{"id":5577,"date":"2025-10-29T06:45:00","date_gmt":"2025-10-29T06:45:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=5577"},"modified":"2025-10-29T06:45:00","modified_gmt":"2025-10-29T06:45:00","slug":"notable-post-quantum-cryptography-initiatives-paving-the-way-toward-q-day","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=5577","title":{"rendered":"Notable post-quantum cryptography initiatives paving the way toward Q-Day"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

The point at which quantum computers will be capable of breaking existing cryptographic algorithms \u2014 known as \u201cQ-Day\u201d \u2014 is approaching. Some security experts believe Q-Day<\/a> will occur within the next decade, potentially leaving all digital information vulnerable under current encryption protocols.<\/p>\n

While a decade may seem far away, post-quantum cryptography (PQC) is fast becoming a high priority for the security community, as it works to understand, build, and implement encryption that can withstand post-quantum threats and attacks of the future.<\/p>\n

\u201cPQC migration provides an opportunity to re-evaluate the larger cybersecurity landscape,\u201d Dylan Rudy, lead scientist with Booz Allen\u2019s quantum sciences team, tells CSO. \u201cBy integrating new PQC algorithms into a zero-trust architecture, cybersecurity infrastructure can be redesigned into a new crypto agility framework.\u201d<\/p>\n

At issue is the fact that quantum computers of sufficient power could undermine the mathematical underpinnings of current encryption methods. Experts predict sufficiently powerful quantum computers are years away but early preparations are needed<\/a> not least because the upgrade process is far from trivial<\/a> and may take years in many environments.<\/p>\n

Particularly for those in high-security sectors, where the threat of \u201charvest now, decrypt later\u201d attacks is keenly felt, waiting for \u201coven ready\u201d post-quantum encryption products and services to mature is a bad decision. Early adopters can take advantage of hybrid products and services that exist today, as they enable them to start migrating immediately, rather than waiting for updated internet protocols.<\/p>\n

Here are the latest developments on recently launched initiatives, programs, standards, and resources aimed at helping with the creation, development of, and migration to PQC.<\/p>\n

<\/a>NIST ratifies post-quantum encryption standards<\/h2>\n

In August 2024, NIST (US National Institute of Standards and Technology) approved three post-quantum cryptography algorithms for mainstream development<\/a>.<\/p>\n

As part of the announcement, NIST approved ML-KEM, formerly known as CRYSTALS-Kyber, for general encryption and key exchange. ML-DSA (Module-Lattice-Based Digital Signature Algorithm, formerly known as CRYSTALS-Dilithium<\/strong>) and SLH-DSA (Stateless Hash-Based Digital Signature Algorithm, SPHINCS+<\/strong>) were also given the go-ahead as the basis for digital signatures.<\/p>\n

All three algorithms are capable of withstanding attacks from both classical and (future) quantum computers.<\/p>\n

In March 2025, NIST selected HQC for standardization<\/a>. The code-based Key Exchange Mechanism offers a backup or alternative to ML-KEM for encryption and key exchange.<\/p>\n

Other algorithms are still being evaluated but the approval of the four algorithms as standards for post-quantum encryption<\/a> gives engineers the building blocks<\/a> they need for future technology development.<\/p>\n

\u201cThis is an important milestone, but a complex one for us to navigate,\u201d Andersen Cheng, founder and chairman of Post-Quantum, tells CSO. \u201cWhile these announcements mark a step change in the world\u2019s journey to becoming quantum secure, it does not mean that the entire internet ecosystem is now protected.\u201d<\/p>\n

For example, the Internet Engineering Task Force (IETF), which defines how the internet is built, used, and secured, will play a key role in developing the standards that harness post-quantum encryption.<\/p>\n

\u201cNIST\u2019s standards should motivate organizations to take the quantum threat seriously,\u201d says Markus Pflitsch, CEO and founder at Terra Quantum. \u201cBy standardizing PQC algorithms, NIST provides a roadmap for organizations worldwide to transition to quantum-resistant cryptographic systems. Companies will now need to prepare for this migration from classical to post-quantum cryptography and invest in their long-term data security by ensuring they are NIST-compliant.\u201d<\/p>\n

Industry heavyweights line up behind PQC<\/h2>\n

Google\u202fChrome<\/strong> became the first mainstream browser to support hybrid post\u2011quantum key exchanges<\/a> by default late last year.<\/p>\n

The approach combines classical elliptic-curve encryption, for backwards compatibility, with lattice-based PQC derived from ML-KEM.<\/p>\n

Other industry giants \u2014 including Amazon and IBM<\/a> \u2014 have also begun laying foundations for quantum-safe cryptography. For example, IBM has pushed ahead with efforts to integrate post-quantum cryptography into many of its products, such as IBM z16 and IBM Cloud.<\/p>\n

Microsoft is testing PQC in Azure<\/a>. AWS has published PQC integration guides<\/a> for developers, and Cloudflare has begun supporting PQC<\/a>.<\/p>\n

