On May 9, 2026 GiCP co-organised the third edition of the Workshop on Cryptographic Tools for Blockchains (CTB 2026), held in Rome as a satellite event of Eurocrypt 2026 — one of the flagship venues of the International Association for Cryptologic Research.
Since its first edition in Zürich in 2024, CTB has built a reputation as a space where cryptographic research and blockchain engineering meet without the constraints of formal proceedings. This year’s programme was a testament to how active that intersection has become: signature aggregation in Ethereum, private information retrieval, post-quantum threshold signatures, zero-knowledge proofs, data availability, and fair exchange protocols were all on the table.
For GiCP, co-organising this workshop is not just about academic engagement. Cryptography is the trust boundary on which everything we build depends — the integrity of evidence chains, the confidentiality of investigations, the authenticity of judicial documents. As recently highlighted by KEMEA, GiCP’s partner in Safehorizon, the question for Europe’s law enforcement agencies is no longer whether quantum technologies will reshape the security landscape, but whether LEAs will be ready when they do.
Three areas discussed in Rome are particularly relevant to that question:
– The evolving stolen data market. Threat actors are no longer only after plaintext credentials. Encrypted data — previously of limited value — is now being harvested at scale as a long-term asset. The logic is straightforward: collect it today, decrypt it when quantum computers make that possible. This changes the risk calculus of every data breach.
– “Harvest Now, Decrypt Later” — from theory to doctrine. The Salt Typhoon campaign, attributed to Chinese state-sponsored actors, is the clearest real-world evidence that this is not a hypothetical threat. Attackers silently infiltrated major US telecoms — AT&T, Verizon, Lumen — remaining undetected for up to two years, collecting bulk communications data at scale across more than 80 countries. That data is presumed stored, waiting. For LEAs, wiretap records and digital evidence archives intercepted today represent a future liability under this threat model.
– The post-quantum migration challenge. NIST finalised its first post-quantum cryptographic standards in 2024 — ML-KEM, ML-DSA, SLH-DSA. But standardisation is the beginning, not the solution. Legacy infrastructure, fragmented national timelines, and long-term evidence retention requirements make the migration for public institutions and law enforcement agencies far more complex than a routine software update. Underscoring the evolving nature of this landscape, NIST advanced nine new digital signature candidates to a third round of evaluation in May 2026 to further diversify its post-quantum portfolio. This ongoing two-year review of alternative algorithms emphasizes that organizations must build ‘cryptographic agility’ into their infrastructure to adapt to future standards.
The cryptographic tools debated at CTB 2026 — post-quantum zero-knowledge proofs, threshold signatures, privacy-preserving protocols — are exactly the building blocks needed to address these challenges. SafeHorizon’s participation in this research community is part of our answer to a deadline that is real, even if its exact date remains uncertain.
The quantum clock is running. Europe’s security community cannot afford to be reactive.
Read more on the quantum threat to LEAs on the SafeHorizon blog
