Transition to post-quantum Public Key Infrastructures

This EU grant opportunity is part of the Digital Europe Programme, specifically targeting the transition to post-quantum Public Key Infrastructures (PKIs) to enhance the cybersecurity ecosystem. The initiative, designated DIGITAL-ECCC-2025-DEPLOY-CYBER-08-PUBLICPQC, seeks to address the challenges associated with integrating Post-Quantum Cryptography (PQC) into PKIs. The primary objective is to ensure efficient migration strategies that maintain strong business continuity amid rising quantum computing threats.

Eligible applicants include a variety of stakeholders involved in the PKI ecosystem, such as Certificate Authorities (CAs), intermediate CAs, researchers, end-users, and vendors. The requirement to form effective consortia emphasizes the need for diverse expertise across software development, hardware implementation, cryptographic research, standardization, and application deployment. Proposals should incorporate user case studies and focus on real-world applications.

The project's expected outcomes include the development of cryptographic combiners that ensure at least 128-bit security against quantum adversaries, experimental evaluations of hybrid certificates, new and improved open-source libraries, and clear key management procedures. Other activities may involve designing digital signature combiners, testing the deployment of certificates in relevant protocols, and creating methods for automatic certificate management and privacy-friendly transparency.

Funding for the initiative totals 15 million euros, with the application process structured as a single-stage call. The opening date for submissions is planned for June 12, 2025, and the deadline is October 7, 2025. While focusing predominantly on EU entities due to security considerations, international participation may be allowed under specific conditions.

The proposals should address critical societal sectors, including government services, telecommunications, banking, healthcare, and automotive. Compatibility with existing legacy systems is crucial, necessitating solutions that can operate with both pre-quantum and post-quantum cryptographic protocols to ensure security and resilience.

In summary, this grant aims to strengthen cybersecurity frameworks in Europe by facilitating the integration of PQC into existing PKIs and fostering collaborations among academia, industry, and public sectors to develop standardized, innovative, and practical solutions to counter quantum threats effectively.

This EU grant opportunity, part of the Digital Europe Programme (DIGITAL) and the call "Strengthening the cybersecurity ecosystem (DIGITAL-ECCC-2025-DEPLOY-CYBER-08)", aims to facilitate the transition to post-quantum Public Key Infrastructures (PKIs). The call, titled "Transition to post-quantum Public Key Infrastructures" with topic ID DIGITAL-ECCC-2025-DEPLOY-CYBER-08-PUBLICPQC, seeks to address the challenges of integrating Post-Quantum Cryptography (PQC) algorithms into PKIs, ensuring efficient migration strategies and business continuity.

The grant targets various stakeholders in the PKI ecosystem, including Certificate Authorities (CAs), intermediate CAs, researchers, end-users across different sectors, and vendors. Effective consortia should include experts in software development, hardware implementation, cryptographic research, standardization, policy, and application deployment, as well as organizations providing user case studies and real-world applications.

The expected outcomes of this call include:

New combiners ensuring cryptographic schemes provide at least 128-bit security against quantum adversaries.
Experimental evaluation on hybrid certificates in standard protocols, considering different cryptographic algorithms at Certification Authority levels, focusing on security, performance, and backward compatibility. The impact should be tested via open-source libraries.
New and improved open-source libraries for certificate requests, issuance, validation, revocation, and privacy-friendly certificate transparency.
Clear procedures for key management, covering signature generation requirements (software, hardware, secure storage), signature validation (data requirements, conditions for verification), signature lifecycle, and validity status.
Testing and evaluation of X.509 certificate uses beyond core applications.
Tests and evaluation of alternatives to X.509 certificates.
Awareness activities and training courses.

The scope of the proposals should include activities focused on:

Designing digital signature combiners and key encapsulation mechanism combiners.
Testing the deployment of certificates in relevant protocols.
Developing novel protocols for Automatic Certificate Management and revocation, as well as privacy-friendly certificate transparency.
Creating methods and tools for experts across PKI domains, covering all aspects of asymmetric systems key management.

Proposals should consider requirements and constraints related to security level, performance, and business continuity in critical sectors like governmental services, telecom, banking, smart homes, e-Health, and automotive. They should address key establishment, digital signatures, and secure communication protocols, adapting them with post-quantum counterparts to ensure resilience against quantum threats.

