
- Blog , Cyber Security
- Published on: 31.07.2025
- 22:48 mins
Post-Quantum Cryptography: Why You Need to Act Now
Quantum computing, once considered a utopian concept that could solve complex algorithmic problems in seconds instead of days or years, is quickly becoming a reality.
The United Nations has officially declared 2025 the "International Year of Quantum Science and Technology." This decision underscores the increasing significance of quantum technologies and marks a pivotal moment for science, industry, and policy.
Following recent developments, a technological shift driven by quantum computers is expected within the next few years. Progress made by major hyperscalers – including Google, Microsoft, AWS, and IBM – in both hardware and software research in recent months has underscored this momentum.
- July 2022: The U.S. National Institute of Standards and Technology (NIST) began the standardization process for post-quantum cryptography (PQC) and selected the first candidate algorithms.
- August 2024: NIST releases the first PQC standards, providing a framework for enterprises and governments to migrate toward quantum-safe encryption.
- October 2024: IBM opened its first quantum data center outside the United States in Ehningen, Germany.
- December 2024: Google unveils its new quantum chip, Willow, featuring 105 qubits – a significant improvement over previous generations.
- February 2025: Microsoft enters the quantum hardware race by presenting its first proprietary processor, the Majorana 1 chip.
- February 2025: Amazon Web Services (AWS) introduces its first quantum processor, Ocelot, reinforcing its ambitions in quantum computing.
According to the research firm Gartner, post-quantum cryptography (PQC) is one of the top technology trends of 2025. NIST’s release of its first three official PQC standards in August 2024 further highlights the urgency of the topic. The countdown to the phaseout of classical encryption methods has officially begun for organizations and public institutions worldwide.
Upcoming NIST cryptographic standards through 2027:
A fourth standard based on the FALCON algorithm, which will soon be known as FIPS 206, is expected to be published later in 2025.
A fifth standard based on the HQC (Hamming Quasi-Cyclic) algorithm will serve as a backup for the ML-KEM (Module-Lattice-Based Key Encapsulation Mechanism) standard and is scheduled for release by 2027.
Cybercriminals are already storing encrypted data today, intending to decrypt it later using quantum computers. This tactic, known as "store now, decrypt later" (SNDL), poses a particular threat to industries with long data or product life cycles, such as automotive, manufacturing, and the public sector. Traditional encryption methods, such as RSA and ECC, are expected to become vulnerable by 2030.
The threat that quantum computers pose to existing cryptographic systems is no longer just a technical issue; it has also become a geopolitical and economic challenge. Governments worldwide have recognized post-quantum cryptography (PQC) as a strategic priority and are urging companies, public authorities, and critical infrastructure operators to begin the transition early.
In its 2023 Action Plan on Quantum Technologies, the German federal government defined clear targets for the migration to post-quantum cryptography (PQC) by 2026:
- Continue the migration to PQC in high-security environments
- Initiate the migration in other security-critical areas
- Integrate post-quantum cryptography methods into practical IT security solutions
- Establish a national PQC roadmap for the step-by-step transition of both existing and new systems
The strategy emphasizes that organizations should not wait for fully operational quantum computers before taking action. Due to the growing urgency and long migration cycles, including the risk posed by the "store now, decrypt later" (SNDL) threat, preparation must begin now.
Germany is not alone in recognizing the urgency. In a joint declaration titled: "Securing Tomorrow, Today: Transitioning to Post-Quantum Cryptography" 18 EU member states also emphasized the need for action: “We urge public administration, critical infrastructure providers, IT providers, as well as all of industry, to make the transition to post-quantum cryptography a top priority.”
This appeal makes one thing clear: migrating to PQC is mandatory. It is a matter of national and organizational security for anyone managing confidential or mission-critical systems. The race for quantum-safe infrastructure is underway. Those who act early will gain a crucial security advantage.
How Quantum Computers Break Encryption
Quantum computers are not just faster versions of classical computers – they operate entirely differently. While classical computers store information in bits that can be either 0 or 1, quantum computers use qubits, which can be 0, 1, or both at the same time (a property called superposition). Additionally, qubits can be linked together so that changing one qubit instantly affects another, even if they are far apart (a property called entanglement).
For example, consider searching for the right door.
Imagine you are in a building with 1,000 doors, none of which are labeled, and you don't know which door hides a treasure.
- A classical computer would open each door one by one until finding the treasure. On average, this process would take about 500 tries.
- A quantum computer, however, uses the principles of superposition and interference to process many possibilities at once. This allows it to find the treasure roughly four times faster than a classical computer. For 1,000 doors, for example, it would take only about the square root of 1,000 tries, around 32 tries.
This unique method of processing information enables quantum computers to perform calculations exponentially faster than classical systems. This makes them especially promising for optimization problems, material science, and artificial intelligence.
Classical Encryption Methods and Standards Are Becoming Obsolete
Quantum computers pose a fundamental threat to existing encryption standards. Methods like RSA (Rivest, Shamir, and Adleman) and ECC (Elliptic Curve Cryptography) are based on the idea that classical computers would take billions of years to solve the underlying mathematical problems. However, this assumption may soon no longer hold true.
As early as 1994, mathematician Peter Shor demonstrated that a powerful quantum computer could solve these problems in hours using his Shor's algorithm. What is considered secure today could be completely compromised by tomorrow's technological breakthrough.
