How Post-Quantum Cryptography is Gaining Adoption

Post-Quantum Cryptography (PQC) has made a lot of headlines in recent years. The narrative can range from an imminent threat from a malicious foreign actor to something that might be happening in 20 or 30 years. This article aims to clarify the state of the art in research and development while giving a sense of the urgency and magnitude of the threat to IT leaders. Looking forward, we’ll look at two bleeding-edge use cases that are showing traction in the cybersecurity sector.
What Is Post-Quantum Cryptography and Why Should We Care?
For all our professional lives, all the digital information that is encrypted either in-flight (e.g. VPN, HTTPS) or at rest (e.g. encrypted hard drive) have been resting on the power of asymmetric mathematical functions. For example, it’s relatively simple to multiply two prime numbers, but it is quite hard to recover these two prime numbers from the product of the multiplication. That is rather impossible to do by hand. Although computers make it faster with their best CPU and GPU clusters, it might still take more than the age of the universe to get that math done!
With the emergence of quantum computing (QPUs not CPUs), the math that supports most of the encryption algorithms we love and cherish can be at risk. Shor’s algorithm (developed by Peter Shor in 1994) quite famously speeds up the factoring of large numbers in polynomial time. Quantum computing hardware does exist today, but it is very limited in its capabilities, making it irrelevant for real-world applications. The question is: when will we have powerful enough GPUs to tackle larger numbers and bigger problems?
Samuel Jacques, an assistant professor at the University of Waterloo, provides a helpful visualization to understand the gap between today’s technology and what it takes to break common encryption schemes such as RSA.
We’ve moved past the stage of invention to the stage of an actual engineering problem to make the quantum computers useful and ready for real work applications. Error correction remains the main challenge ahead. A lot of effort is being deployed into making more Qubits but also better Qubits. Most likely quantum computing will break encryption in the next few years (or few decades). What should we do now?
From Theory to Action
Fortunately, in August 2024 NIST has announced 3 standard algorithms that are known to be resistant to quantum computing: Module-Lattice-Based Key-Encapsulation Mechanism Standard (FIPS 203) for key establishment, as well as Module-Lattice-Based Digital Signature Standard (FIPS 204) and Stateless Hash-Based Digital Signature Standard (FIPS 205) for digital signatures. These standards are ready for deployment.
Last year (2025), NIST selected another algorithm to serve as a back-up for the first in the list above (FIPS 203 or ML-KEM for short). The Hamming Quasi-cyclic (HQC) is based on different math which provides another layer of security in case ML-KEM would be failing. One more is on the way: FALCON should be released as FIPS 206 soon.
The NSA defines its CNSA 2.0 framework requiring all new national security systems to implement quantum-safe algorithms by January 1st, 2027. By December 31, 2031 CNSA 2.0 algorithms will be mandatory. NIST, however, envisions a transitionary state where hybrid protocols can continue to leverage classical algorithms for key establishment and digital signatures. While making the transition easier, well-known algorithms can provide an extra layer of security in case the newer quantum-resistant algorithm becomes vulnerable.
In any case, IT leaders need to act now to procure the next wave of secure and standard compliant systems they need for the year ahead. The pressure is on because of a well-known threat called HNDL (harvest now, decrypt later). Some bad actors are known to acquire massive amounts of encrypted data which they hope to mine in the future. Private data, financial data, and healthcare data are particularly vulnerable.
Applications in the Real-World
Since most banking services are now happening online, banks and payments providers among others are busy upgrading their infrastructure. The preparation for quantum security readiness must include websites, mobile applications, bank infrastructure, as well as service providers and partners.
The most interesting case might be found in the blockchain space. Since Bitcoin came alive in 2009, the cryptographic primitives are based on Elliptic Curve Cryptography, which is vulnerable to quantum attacks. While the internal infrastructure is somewhat safe (e.g. mining, record of transactions), the “wallet” relies on vulnerable algorithms. As a result, an attacker could use a brute force attack to break into a user account to siphon its assets. Bitcoin earlier payment transactions which exposed the public key (P2PK) are the most vulnerable. Most blockchains are actively working on upgrading their protocols.
Drones have also fundamentally transformed modern industry, logistics, and data collection. Operating at a fraction of the cost of traditional aviation systems, they can maneuver rapidly and are hard to detect. They have, however, critical weaknesses. Communication with ground control can be jammed or hacked into critical components and data can be harvested later by opponents. To avoid communication interference, drone operators are using very long fiber-optic cables. However, they can’t do anything if the drone is taken down and harvested.
Quantum technologies can be used to secure communication channels using Quantum Key Distribution (QKD), a method using quantum mechanics to communicate while ensuring that eavesdropping attempts can be detected. Meanwhile, on the drone itself, information can be encrypted with PQC with secure chips specially designed to never store any key but instead can regenerate a key every time in a non-cloneable fashion . Every critical piece of hardware can be tagged and authenticated before take-off to ensure the integrity of the aircraft.
The threat brought on by quantum computing to current cryptographic standards is a present issue. Various industries, such as financial services, are upgrading their infrastructure and systems to protect sensitive data. At the same time, defense applications are implementing Post-Quantum Cryptography (PQC) and Quantum Key Distribution (QKD) to secure systems. Implementing PQC ensures the integrity and confidentiality of data against these threats for a better future.
Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!