Quantum leap<\/h2>\n

Recent technology advances are boosting the capabilities of quantum computing and therefore bringing forward the need to roll out quantum-resistant cryptography.<\/p>\n

In December 2024, Google unveiled Willow<\/a>, a new quantum chip that marks a significant step forward in scalable quantum computing.<\/p>\n

\u201cUnlike previous architectures, Willow demonstrates that increasing the number of qubits can effectively reduce error rates \u2014 a major hurdle in building large-scale quantum systems,\u201d says Florent Michel, head of cryptography at Optalysys, a UK-based developer of optical computing hardware. \u201cWhile further research is needed to validate its scalability, Willow offers a promising new direction, reinforcing the need for quantum-resilient cryptographic solutions.\u201d<\/p>\n

Last February Microsoft introduced Majorana 1<\/a>, the world\u2019s first quantum processor based on topological qubits. Long theorized as a potential solution to quantum error correction, topological qubits had previously remained elusive.<\/p>\n

\u201cMicrosoft claims to have achieved practical realisation of this technology, a milestone that, despite ongoing debate in the research community, could accelerate the timeline for viable quantum computers,\u201d Michel says.<\/p>\n

<\/a>Linux Foundation\u2019s grand alliance to take on PQC<\/h2>\n

The Linux Foundation launched the Post-Quantum Cryptography Alliance (PQCA)<\/a> in February 2024, bringing together industry giants and researchers to tackle the cryptographic security challenges posed by future quantum computers. The effort is geared toward developing software packages that support PQC standards.<\/p>\n

Founding members of the alliance include AWS, Cisco, Google, IBM, NVIDIA, QuSecure, SandboxAQ, and the University of Waterloo.<\/p>\n

\u201cThe PQCA will engage in various technical projects to support its objectives, including the development of software for evaluating, prototyping, and deploying new post-quantum algorithms,\u201d according to a statement by The Linux Foundation<\/a>. \u201cBy providing these software implementations, the foundation seeks to facilitate the practical adoption of post-quantum cryptography across different industries.\u201d<\/p>\n

In January 2025, the PQCA announced<\/a> that its open source project, Open Quantum Safe (OQS), integrates the NVIDIA cuPQC library<\/a>, offering GPU-accelerated implementations of cryptographic primitives that are safe against attacks from future quantum computing technology.<\/p>\n

<\/a>Tech community launches PQC Coalition to drive understanding, adoption<\/h2>\n

In September 2023, a community of technologists, researchers, and expert practitioners launched the PQC Coalition<\/a> to drive progress toward broader understanding and public adoption of PQC algorithms. Founding coalition members include IBM Quantum, Microsoft, MITRE, PQShield, SandboxAQ, and the University of Waterloo.<\/p>\n

The PQC Coalition<\/a> will apply its collective technical expertise and influence to facilitate global adoption of PQC in commercial and open-source technologies. Coalition members will contribute their expertise to motivate and advance interoperable standards and technical approaches and step forward in providing critical outreach and education.<\/p>\n

The coalition will focus on four workstreams:<\/p>\n

Advancing standards relevant to PQC migration<\/p>\n

Creating technical materials to support education and workforce development<\/p>\n

Producing and verifying open-source, production-quality code, and implementing side-channel resistant code for industry verticals<\/p>\n

Ensuring cryptographic agility<\/p>\n

<\/a>CISA, NSA, NIST issue PQC migration resource<\/h2>\n

In August 2023, the US Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and NIST published a factsheet<\/a> on the impacts of quantum capabilities. It urged all organizations, especially those that support critical infrastructure, to develop a quantum-readiness roadmap.<\/p>\n

\u201cQuantum-Readiness: Migration to Post-Quantum Cryptography\u201d outlined how organizations can prepare a cryptographic inventory, engage with technology vendors, and assess their supply chain reliance on quantum-vulnerable cryptography in systems and assets. The factsheet also provides recommendations for technology vendors whose products support the use of quantum-vulnerable cryptography.<\/p>\n

\u201cPQC is about proactively developing and building capabilities to secure critical information and systems from being compromised through the use of quantum computers,\u201d says Rob Joyce, director of NSA cybersecurity. \u201cThe transition to a secured quantum computing era is a long-term intensive community effort that will require extensive collaboration between government and industry. The key is to be on this journey today and not wait until the last minute.\u201d<\/p>\n

<\/a><\/a>X9 announces initiative to create PQC assessment guidelines<\/h2>\n

In June 2023, the Accredited Standards Committee X9 announced a new initiative<\/a> to create PQC assessment guidelines to act as a roadmap for PQC transitions. It invited participants to take part in the effort.<\/p>\n

When completed, the X9 guidelines might be used by organizations as a self-assessment tool, an informal assessment of a third-party service provider, or an independent assessment by a qualified information security professional, X9 said. An auditor or regulator might also refer to the assessment guidelines which could form a foundation for crypto agility standardization, it added.<\/p>\n