Compatibility with existing legacy systems is crucial, necessitating a transition to PKIs supporting both pre-quantum and post-quantum cryptography. The proposed systems should seamlessly interact with legacy systems, disabling the post-quantum component when needed while preventing downgrade attacks. Combinations of PQC and established pre-quantum solutions should be used to provide strongest-link security.

For protocols supporting negotiation, like X.509 certificates for Transport Layer Security (TLS), post-quantum key exchange has been demonstrated. Migration of other protocols will be more complex, especially when old and new configurations coexist. Migration strategies defined for X.509 core use cases may not work for applications in IoT, smartcards, and identity documents.

Proposals should develop clear procedures to guide stakeholders in PKIs across different usage domains through the transition process.

Activities may include:

Identification of requirements for implementing hybrid certificates.
Development of approaches and techniques for constructing cryptographic combiners for different protocols.
Testing combiners for issuing new certificates, balancing key, signature, and ciphertext sizes, and considering compatibility with standards, revocation mechanisms, certificate transparency, cryptographic protocols across certificate chains, application requirements (security level, time constraints, overhead), and hardware optimization.
Development and improvement of open-source libraries.
Development of novel protocols for Automatic Certificate Management and revocation, and privacy-friendly certificate transparency.
Support for standardization activities.
Development of recipes for designing and deploying new PKIs, with analysis depending on each PKI component.
Tests on specialized uses of X.509 certificates beyond TLS, such as roots of trust, device integrity, and firmware signing.
Design, improvement, and testing of X.509 alternatives, including Merkle tree ladders, the GNU Name System, SPKI, SDSI, and key encapsulation mechanisms for on-demand authentication.
Awareness and training activities for stakeholders, emphasizing interdependencies and facilitating understanding of technical standards.

Participation of non-EU entities is subject to Article 12(5) of Regulation (EU) 2021/694 due to the risk of sensitive information disclosure to non-EU governments.

The call falls under the DIGITAL-JU-SIMPLE DIGITAL JU Simple Grants action type and uses the DIGITAL Action Grant Budget-Based [DIGITAL-AG] Model Grant Agreement (MGA). It follows a single-stage deadline model. The planned opening date is June 12, 2025, and the deadline is October 7, 2025, at 17:00:00 Brussels time.

The budget for the DIGITAL-ECCC-2025-DEPLOY-CYBER-08-PUBLICPQC topic is 15,000,000 EUR.

Conditions for admissibility, eligible countries, financial and operational capacity, exclusion, evaluation, award, and legal/financial setup are detailed in the call document and related annexes. Proposal page limits and layout are described in Part B of the Application Form in the Submission System and section 5 of the Call document - Strengthening the Cybersecurity Ecosystem (DIGITAL-ECCC-2025-DEPLOY-CYBER-08).

Relevant documents include the Call Document, application form templates (Standard application form (DEP) and Standard application form (DEP FPA)), ownership control declaration, Model Grant Agreements (DEP MGA), DEP Work Programmes, DEP Regulation 2021/964, EU Financial Regulation 2024/2509, Rules for Legal Entity Validation, LEAR Appointment and Financial Capacity Assessment, EU Grants AGA, Funding & Tenders Portal Online Manual, Funding & Tenders Portal Terms and Conditions, and Funding & Tenders Portal Privacy Statement.

The submission system is planned to open on the date stated on the topic header. LEARs, Account Administrators, and self-registrants can publish partner requests on the portal. For help, applicants can contact the ECCC Applicants Direct Contact Centre or the IT Helpdesk.

In summary, this EU grant opportunity aims to bolster cybersecurity by supporting projects that facilitate the integration of post-quantum cryptography into existing Public Key Infrastructures. It seeks to ensure a smooth transition that maintains security, performance, and compatibility with legacy systems, while also fostering collaboration among various stakeholders in the PKI ecosystem. The call encourages the development of innovative solutions, open-source tools, and standardized procedures to address the evolving challenges posed by quantum computing threats.

Eligible Applicant Types: The call targets different actors involved in the PKI ecosystems and supply and value chains, such as Certificate Authorities (CAs), intermediate CAs, researchers, end-users in different domains, and vendors. The call specifies that effective consortia should comprise a diverse range of actors along the entire PKI chain, encompassing expertise in areas such as software development, hardware implementation, cryptographic research, standardisation, policy, and application deployment, as well as organisations that can provide user case studies and real-world applications.

