物联网生态系统中的后量子密码学

Contents Contents 7Transformation/migration approach287.1Implementation Roadmap287.2Policy and regulation288Conclusion29Annex A Document Management30A.1Document History30A.2Other Information30 About theGSMA The GSMA is a globalorganisation unifying themobile ecosystem to unlockthe full power of connectivityso that people, industry andsociety thrive. Unlock the benefits ofGSMA membership As a member of the GSMA, you join a vibrantcommunity of industry leaders and visionaries –helping to shape the future of mobile technology andits transformative impact on societies worldwide. Our unique position at the heart of the mobile industrymeans you get exclusive access to our technical experts,data and analysis – as well as unrivalled opportunities fornetworking, innovation support and skills acceleration. Led by our members, we represent the interests ofover 1,100 operators and businesses in the broaderecosystem. The GSMA also unities the industry atworld-leading events, such as MWC (in Barcelona,Kigali, Las Vegas and Shanghai) and the M360 Series. For more information, please visit:http://www.gsma.com/membership/ Security Classification:Non-confidential Antitrust Notice Access to and distribution of this document is restrictedto the persons permitted by the security classification.This document is confidential to the Association andis subject to copyright protection. This document isto be used only for the purposes for which it has beensupplied and information contained in it must not bedisclosed or in any other way made available, in whole orin part, to persons other than those permitted under thesecurity classification without the prior written approvalof the Association. The information contained herein is in full compliancewith the GSM Association’s antitrust compliance policy. Copyright Notice Copyright © 2025 GSM Association Disclaimer The GSM Association (“Association”) makes norepresentation, warranty or undertaking (expressor implied) with respect to and does not accept anyresponsibility for, and hereby disclaims liability forthe accuracy or completeness or timeliness of theinformation contained in this document. The informationcontained in this document may be subject to changewithout prior notice. 1. Introduction 1.2Scope 1.1Overview This document analyses the risks posed by theadvancement of quantum computing on IoT systems,focusing on solutions that are connected using 3GPPbased connectivity, in both terrestrial and non-terrestrial networks,[4]in the first instance. It aimsto provide stakeholders and decision makers withan understanding of the challenges and actionableinsights, to enable an informed strategy for securingIoT solutions against emerging quantum risks andfuture proofing strategies. The Internet of Things (IoT) is a disruptivetechnology that plays an increasingly importantrole in digital transformation, as the number ofconnected devices and applications increase.The collection of data from different sourcesenables the ability to gain insights, make data-drivendecisions, and automate processes, and this is beingused by consumers, governments and businesses inan expanding range of sectors, use cases andapplications. In our increasingly connected world, IoT security andprivacy is an ongoing concern against the backdropof an evolving threat landscape, complex value chainsand the expanding criticality and complexity ofIoT use cases. As consumers, businesses andgovernments increasingly rely on more devicesthat collect and communicate more informationand make more decisions on our behalf, securityvulnerabilities in the IoT domain could produce severeconsequences. The quantum threat should be considered within abroader landscape of cyber security threats, with theimplication that existing vulnerabilities will not bydefault be addressed through the implementation ofquantum safe solutions. 1.3 Intended Audience The document is designed for a diverse group ofstakeholders involved in the design, deployment,operation, security and use of IoT systems, includingthe providers/developers of system components.It is also expected to be of interest to those thatare leveraging IoT solutions in their business and toregulators and policy makers developing guidanceto address quantum related challenges at a nationallevel and/or for specific sectors. In this regard, as quantum computing technologiesmature, it is necessary to consider the impact of thequantum threat; namely the prospect that bad actorsarmed with a cryptographically relevant quantumcomputer could compromise the cryptographicalgorithms currently used to secure IoT systems.Post Quantum Cryptography (PQC) refers tocryptographic algorithms that are resistant to theattack of both classical and quantum computers.Over the past decade the global cryptographycommunity has engaged in the development andtesting of such algorithms, resulting in a first set ofpost quantum cryptography standards.[1],[2],[3]These new algorithms are not a d