NBU Establishes New Cryptographic Standard: Slovakia Enters the Post-Quantum Era

For decades, state institutions, critical infrastructure operators, and private enterprises have relied on the same cryptographic foundations: AES, RSA, and elliptic curve (ECC) algorithms. These technologies have protected financial transactions, energy grids, industrial systems, and communication channels. However, the development of quantum computers fundamentally changes the situation – algorithms that were previously considered secure may become vulnerable and allow encryption to be broken within hours.

NBÚ has therefore issued recommendations that provide a clear national framework for the transition to post-quantum cryptography (PQC) – a new generation of standards designed to withstand attacks using quantum computing.

Main Principles of the New Recommendation

The document establishes specific parameters and priorities for individual categories of cryptographic tools:



• Symmetric encryption: mandatory use of 256-bit keys (e.g., AES-256, Camellia-256, Twofish-256).
• Hash functions: output resistant to quantum attacks with a length of at least 384 bits (SHA-384, SHA-512, SHA3-512, SHAKE256).
• Asymmetric algorithms and digital signatures: transition to post-quantum algorithms ML-KEM for key exchange and ML-DSA or SLH-DSA for signatures.
• Hybrid cryptography: recommended during the transition period – a combination of classical and post-quantum algorithms to maintain compatibility.
• Password protection: modern standards Argon2id or scrypt as a replacement for outdated schemes.
• Random number generation: only sources meeting NIST SP 800-90 or BSI AIS 20/31 standards.
  

In addition to technical details, the document emphasizes the principle of crypto-agility – the ability of systems to flexibly change algorithms without disrupting operations. Organizations should maintain an inventory of where cryptography is used, store algorithm identifiers along with data, and prepare for gradual migration.

Significance for Critical Infrastructure

For AKI SR members – operating in sectors such as energy, telecommunications, transport, water management, and digital services – these recommendations are of exceptional importance.

Critical infrastructure often uses systems with long life cycles that operate for 15 to 25 years. Cryptographic reworking of such systems is demanding and takes years, so it is necessary to start today. Early implementation of NBÚ guidelines will help prevent unplanned and financially demanding interventions in the future.

The new document also aligns Slovakia with European Union Recommendation 2024/1101 on the transition to post-quantum cryptography. This will ensure the interoperability of national systems with the European framework of digital sovereignty and strengthen Slovakia's position as a proactive and responsible EU member state.

AKI SR Statement

The Critical Infrastructure Association of the Slovak Republic welcomes the publication of this document. This is an important step that brings clarity at a time when artificial intelligence, automation, and quantum technologies are fundamentally changing the rules in the field of cybersecurity. AKI SR will continue to support its members in implementing these recommendations – through expert discussions, educational activities, and the exchange of experiences between the public and private sectors.

Cooperation with research institutions, security-certified companies, and European partners will also be key to ensuring that the transition to post-quantum cryptography is not only technically managed but also economically sustainable. Slovakia now has a unique opportunity to rank among the leaders in quantum-resistant infrastructure.

However, this requires every operator – from national enterprises to regional IT services – to begin analyzing their systems, planning migration, and building architectures prepared for future algorithms. The sooner these steps begin, the stronger the country's resilience as a whole will be.

About AKI SR

The Critical Infrastructure Association of the Slovak Republic (AKI SR) brings together organizations from the public and private sectors. Together, they strengthen national resilience, cybersecurity, and the protection of vital services.

More information: www.akisr.sk