work Programme General Annexes

 

In order to achieve the expected outcomes, and safeguard the Union’s strategic assets, interests, autonomy, or security, namely cybersecurity in the field of Quantum-Resistant Cryptography, participation is limited to legal entities established in Member States and associated countries. Proposals including legal entities which are not established in these countries will be ineligible.

Some activities, resulting from this topic, may involve using classified background and/or producing of security sensitive results (EUCI and SEN). Please refer to the related provisions in section B Security — EU classified and sensitive information of the General Annexes.

 

4. Financial and operational capacity and exclusion: described in Annex C of the Work Programme General Annexes

 

 

5. Evaluation and award:

 

  • Award criteria, scoring and thresholds are described in Annex D of the Work Programme General Annexes
  • Submission and evaluation processes are described in Annex F of the Work Programme General Annexes and the Online Manual
  • Indicative timeline for evaluation and grant agreement: described in Annex F of the Work Programme General Annexes

 

6. Legal and financial set-up of the grants: described in Annex G of the Work Programme General Annexes

 

Beneficiaries may provide financial support to third parties in the form of grants. The maximum amount to be granted to each third party is EUR 300 000 to support the expected outcomes of the topic, for example measuring, assessing and standardizing/certifying future-proof cryptography.

Specific conditions

7. Specific conditions: described in the [specific topic of the Work Programme]

 

Documents

Call documents:

Standard application form (HE RIA, IA) — call-specific application form is available in the Submission System

Standard evaluation form (HE RIA, IA)  will be used with the necessary adaptations

HE General MGA v1.0 - MGA

 

 

Additional documents:

HE Main Work Programme 2021–2022 – 1. General Introduction

HE Main Work Programme 2021–2022 – 6. Civil Security for Society

HE Main Work Programme 2021–2022 – 13. General Annexes

 

HE Programme Guide

HE Programme and Rules for Participation Regulation 2021/695

HE Specific Programme Decision 2021/764

EU Financial Regulation

 

Rules for Legal Entity Validation, LEAR Appointment and Financial Capacity Assessment

EU Grants AGA — Annotated Model Grant Agreement

Funding & Tenders Portal Online Manual

Funding & Tenders Portal Terms and Conditions

Funding & Tenders Portal Privacy Statement

Support & Resources

Online Manual is your guide on the procedures from proposal submission to managing your grant.

Horizon Europe Programme Guide contains the detailed guidance to the structure, budget and political priorities of Horizon Europe.

Funding & Tenders Portal FAQ – find the answers to most frequently asked questions on submission of proposals, evaluation and grant management.

Research Enquiry Service – ask questions about any aspect of European research in general and the EU Research Framework Programmes in particular.

Enterprise Europe Network – contact your EEN national contact for advice to businesses with special focus on SMEs. The support includes guidance on the EU research funding.

IT Helpdesk – contact the Funding & Tenders Portal IT helpdesk for questions such as forgotten passwords, access rights and roles, technical aspects of submission of proposals, etc.

European IPR Helpdesk assists you on intellectual property issues.

CEN-CENELEC Research Helpdesk and ETSI Research Helpdesk –  the European Standards Organisations advise you how to tackle standardisation in your project proposal.  

The European Charter for Researchers and the Code of Conduct for their recruitment – consult the general principles and requirements specifying the roles, responsibilities and entitlements of researchers, employers and funders of researchers.

Partner Search Services help you find a partner organisation for your proposal.

 

Latest Updates

No updates available.

Transition towards Quantum-Resistant Cryptography | Grantalist