The transition to Post-Quantum Cryptography (PQC) is essential to safeguard against potential threats from advancing quantum computing technologies. This challenge is extensive and requires a coordinated effort over multiple years on a global scale.
The NCSC, as the UK’s primary technical authority for cyber security and cryptography, is committed to leading this initiative. We have released guidelines and timelines for a successful migration and established an assured consultancy scheme to aid businesses and industries in this transition. We recognize the importance of collaboration and actively partner with academia and industry to stay informed about the latest developments in cryptographic research and innovation, ensuring that they receive the necessary technical guidance for a successful shift.
The migration to PQC relies on established standards for algorithms, protocols, and systems. These international agreements are reached among experts from various sectors and help define operational guidelines or best practices. Such standards are crucial for organizations to create interoperable products and services.
One pivotal organization involved in this standards development is the Internet Engineering Task Force (IETF), which is tasked with designing and maintaining protocols essential for enhancing internet functionality. The protocols are documented as Request for Comments (RFCs).
In support of a cohesive and secure migration to PQC, the NCSC has been actively involved in creating PQC standards. In June 2025, the IETF introduced RFC 9794, which outlines ‘Terminology for Post-Quantum/Traditional Hybrid Schemes.’ This document provides foundational terminology for PQC standardization in protocols and was co-authored by the NCSC and Dr. Britta Hale from the Naval Postgraduate School. Uniform terminology in PQC is essential for clear communication in technical proposals, thereby reducing the risk of misunderstandings that could compromise security.
Since 2016, the National Institute of Standards and Technology (NIST) has initiated processes to standardize new cryptographic algorithms designed to withstand threats from cryptographically relevant quantum computers (CRQCs). This field of study is termed post-quantum cryptography (PQC). In August 2024, NIST published standards covering algorithms for key establishment and digital signatures, including ML-KEM, ML-DSA, and SLH-DSA. Concurrently, the NCSC released guidance on preparation for post-quantum cryptography.
The IETF is also working on standards for integrating these algorithms into internet protocols, as it oversees the design of critical security protocols, including TLS, SSH, and IPSec. Updates to these protocols are necessary to utilize PQC algorithms, ensuring their resilience against threats posed by CRQCs.
Each protocol within the IETF is developed in a distinct Working Group. Given the ambiguous nature of quantum computing threats and PQC, cross-cutting issues arise that impact numerous protocols. Therefore, the IETF has activated a new Working Group called ‘Post-Quantum Use In Protocols’ (PQUIP), which serves as a platform for guidance and discussion on applicable PQC issues across the IETF.
This Working Group, along with its outputs, plays a crucial role in enhancing the security of IETF protocols. The NCSC has acknowledged that a critical aspect of bolstering security and mitigating quantum threats involves establishing consistent terminology, particularly concerning the coexistence of Post-Quantum and Traditional algorithms, known as PQ/T hybrid schemes.
The inconsistent application of terminology poses a security risk by potentially leading to multiple terms for identical concepts or, more critically, discussions that conflate different concepts with varying security characteristics, which could undermine the security evaluations conducted during the standards development process.
To mitigate these risks, the NCSC published a first draft of a standard for Post Quantum/Traditional Hybrid Schemes terminology in July 2022. The standards within the IETF originate from Internet-Drafts and are refined through consensus, factoring in the insights of contributors both in-person and via mailing lists. The NCSC collaborated with various partners to identify appropriate terminology and concepts, incorporating expert analysis and feedback from numerous sources. The final standard was published as an RFC in June 2025, after achieving consensus from the academic and industry communities.
The RFC commences with fundamental principles, outlining definitions pertinent to cryptographic algorithms and progressing to cryptographic artifacts, protocols, and security properties, thereby providing valuable references for a variety of applications. As the migration to PQC is intricate, requiring engagement from stakeholders with varying levels of cryptographic literacy, clarity and consistency in language is essential. Establishing this framework will empower stakeholders to collaborate effectively, enabling them to assess and make informed decisions regarding their systems’ security.
While specific security considerations, migration timelines, and the advantages and disadvantages of using PQ/T hybrids are beyond the scope of this document, the RFC facilitates accurate descriptions for evaluating security and comparing schemes, laying the groundwork for future advancements.
Although some may prefer alternative terminology to that outlined in the RFC, the document recognizes and encapsulates these alternatives within the main definitions to maintain consistency in meaning during technical discussions.
The RFC is presently referred to by over 20 technical draft RFCs within the IETF, as well as in scholarly articles and guidance from other standards development organizations. It is evident that the NCSC’s RFC will enhance the security of subsequent technical proposals, extending its impact well into the future.
The NCSC has been engaged with the IETF for several years. RFC 9794 is the second RFC authored by the NCSC, following the publication of RFC 9424 on ‘Indicators of Compromise (IoCs) and Their Role in Attack Defense.’ Contributing our expertise in cyber security and cryptography is crucial to improving the overall security of the internet for UK citizens and organizations.
We encourage those interested in the future of PQC technology to get involved with the IETF and help shape the security standards for emerging technologies.
Michael P
Senior Internet Standards Researcher
Based on an article from ncsc.gov.uk: https://www.ncsc.gov.uk/blog-post/new-standard-for-post-quantum-terminology