Funding Type: The funding type is a DIGITAL JU Simple Grant. The type of Model Grant Agreement (MGA) is a DIGITAL Action Grant Budget-Based [DIGITAL-AG].

Consortium Requirement: The call specifies that effective consortia should comprise a diverse range of actors along the entire PKI chain, so a consortium is required.

Beneficiary Scope (Geographic Eligibility): While the text doesn't explicitly state geographic eligibility, it is implied that the primary scope is EU-related, given it is an EU funding call under the Digital Europe Programme. However, the call mentions that participation of non-EU entities entails a security risk, which suggests that non-EU entities might be able to participate, but with specific conditions and scrutiny.

Target Sector: The target sector is cybersecurity, specifically focusing on the integration of Post-Quantum Cryptography (PQC) algorithms in Public Key Infrastructures (PKIs). This includes areas such as software development, hardware implementation, cryptographic research, standardisation, policy, and application deployment. The call also targets critical societal sectors and processes such as governmental services, telecom, banking, smart homes, e-Health, and automotive.

Mentioned Countries: No specific countries are mentioned, but the call is part of the Digital Europe Programme, implying a focus on the EU. The mention of non-EU entities suggests that international participation is possible but subject to security considerations.

Project Stage: The project stage appears to be focused on development, validation, and demonstration. The call mentions the design of digital signature combiners, testing of deployment of certificates, development of novel protocols, and development of methods and tools. It also includes experimental evaluation and testing of alternatives, suggesting a move towards validation and demonstration of developed solutions.

Funding Amount: The budget for the DIGITAL-ECCC-2025-DEPLOY-CYBER-08-PUBLICPQC topic is EUR 15,000,000. There are also other related topics under the same call, such as DIGITAL-ECCC-2025-DEPLOY-CYBER-08-CYBERHEALTH with a budget of EUR 30,000,000 and DIGITAL-ECCC-2025-DEPLOY-CYBER-08-NCC with a budget of EUR 10,000,000.

Application Type: The deadline model is single-stage. The submission system is planned to be opened on June 12, 2025, and the deadline for submission is October 7, 2025, at 17:00:00 Brussels time.

Nature of Support: Beneficiaries will receive money in the form of a DIGITAL JU Simple Grant.

Application Stages: The application process is single-stage.

Success Rates: The indicative number of grants is not specified in the provided text.

Co-funding Requirement: The text does not explicitly mention a co-funding requirement.

Summary:

This opportunity is a call for proposals under the Digital Europe Programme, specifically targeting the strengthening of the cybersecurity ecosystem. The call, DIGITAL-ECCC-2025-DEPLOY-CYBER-08-PUBLICPQC, focuses on the transition to post-quantum Public Key Infrastructures (PKIs). The main goal is to address the challenges of integrating Post-Quantum Cryptography (PQC) algorithms into PKIs to ensure efficient migration strategies and strong business continuity.

The call is open to a wide range of actors involved in the PKI ecosystem, including Certificate Authorities, researchers, end-users, and vendors. It requires applicants to form consortia with diverse expertise, covering areas such as software and hardware development, cryptographic research, standardisation, policy, and application deployment. User case studies and real-world applications are also important.

Projects should focus on designing and testing digital signature combiners, developing novel protocols for certificate management and transparency, and creating methods and tools for key management. Proposals should consider the requirements and constraints of various applications in critical sectors like government, telecom, banking, healthcare, and automotive. Compatibility with existing legacy systems is crucial, and solutions should combine PQC with established pre-quantum solutions to ensure the strongest possible security.

The call aims to achieve several outcomes, including new cryptographic combiners, experimental evaluations of hybrid certificates, improved open-source libraries, clear key management procedures, and tests of X.509 certificate uses and alternatives. Awareness and training activities are also expected.

The funding for the PUBLICPQC topic is EUR 15 million, and the application process is single-stage, with a deadline of October 7, 2025. While primarily focused on EU entities, participation of non-EU entities is possible but subject to security considerations. This call represents a significant effort to enhance cybersecurity by preparing for the challenges posed by quantum computing and ensuring a smooth transition to post-quantum cryptography.