GSMA Post-Quantum Cryptography for 5G Roaming 2025

Keypoints

• Annual-style technical reports like this typically begin with an introduction, scope, and overview of the problem, then move into an executive summary that highlights the main risks, priorities, and recommended actions.
• They usually include a standards section that maps the topic to relevant industry specifications and guidelines, followed by use-case or architecture sections showing where the risks apply in real deployments.
• A dedicated scope or asset-identification section often lists sensitive data, cryptographic dependencies, and the interfaces or systems that need protection.
• The report then commonly analyzes migration strategy, dependencies, and operational constraints, including PKI changes, protocol updates, partner coordination, and performance considerations.
• In this GSMA report, the core threat model centers on a Cryptographically Relevant Quantum Computer (CRQC) enabling harvest-now, decrypt-later attacks on roaming traffic.
• The highest-priority risk identified is the exposure of inter-operator communications on N32-c and N32-f, especially where current protections rely on ECDHE/DHE and other classical public-key methods.
• The report also highlights impersonation and tampering risks, noting that quantum-capable adversaries could undermine ECDSA-based trust, SEPP identities, and signed objects such as JWTs.
• For 5G roaming, the document focuses on Direct TLS, PRINS, and Inter-PLMN User Plane Security, showing how security responsibilities differ when intermediaries like IPX providers are involved.
• For 4G roaming, it covers Diameter Edge Agents and NDS/IP protections, emphasizing that roaming interworking still depends on legacy cryptographic mechanisms that must be evaluated for quantum resilience.
• Sensitive data at risk includes subscriber identifiers such as SUPI, UEID, location information, roaming agreements, private keys, certificate chains, session keys, authentication material, and authorization tokens.
• The report’s main mitigation recommendation is to adopt post-quantum key encapsulation with ML-KEM and quantum-safe signatures with ML-DSA, while using hybrid cryptography as a transition path.
• It stresses that PKI modernization is a major dependency, requiring quantum-safe root and intermediate certificate authorities and support for larger certificate and signature sizes.
• For transport protection, the report points to TLS 1.3 work with ML-KEM and to IKEv2/IPsec mechanisms that can reduce exposure to HNDL-style attacks.
• Migration should be phased and risk-based, with operators prioritizing roaming interfaces first, while third parties such as IPX providers are expected to align on key establishment and interoperability.
• The recurring theme throughout the report is that roaming security modernization is not only a cryptographic upgrade, but also an ecosystem-wide trust, standards, and operational migration effort.