Next in Post Quantum Cryptography

Last year, Dr. Karmen Kempka, Wibu-Systems' Director Corporate Technology, published a post in this blog space about the various Post Quantum Cryptography (PQC) initiatives brought forth by government, research organizations, and industry to stay ahead of and mitigate the pending risks of quantum computing on today's cryptography standards.

Quantum computing brings with it enormous potential for progress across a wide range of fields. From accelerating drug discovery and optimizing supply chains to advancing climate modeling and enabling new materials, its capabilities promise to revolutionize science, industry, and society. In the realm of cybersecurity, quantum technologies could introduce novel approaches to secure communication, such as quantum key distribution (QKD), the laws of physics to let parties exchange secret keys even over an insecure quantum channel that is actively eavesdropped by an adversary.

However, this same power also poses a serious threat. As quantum computers mature, they will be capable of breaking widely used asymmetric encryption algorithms like RSA and ECC, which currently safeguard everything from sensitive financial data, to medical records and critical infrastructure. Cryptographic signature schemes are also compromised by sufficiently large quantum computers, as those are based on the same cryptographic assumptions as asymmetric encryption schemes. Among other things, this puts the authenticity of e-mails, software updates, and device authentication at risk. In short, while quantum computing opens the door to innovation, it also demands a proactive and strategic shift toward quantum-safe cryptographic solutions to protect the digital backbone of modern life.

In her post, Dr. Kempka noted the recent activities undertaken to address the risks e.g., guidelines created by organizations like CISA, NSA, and NIST urging organizations to begin preparation for transition to PQC algorithms; efforts to create security frameworks by the Linux Foundation, the Internet Engineering Task Force (IETF), and the UK government; and industry collaborations with companies like Wibu-Systems, Infineon Technologies, the Muhlbauer Group, and others - all reflecting a global commitment to develop PQC solutions, ensuring that digital infrastructures remain secure.

While no one can say with certainty when Q-day will be upon us (experts predict anywhere from 5 to 20 years), organizations continue to actively develop and adopt quantum-resistant cryptographic methods to future-proof data security. Since our last review, here are some of the further developments being made in PQC:

• National Institute of Standards Technology (NIST): In August 2024, NIST finalized three post-quantum cryptographic algorithms designed to protect digital information from future quantum computer attacks.
• National Security Agency (NSA): In December 2024, the NSA has developed the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) to include the new standards for quantum-resistant cryptography to be used in national security systems.
• Infineon Technologies: In December 2024, Infineon Technologies, in collaboration with the German Federal Office for Information Security (BSI), received the Common Criteria EAL6, an industry-leading certification level, for the implementation of a post-quantum cryptography algorithm in a security controller.
• General Dynamics Information Technology: In January 2024, General Dynamics conducted the "Quantum Waves" study, revealing that 50% of federal IT leaders are actively developing strategies to accelerate their transition to PQC.
• Google: In February 2025, Google launched quantum-safe digital signatures in its Cloud Key Management Service (Cloud KMS) for software-based keys to address the risks posed by the advancement of experimental quantum computing on the security of many public-key cryptography systems used for encrypting data.

Additionally, the QuantumXchange, a quantum-technology innovator and data security company, has posed several considerations on how PQC will impact security strategies in 2025:

• Composite Cryptographic Models Become Mainstream: Established algorithms based on RSA and ECC have been extensively researched and offer high security against everything except quantum computers. PQC algorithms are currently not known to have weaknesses against quantum or classical computers. Yet, due to their relatively young age, they have not been as extensively researched as the established algorithms; a classical or quantum attack against them could be discovered at any time. One solution that is currently recommended by the German BSI is to combine both quantum-resistant and established methods into composite cryptographic methods, where the result is as least as secure as the stronger method.
• Increased Government Spending on Quantum-Safe Upgrades: Governments and corporations, particularly those with national security interests in quantum technology in areas like the U.S, China, and the EU, will increase their focus on funding for quantum-resistant security upgrades in 2025.
• Quantum-Resistant VPNs and Secure Communication Protocols: Virtual Private Network (VPN) and encrypted messaging platforms will begin offering PQC upgrades as quantum vulnerabilities threaten security implementations at every layer of the network stack.
• New Attack Models Against Quantum-Resistant Algorithms Will Be Found: In 2025, more experimental research on potential attack models against quantum-resistant algorithms, such as side-channel and fault injection attacks, will be aimed at testing, identifying, and mitigating these potential vulnerabilities, and ultimately strengthening the implementation of post-quantum standards.
• New Talent and Workforce Requirements: Universities and training programs are emerging to meet the demand for cryptographers skilled in quantum-resistant protocols, with emphasis on specialized courses in PQC, quantum computing fundamentals, and secure software engineering.

If you have further interest in exploring the future PQC landscape, you can view the recorded Webinar, Post Quantum Cryptography - The Impact on Identity, hosted by Dr. Kempka along with security experts from Infineon, Muhlbauer Group, and Eviden.

Contributor

Daniela Previtali

Global Marketing Director

Daniela is a marketing veteran who has dedicated more than twenty-five years of her career to the service of world-leading IT security vendors. Throughout her journey in this field, she has covered executive positions in international sales, product marketing, and product management and acquired comprehensive knowledge of both digital rights management solutions and authentication technologies. Working from the German headquarters of Wibu-Systems, she is currently leading both corporate and channel marketing activities, innovating penetration strategies, and infusing her multinational team with a holistic mindset.