Post Quantum Cryptography
Preparing for deployment
The TDL autumn 2025 series of webinars continued with a look at the preparedness for deployment of post quantum cryptography (PQC) by examining the work which started in the mid-90s after it was demonstrated that quantum computers could break public key cryptography.
30 years later, a lot of theoretical work was done, numerous research initiatives conducted, new standards are in the process of being finalised, government regulations include PQC transition and industry is preparing for new frontiers in integration and deployment. A group of distinguished experts gathered to discuss the current state of PQC, the aspects that need to be urgently addressed, integration and deployment challenges, economics and a lot more.
Summary
The main focus of the panel discussion was on the transition to PQC, during which participants explored the challenges and opportunities of this fifth algorithm transition, including concerns about timing, implementation strategies and the need for hybrid approaches. The panel concluded by examining the broader impacts of PQC research on cybersecurity and computing, highlighting how it has driven innovation and fostered cross-sector collaboration while presenting both technical and organisational challenges.
Background
Each participant was asked to comment on their view on the most important topics, challenges and achievement in PQC, based on their areas of interest. Below are some of the topics to be addressed.
· The main achievements from the 30 years of work in PQC
· The main challenges of early work
· The learnings from the earlier period contributed to the emerging PQC standards
· The best management approaches to ensure remediation for new standardised algorithms if they are breached
· The applications that will present the greatest challenges and why
Taking into account that the timelines for the transition to PQC have been extended from the early targets, also to be discussed were:
· The main issues and challenges associated with the transition to PQC
· The impact of the transition to PQC on the computing infrastructure
· The main areas and subfields that need to be covered during the few additional years before the mandates are in place, in terms of the applications that need to be prioritised, and the resolution of unsolved issues and concerns
Standardisation is in process for the new algorithms selected via an open and competitive process. Among the issues to be addressed are whether there are challenges specific to PQC standardisation and likewise for building new technologies for a mixed environment including PQC and conventional cryptography.
If the transition makes us more or less secure in terms of code quality (never touch a working system vs. a good chance to overhaul everything), nevertheless it is useful to acknowledge that there is a danger in every transition including the potential for backdoors, etc. Hence PQC is an area that is typically described as defensive: we need to improve protection in anticipation of technological advancements in computing. Topics to be considered Include:
· What discoveries, technology advancements, new approaches in cryptography and security in general emerged due to research and technology development in PQC
· How PQC work was beneficial for the computing environment at large and for its future
So many good questions, and only an hour to discuss!
Speakers
The panel comprised:
· Brian LaMacchia, President, FARCASTER® Consulting Group
· Tanja Lange, Chair, Coding Theory and Cryptology, Department of Mathematics and Computer Science, Technische Universiteit Eindhoven
· Simon Patkovic, Vice President, Quantum-Safe Solutions, ID Quantique
· Daniel Slamanig, Full Professor of Cryptology, Research Institute Cyber Defence (CODE) and Department of Computer Science, Universität der Bundeswehr München
· Zhanet Zaharieva, COO and Co-Founder, Quantum Dice
This session was moderated by TDL strategic advisor, Claire Vishik
PQC Transition Challenges
The discussion opened with the transition to PQC, highlighting that while this is the fifth algorithm transition in 20 years, it is unique due to advance warning of a future quantum threat. The challenge of convincing companies and organisations to invest in this transition was emphasised, citing funding competition with AI initiatives as a key obstacle. A reflection on the 30-year journey of PQC noted progress in research and standardisation but expressed concern about the late timing of the transition. The geopolitical race to quantum computing and the need for both mathematical and physics-based solutions was discussed, while underlining the complexity of the transition and the importance of visibility in infrastructure changes. The panel agreed that while the transition is challenging, it presents an opportunity to improve cryptographic tools and applications, particularly in areas like digital identity.
PQC Transition Strategies
The panel moved on to the challenges and strategies for transitioning to PQC, focusing on hybrid approaches and long-lived systems. The difficulties in highly regulated areas like the military due to the need for standardised protocols were highlighted with an emphasis on the importance of building crypto agility into systems and addressing the challenges of updating IoT and embedded devices with limited capabilities. The debate between hybrid and pure PQC approaches was evaluated, noting that industry favours hybrid solutions, while some governments push for a full transition. There was some optimism about the transition, seeing it as an opportunity to improve existing cryptographic practices, while also acknowledging the risks involved. The panel agreed that a combination of hybrid and layered approaches will likely be necessary for different environments, and that investing in training and inventory management is crucial for a successful transition. It was observed that some applications, systems and environments require particular attention, e.g., systems designed for long term operations and power constrained systems.
PQC Algorithm Agility
The group discussed challenges and future directions in PQC, focusing on algorithm agility and its implementation across different system architectures. They explored the difficulties of maintaining agility in high-level applications and the specific challenges for low-power, inexpensive systems, where hardware acceleration requirements make it hard to support multiple PQC algorithms. The need for clearer terminology in the field, particularly around terms like ‘hybrid’ and ‘agile’ was emphasised as different experts use these words with varying meanings that can lead to confusion and miscommunication.
PQC: Innovation and Impact
The panellists discussed the broader impacts of PQC research, emphasising its role in driving innovation across cybersecurity and computing. They highlighted the increased awareness of cryptographic processes, the development of new tools like fully homomorphic encryption, and the importance of cryptographic agility in adapting to future threats. The group agreed that while PQC began as a defensive measure, it has led to more resilient security standards and greater collaboration across sectors, influencing approaches to AI, digital identity and cybersecurity regulation. They also noted that while the transition to post-quantum systems is challenging, the conversation about updating and maintaining public key cryptography is now more forward-looking and inclusive.
Next Steps
All panellists agreed to:
· continue advocating for early adoption of PQC despite the absence of immediate quantum threats and limited funding
· continue working with standards bodies to develop protection profiles for quantum-safe technologies.
· explore integration of post-quantum cryptography with privacy-friendly digital identity solutions.
· focus on developing training programs for developers and engineers on implementing PQC securely.
· work on clarifying terminology around “hybrid” and “agility” in post-quantum cryptography discussions.
Watch the full recording of the webinar on our YouTube channel here!