ETSI ISG QSC: Quantum Safe Cryptography Specifications
- Issuer
- European Telecommunications Standards Institute(ETSI)
- Effective date
- Dec 1, 2020
- Published date
- Dec 1, 2020
- Full text
- View full text →
Summary
ETSI's Industry Specification Group on Quantum Safe Cryptography (ISG QSC) produces technical specifications and migration guidance for deploying post-quantum cryptography in real protocols. Key publications include ETSI TS 103 744 defining quantum-safe hybrid key exchanges that combine classical and PQC algorithms for TLS and other protocols, and ETSI TR 103 619 covering migration strategies. ETSI's work is complementary to NIST standards and directly informs EU and international deployment guidance.
PKI impact
ETSI ISG QSC specifications define the hybrid key exchange and signature profiles used in TLS/SSL and e-signature standards across EU and international deployments. Protocol-level changes to how PQC is embedded in TLS and X.509 certificates directly affect every PKI-dependent service operator who needs interoperability with ETSI-compliant systems.
Migration hints
- Review ETSI TS 103 744 hybrid key exchange profiles to understand how ML-KEM is combined with ECDH in TLS/SSL sessions — this affects server certificate profile requirements for authentication.
- Monitor ETSI updates to EN 319 132 (XAdES) and related e-signature standards for hybrid PQC signature profiles that will affect qualified electronic signature infrastructure.
- Verify that TLS library versions in your stack (OpenSSL, BoringSSL, etc.) support IETF and ETSI hybrid KEM profiles before planning certificate migrations.
- For eIDAS-regulated organizations, track ETSI-defined PQC profiles for qualified certificates — these will eventually become mandatory as eIDAS 2.0 implementation matures.
Trust chain considerations
- ETSI's hybrid signature profiles for qualified e-signatures may require CA infrastructure to issue dual-algorithm certificates (classical + PQC) during the transition period to maintain eIDAS compliance.
Milestones (1)
| Deadline | Label | Type | Hard | Notes |
|---|---|---|---|---|
| Dec 31, 2026 | Hybrid PQC profiles incorporated into ETSI e-signature standards | Crypto Agility | ETSI is updating EN 319 132 (XAdES) and related electronic signature standards to support hybrid PQC schemes. |
Algorithm references (3)
- ML-KEMFIPS 203Recommended
Replaces: RSA, ECDH
ETSI TS 103 744 defines hybrid key exchange schemes incorporating ML-KEM combined with classical KEMs for TLS and other protocol contexts.
- ML-DSAFIPS 204Recommended
Replaces: RSA, ECDSA
ETSI recommends ML-DSA for post-quantum digital signatures in hybrid schemes during the transition period.
- HQCNoted
Replaces: RSA, ECDH
HQC noted by ETSI as a code-based alternative KEM offering algorithmic diversity alongside lattice-based schemes.
Changelog (3)
| Date | Type | Description |
|---|---|---|
| Jun 1, 2025 | Amendment | ETSI ISG QSC updated specifications to include FN-DSA (FIPS 206) in hybrid signature scheme profiles and published revised ETSI TR 103 619 migration guidance. |
| Sep 1, 2024 | Clarification | ETSI ISG QSC updated specifications to align with finalized NIST FIPS 203, 204, and 205, incorporating ML-KEM and ML-DSA into hybrid scheme profiles. |
| Dec 1, 2020 | New | ETSI TS 103 744 published, defining quantum-safe hybrid key exchange schemes combining classical and post-quantum algorithms. |
Issuer
European Telecommunications Standards InstituteETSI
Type: STANDARDS BODY
Region: Global