Security of implementations of Post-Quantum Cryptography algorithms

The Horizon Europe funding opportunity focuses on enhancing the security of Post-Quantum Cryptography (PQC) algorithms and is structured as a single-stage open call. The eligible applicants include research institutes, universities, small and medium-sized enterprises, large enterprises, and cybersecurity practitioners from EU Member States, Associated Countries, and OECD countries. The initiative is set within the context of the HORIZON Research and Innovation Actions framework, specifically categorized under HORIZON-RIA.

The total funding for the call is €40 million allocated for 2025, with an expectation to support between three to five projects, suggesting an average funding range of approximately €1 million to €5 million per project. The application timeline opens on June 12, 2025, and closes on November 12, 2025.

Projects must be collaborative, involving multidisciplinary teams that include security practitioners, researchers, and industry partners. This consortium model aims to ensure practical relevance to security applications in areas such as law enforcement and critical infrastructure. Potential projects are expected to focus on the development, validation, and implementation of secure PQC algorithms, addressing various attacks, including side-channel and fault attacks.

The nature of the funding is a lump-sum grant, with no co-funding requirements indicated for RIA topics. While the success rates are not specifically mentioned, Horizon Europe's typical rates range from 10% to 39%, implying a competitive environment.

The focus of the projects should align with the strategic priorities of the European Cybersecurity Strategy, emphasizing the need for advanced security measures in the face of emerging quantum threats. By promoting research and innovation, the call aims to facilitate the transition to secure implementations of PQC and foster the integrity, authentication, and availability of digital communications against evolving cyber threats.

Eligible Applicant Types: The eligible applicant types are legal entities established in Member States, Associated Countries, and OECD countries. Entities established in an eligible country but directly or indirectly controlled by a non-eligible country or entity are not eligible.

Funding Type: The funding type is a grant, specifically HORIZON Research and Innovation Actions (HORIZON-RIA) and HORIZON Innovation Actions (HORIZON-IA) with eligible costs taking the form of a lump sum.

Consortium Requirement: The information does not explicitly state whether a consortium is required, but the partner search announcements suggest that collaborative projects are encouraged, implying that a consortium is possible and perhaps preferred.

Beneficiary Scope (Geographic Eligibility): The geographic eligibility includes legal entities established in EU Member States, Associated Countries, and OECD countries.

Target Sector: The target sector is digital, industry, and space, specifically focusing on cybersecurity and the security of Post-Quantum Cryptography (PQC) algorithms. It also touches on IoT, cloud-based applications, and automotive industries.

Mentioned Countries: The opportunity mentions EU Member States, Associated Countries, and OECD countries as eligible regions. It also indirectly mentions non-EU/non-Associated Countries by stating that some have specific provisions for funding participants in Horizon Europe projects.

Project Stage: The project stage appears to be focused on research, development, and innovation, with an emphasis on designing and implementing solutions, testing methodologies, and frameworks. This suggests a focus on development, validation, and demonstration stages.

Funding Amount: The funding amounts vary depending on the specific topic:
HORIZON-CL3-2025-02-CS-ECCC-01: EUR 12,000,000 to EUR 14,000,000
HORIZON-CL3-2025-02-CS-ECCC-02: EUR 4,500,000 to EUR 6,000,000
HORIZON-CL3-2025-02-CS-ECCC-03: EUR 3,000,000 to EUR 4,000,000
HORIZON-CL3-2025-02-CS-ECCC-04: EUR 2,000,000 to EUR 3,000,000
HORIZON-CL3-2025-02-CS-ECCC-05: EUR 2,000,000 to EUR 3,000,000
HORIZON-CL3-2025-02-CS-ECCC-06: EUR 2,000,000 to EUR 3,000,000

Application Type: The application type is an open call with a single-stage submission process.

Nature of Support: The beneficiaries will receive money in the form of a lump sum grant.

Application Stages: The application process is a single-stage process.

Success Rates: The success rates are not explicitly mentioned, but the indicative number of grants for each topic provides some insight into the potential competition. For example, HORIZON-CL3-2025-02-CS-ECCC-01 indicates 3 grants, while others indicate 2 or 4.

Co-funding Requirement: The information does not explicitly state whether co-funding is required.

This Horizon Europe call, managed indirectly by the ECCC, focuses on bolstering the security of Post-Quantum Cryptography (PQC) algorithms. The call aims to fund projects that can design and implement PQC algorithms resistant to various implementation attacks, including side-channel and fault attacks, which are increasingly sophisticated due to advancements in AI and deep learning. The projects should optimize countermeasures, analyze new attack vectors, and develop automated security evaluation methodologies. The ultimate goal is to ensure the confidentiality, integrity, authenticity, and availability of digital information in the face of evolving cyber threats, particularly in critical sectors like IoT, cloud computing, and automotive. Eligible applicants include legal entities from EU Member States, Associated Countries, and OECD countries, with funding provided as lump sum grants. The call encourages collaborative projects and provides resources for partner searches. The submission process is single-stage, with a deadline in November 2025. The call is structured around several specific topics, each with its own budget and indicative number of grants, spanning from research and innovation actions to innovation actions.

This is a Horizon Europe (HORIZON) call for proposals, specifically an Indirectly Managed Action by the ECCC (European Cybersecurity Competence Centre), focusing on the security of implementations of Post-Quantum Cryptography (PQC) algorithms. The call falls under the HORIZON-CL3-2025-01-IM-01 umbrella. The type of action is HORIZON-RIA, which stands for HORIZON Research and Innovation Actions. The Model Grant Agreement (MGA) type is HORIZON Lump Sum Grant [HORIZON-AG-LS]. The deadline model is single-stage. The planned opening date for submissions is June 12, 2025, and the deadline for submissions is November 12, 2025, at 17:00:00 Brussels time.

