The transition to Post-Quantum Cryptography (PQC) is essential for safeguarding against the impending risks associated with advancements in quantum computing. This endeavor is a large-scale, multi-year project that requires widespread collaboration.
The National Cyber Security Centre (NCSC), serving as the UK’s primary technical authority in cyber security and cryptography, plays a pivotal role in this initiative. We have issued technical guidelines and migration timelines along with an assured consultancy program to facilitate businesses and industries in their transition. It is imperative to recognize that this task cannot be managed in isolation, and we actively collaborate with the academic and industrial sectors to gauge the latest innovations in cryptographic research and devise necessary technical guidance that ensures a seamless transition.
A vital element of successful PQC migration is the establishment of standards governing algorithms, protocols, and systems. These internationally recognized standards, formulated by a consortium of experts from governmental, academic, and industrial backgrounds, are foundational in outlining operational frameworks and best practices, thus enabling organizations to develop interoperable solutions and products.
The Internet Engineering Task Force (IETF) is a chief organization in this standards development initiative, tasked with the creation and maintenance of protocols that enhance internet functionality. These protocols are detailed in documents known as RFCs.
To bolster global efforts for a secure and effective PQC transition, the NCSC has engaged robustly in the evolution of PQC standards. For instance, in June 2025, the IETF released RFC 9794, which outlines ‘Terminology for Post-Quantum/Traditional Hybrid Schemes’. This document establishes foundational language for standardizing PQC in protocols and was composed by the NCSC in collaboration with Dr. Britta Hale from the Naval Postgraduate School. Uniform terminology across PQC is crucial for maintaining clarity in technical discourse and mitigating potential security risks stemming from misunderstandings.
Since 2016, the National Institute of Standards and Technology (NIST) has been engaged in the standardization of novel cryptographic algorithms rooted in diverse mathematical problems, specifically designed to withstand threats posed by cryptographically-relevant quantum computers (CRQC). This area of study is referred to as post-quantum cryptography (PQC). In August 2024, NIST released standard algorithms for key establishment and digital signatures, including ML-KEM, ML-DSA, and SLH-DSA, while simultaneously progressing with alternative algorithm development. Around the same time, the NCSC provided guidance on Next steps in preparing for post-quantum cryptography.
In tandem with these efforts, the IETF is also developing standards to integrate these algorithms within internet protocols. They are accountable for crafting essential security protocols, such as TLS, SSH, and IPSec, which require updates to incorporate PQC algorithms to safeguard against potential CRQC threats.
Within the IETF’s structure, each protocol progresses through a dedicated Working Group. However, the advent of quantum computing and the introduction of PQC present numerous interrelated challenges pertinent to various protocols. To address this, the IETF has initiated a new Working Group titled ‘Post-Quantum Use In Protocols’ (PQUIP), serving as a forum for discussing and guiding PQC applications across the IETF.
This Working Group and its publications are integral in fortifying the security of IETF protocols. Recognizing a critical aspect of enhancing security and countering quantum threats, the NCSC underscored the importance of establishing a uniform terminology for IETF standards, specifically regarding the combined usage of Post Quantum and Traditional algorithms, referred to as PQ/T hybrid schemes.
Inconsistent terminology poses significant security risks, potentially leading to multiple terms describing identical concepts or, more dangerously, discussions about differing concepts that share terminology but possess distinct security attributes, compromising the integrity of the security analyses conducted throughout the standards development process.
To confront this challenge, the NCSC published a first draft of an RFC in July 2022 to delineate terminology for Post Quantum/Traditional (or PQ/T) Hybrid Schemes. Standards within the IETF commence with an Internet-Draft and develop through consensus, incorporating insights from experts who engage collaboratively both in-person and via mailing lists. The NCSC has collaborated with a diverse array of partners to refine the appropriate terminology and concepts, synthesizing expert feedback from various sources. Ultimately, in June 2025, after reaching a consensus among academics and industry professionals, the new standard was ratified as an RFC.
The RFC is structured starting from foundational principles, outlining definitions related to cryptographic algorithms, and progressively expanding to encompass cryptographic artifacts, protocols, and security properties, thereby serving as a vital reference for a myriad of use cases. The complexity of migrating to PQC necessitates involvement from a variety of stakeholders, each equipped with differing levels of cryptographic proficiency; thus, clarity and consistency in terminology is paramount. Establishing this groundwork will empower stakeholders to collaborate effectively in evaluating options and making informed decisions concerning the security of their systems.
This document does not encompass general guidance on specific security considerations, migration timelines, and the pros and cons of employing PQ/T hybrids, alongside protocol-specific considerations. Nevertheless, the RFC equips stakeholders with the necessary terminology to accurately articulate their security evaluations and comparisons of schemes, laying the foundation for future endeavors.
While some individuals may prefer alternate terms to those proposed in the RFC, the document recognizes these alternatives and integrates them within the principal definitions to guarantee consistent meaning during technical dialogues.
Currently, the RFC is cited by over 20 technical draft RFCs within the IETF and is referenced in academic publications as well as guidance from other standards development organizations. It is therefore evident that the NCSC’s RFC will significantly enhance the security of technical proposals, which will be relied upon far into the future.
The NCSC has participated in the IETF for several years, with RFC 9794 being the second document authored by the NCSC, subsequent to the release of RFC 9424 (‘Indicators of Compromise (IoCs) and Their Role in Attack Defense’). Contributing our cybersecurity and cryptographic expertise bolsters the security of the internet for UK citizens and organizations who utilize it.
We encourage others interested in the future of PQC technology to engage with the IETF and contribute to the evolving landscape of security standards in emerging technologies.
Michael P
Senior Internet Standards Researcher
Based on an article from ncsc.gov.uk: https://www.ncsc.gov.uk/blog-post/new-standard-for-post-quantum-terminology
