The Australian Signals Directorate (ASD) revealed the strategy, citing fears that advances in quantum computing could render current encryption methods obsolete and leave sensitive communications vulnerable.
The directive specifically targets widely used cryptographic algorithms, including SHA-256, RSA, ECDSA, and ECDH, which underpin much of today’s internet security infrastructure. These methods will be phased out for High Assurance Cryptographic Equipment (HACE)—devices that handle sensitive information—by the end of the decade.
Bill Buchanan, a professor at Edinburgh Napier University’s School of Computing, expressed astonishment at the ASD's ambitious timeline.
“Basically, these four methods are used for virtually every web connection that we create, and where ECDH is used for the key exchange, ECDSA or RSA is used to authenticate the remote server, and SHA-256 is used for the integrity of the data sent,” Buchanan wrote in a blog post.
“The removal of SHA-256 definitely goes against current recommendations.”
While the quantum threat is widely acknowledged, most nations have opted for a slower transition to post-quantum cryptography, giving industries more time to adapt. Australia’s accelerated timeline raises questions about the readiness of global infrastructure to handle such a shift.
The ASD’s announcement reflects growing urgency among governments to address the potential risks posed by quantum computing. These powerful machines, still in their infancy, could one day crack the encryption techniques that currently protect everything from online banking to classified communications.