The expected outcomes of the projects funded under this call include: Design and implementations of Post-Quantum Cryptography (PQC) algorithms that are resistant to side-channel and fault attacks. Optimized countermeasures taking into account a balanced trade-off between security, performance, and costs. Recommendations on implementing countermeasures for a broad range of attacks, also identifying the available and necessary hardware. Analysis of new attacks or combinations of attacks, also eventually enhanced by AI, applicable to real-world conditions. Design of automated security evaluations for PQC implementations.

The scope of the call addresses the vital need for secure implementations of PQC algorithms to maintain confidentiality, integrity, authenticity, and availability of digital information and communications. It recognizes the threats posed by implementation attacks, such as side-channel attacks, fault attacks, and their combinations, potentially enhanced by deep learning, on both embedded and regular software and hardware implementations. The call acknowledges that current countermeasures can lead to substantial resource overhead and unclear security in various application areas like IoT, cloud-based applications, and automotive. It emphasizes the increasing concern among customers regarding the resistance of PQC implementations to implementation attacks and the balance between security and performance. The call encourages proposals that develop solutions to protect against implementation attacks at reasonable costs, minimize performance loss, and maintain required security. It also supports the analysis of new attacks or combinations of attacks, powered by AI, for security-by-design approaches in PQC systems. Furthermore, it encourages activities that lead to the development of testing methodologies and frameworks for automated security evaluations for correctness and resistance to remote side-channel attacks and a broad range of implementation attacks.

The general conditions for this call include: Admissibility Conditions, which cover proposal page limits and layout as described in Annex A and Annex E of the Horizon Europe Work Programme General Annexes and Part B of the Application Form. Eligible Countries, as described in Annex B of the Work Programme General Annexes, with specific provisions for non-EU/non-Associated Countries outlined in the Horizon Europe Programme Guide. Other Eligible Conditions, limiting participation to legal entities established in Member States, Associated Countries, and OECD countries to safeguard the Union's strategic assets, interests, autonomy, and security. It also excludes entities controlled by non-eligible countries. Financial and operational capacity and exclusion criteria are described in Annex C of the Work Programme General Annexes. Evaluation and award criteria, scoring, and thresholds are detailed in Annex D of the Work Programme General Annexes. Submission and evaluation processes are described in Annex F of the Work Programme General Annexes and the Online Manual. The indicative timeline for evaluation and grant agreement is described in Annex F of the Work Programme General Annexes. Legal and financial setup of the grants, where eligible costs will take the form of a lump sum as defined in the Decision of 7 July 2021.

Specific conditions are described in the specific topic of the Work Programme. Application and evaluation forms and model grant agreement (MGA) templates are available in the Submission System. A list of standard application forms and evaluation forms is provided for various Horizon Europe actions. Guidance documents include the HE Programme Guide, Model Grant Agreements (MGA), and call-specific instructions. Additional documents include the HE Main Work Programme 2023–2025, HE Programme Guide, HE Framework Programme 2021/695, HE Specific Programme Decision 2021/764, EU Financial Regulation 2024/2509, Decision authorising the use of lump sum contributions, Rules for Legal Entity Validation, LEAR Appointment and Financial Capacity Assessment, EU Grants AGA, Funding & Tenders Portal Online Manual, Funding & Tenders Portal Terms and Conditions, and Funding & Tenders Portal Privacy Statement.

The budget overview for the call in 2025 includes six topics: HORIZON-CL3-2025-02-CS-ECCC-01 with a budget of 40,000,000 EUR, HORIZON-CL3-2025-02-CS-ECCC-02 with a budget of 23,550,000 EUR, HORIZON-CL3-2025-02-CS-ECCC-03 with a budget of 11,000,000 EUR, HORIZON-CL3-2025-02-CS-ECCC-04 with a budget of 4,000,000 EUR, HORIZON-CL3-2025-02-CS-ECCC-05 with a budget of 6,000,000 EUR, and HORIZON-CL3-2025-02-CS-ECCC-06 with a budget of 6,000,000 EUR. The indicative number of grants varies from 2 to 4 per topic.

There are 14 partner search announcements available for collaboration on this topic. LEARs, Account Administrators, or self-registrants can publish partner requests on the Funding & Tenders Portal. The submission system is planned to be opened on the date stated on the topic header. General FAQs and support are available through the Online Manual, Horizon Europe Programme Guide, Funding & Tenders Portal FAQ, Research Enquiry Service, National Contact Points (NCPs), Enterprise Europe Network, IT Helpdesk, European IPR Helpdesk, and CEN-CENELEC/ETSI Research Helpdesks.

In summary, this Horizon Europe call aims to bolster the cybersecurity of digital systems by funding research and innovation projects focused on enhancing the security of Post-Quantum Cryptography (PQC) implementations. It seeks to address vulnerabilities to implementation attacks, optimize countermeasures, and develop robust testing methodologies. The call is open to legal entities from Member States, Associated Countries, and OECD countries, with a focus on projects that can deliver tangible outcomes in design, implementation, and security evaluation of PQC algorithms. The funding is provided as a lump sum, and the application process is single-stage, with a deadline in November 2025. The call encourages collaboration and provides various resources and support services to potential applicants.