\u201cIt will be important to have PQC assessment guidelines available before transitions are underway, for consistency to make the process as smooth as possible and the outcomes optimal,\u201d says Michael Talley, chair of the X9F1 Cryptographic Tools working group.<\/p>\n

X9 followed up with guidance, aimed at financial industry management<\/a>, on how to migrate to post-quantum cryptography \u201csafely and cost effectively\u201d in August 2025.<\/p>\n

<\/a><\/a>NCCoE addresses preparing for the adoption of new PQC algorithms<\/h2>\n

In April 2023, the US National Cybersecurity Council of Excellence (NCCoE), a collaboration of cybersecurity experts from the public and private sectors, released a draft publication addressing preparation for adopting new PQC algorithms. Migration to Post-Quantum Cryptography<\/a> extended the typical message of urgency to plan for migration seen in federal mandates to members of the private sector.<\/p>\n

NCCoE said it would be engaging with industry collaborators, regulated industry sectors, and the US government to bring awareness to the issues involved in migrating to post-quantum algorithms and to prepare the crypto community for migration.<\/p>\n

<\/a><\/a>QuSecure pioneers live satellite quantum-resilient cryptographic communications link through space<\/h2>\n

In March 2023, quantum security vendor QuSecure claimed<\/a> to have accomplished the first known live, end-to-end quantum-resilient cryptographic communications satellite link through space. It marked the first time US satellite data transmissions had been protected from classical and quantum decryption attacks using PQC, according to the company.<\/p>\n

The quantum-secure communication to space and back to Earth was made through a Starlink<\/a> satellite working with a leading global system integrator (GSI) and security provider.<\/p>\n

This is significant because data shared between satellites and ground stations travels through the air and traditionally has been vulnerable to theft, leaving satellite communications even more accessible than typical internet communications, the vendor said.<\/p>\n

IETF launches working group to coordinate quantum-resistant cryptographic protocols<\/h2>\n

In January 2023, the IETF launched the Post-Quantum Use In Protocols<\/a> (PQUIP) working group to coordinate the use of cryptographic protocols that are not susceptible to large quantum computers.<\/p>\n

\u201cThe idea of the working group is to be a standing venue to discuss PQC from an operational and engineering side,\u201d said Sofia Celi, co-chair of PQUI. \u201cIt is also a venue of last resort to discuss PQC-related issues in IETF protocols that have no associated maintenance on other working groups that the IETF has.\u201d<\/p>\n

The IETF said the working group has been set up on an experimental basis, and in two years, it intends to review it for rechartering to continue or else closure. In August 2023, the group published the Post-Quantum Cryptography for Engineers<\/a> paper to provide an overview of the current threat landscape and the relevant algorithms designed to help prevent those threats.<\/p>\n

In September 2025, the IETF published guidance<\/a> for implementing post-quantum key exchanges and digital signatures in TLS\u202f1.3 and related standards.<\/p>\n

<\/a>Migration roadmaps<\/h2>\n

Agencies such as the UK\u2019s National Cyber Security Centre<\/a>, NIST<\/a> in the US, and the European Commission<\/a> have outlined phased roadmaps for enterprises to complete migration to post-quantum cryptography by 2035.<\/p>\n

Experts urge enterprises to prepare for PQC by taking an inventory of cryptographic assets, mapping algorithmic dependencies, and aligning migration plans to NIST\u2019s post-quantum standards, among other measures.<\/p>\n

\u201cThe ongoing \u2018Migration to PQC\u2019 project from NIST\u2019s NCCoE<\/a> has also brought much-needed structure to the process, especially with September\u2019s white paper that mapped PQC discovery and migration capabilities to frameworks like the Cybersecurity Framework 2.0 and NIST SP 800-53,\u201d says Rik Ferguson, VP of security intelligence at Forescout. \u201cThat\u2019s helping organizations understand where they stand and what practical steps to take.\u201d<\/p>\n

Industry adoption of post-quantum encryption technologies<\/a> is building but remains uneven.<\/p>\n

\u201cAround 8.5% of all SSH servers now support PQC key exchange, rising to 26% for OpenSSH specifically, but other technologies, such as TLS 1.3, are lagging behind,\u201d according to Ferguson. \u201cAnd when we look at unmanaged environments like IoT, OT, and medical devices, the numbers drop off sharply, often below 10%.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

The point at which quantum computers will be capable of breaking existing cryptographic algorithms \u2014 known as \u201cQ-Day\u201d \u2014 is approaching. Some security experts believe Q-Day will occur within the next decade, potentially leaving all digital information vulnerable under current encryption protocols. While a decade may seem far away, post-quantum cryptography (PQC) is fast becoming […]<\/p>\n","protected":false},"author":0,"featured_media":494,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5577","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5577"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5577"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5577\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/494"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5577"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5577"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5577"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}