It’s not just asymmetric encryption at risk, either. Grover’s algorithm can significantly reduce the time required to search for the correct key, thus drastically weakening the security of symmetric encryption methods like AES-128. The result? Data once deemed secure could suddenly become vulnerable.
The consequences are far-reaching. Companies and public institutions rely on encryption to protect data, products, communication systems, and critical infrastructure. However, once a powerful quantum computer is built, data encrypted today could be decrypted and exploited retroactively. Failing to act now jeopardizes the security of sensitive information and entire digital infrastructures.
These Industries Are Particularly Vulnerable to Quantum Computing
Even though quantum computers capable of breaking today’s encryption are not yet operational, the threat is real. Companies that develop products with long life cycles, handle sensitive encrypted data over extended periods, and have high security requirements must take these technological developments seriously.
- Automotive industry (OEMs & Suppliers):
- Over-the-air (OTA) updates and software patches could be decrypted and altered.
- V2X (vehicle-to-everything) communication between vehicles and infrastructure could be intercepted or spoofed.
- Digital keys and authentication systems could be compromised, enabling theft or unauthorized control.
- Aerospace & defense:
- Satellite communication and navigation systems could be decrypted and altered.
- Over time, military-grade encryption and mission data could be compromised.
- Secure boot mechanisms and software integrity in aerospace systems could be attacked retroactively.
- Manufacturing & supply chain security:
- Digital certificates for components and parts could be forged or compromised retroactively.
- Machine and process data could be decrypted and exploited.
- Tamper-proof authentication of hardware and software components would no longer be guaranteed.
- Public sector & critical infrastructure:
- Government communications (e.g., those of the police, military, and intelligence services) could be decrypted retroactively, exposing highly sensitive information.
- Databases containing citizen, tax, and health records could be compromised in the long term.
- E-government systems and digital identities could lose their trustworthiness.
- Energy and utility networks could become vulnerable to manipulation and attacks.
Long product and data lifecycles increase the risk
Many products and systems in these sectors have lifecycles of 10 to 30 years, or even longer. A vehicle, satellite, or government database encrypted today must remain secure through 2040 and beyond. However, the encryption standards used today could become obsolete within just a few years.
What does this mean in practice?
- Cybercriminals and industrial spies are collecting encrypted data from vehicles, aerospace systems, governments, and defense organizations now.
- Once powerful quantum computers are available, they could decrypt this data and use it for targeted attacks or technological espionage.
- Organizations that delay migrating for another ten years risk having stolen data compromised retroactively.
Quantum computing threatens the foundations of digital security and the trustworthiness of digital systems in general. This affects any organization that handles confidential information such as customer data, secures digital transactions, or is subject to data protection and compliance regulations.
Post-Quantum Cryptography: The Security Solution at a Glance
The solution is to migrate to post-quantum cryptography (PQC) in a timely manner. PQC is a set of cryptographic algorithms designed to remain secure even in the presence of quantum computers. PQC includes cryptographic methods that resist quantum attacks and are based on new mathematical principles.
PQC replaces vulnerable algorithms with new ones that can withstand quantum threats. The good news is that quantum hardware is not required. PQC can be implemented on classical systems today. The main categories of post-quantum encryption methods include:
- Lattice-based cryptography
These methods rely on the difficulty of solving lattice problems, such as determining the shortest distance between two points in a lattice. These problems are extremely complex and considered difficult to solve, even for quantum computers. Lattice-based algorithms are known for their efficiency and versatility. Key examples include the key encapsulation mechanism (KEM) CRYSTALS-Kyber and the signature schemes CRYSTALS-Dilithium and Falcon. FrodoKEM, which is also based on lattice problems, stands out for its conservative security assumptions. - Hash-based cryptography
These approaches build on the mathematical robustness of hash functions, which convert data of any size into a string of fixed length. The most notable scheme in this category is SPHINCS+. - Code-based cryptography
This family of algorithms is based on the difficulty of efficiently decoding error-correcting codes. This problem has resisted efficient solutions for decades, even in the context of quantum computing. Well-known code-based schemes include Classic McEliece, BIKE, and HQC. These schemes are considered especially resilient and well-studied.
Well Protected in the Quantum Age: NIST Standards for PQC
As previously mentioned, in August 2024, the NIST published its first official standards for post-quantum cryptography. These standards define algorithms that are secure against quantum attacks, replacing traditional methods such as RSA and ECC. They are now considered the global benchmark for companies and public institutions alike.
How Cloud Providers Are Driving the Migration to Post-Quantum Cryptography
Leading cloud providers have recognized the urgency of the quantum threat and are actively advancing the implementation of quantum-safe encryption.
- AWS, for example, has published a comprehensive post-quantum cryptography migration plan. The migration is happening gradually, starting with systems that communicate over insecure networks. Since 2019, AWS has been testing PQC algorithms in security-critical services, including the AWS Key Management Service (KMS), AWS Secrets Manager, and AWS Certificate Manager. AWS is also using hybrid PQC solutions in TLS to run classical and post-quantum algorithms in parallel, ensuring a smooth transition.
- As part of its Microsoft Quantum Safe Program (QSP), Microsoft is pursuing a holistic strategy to gradually integrate PQC into Windows, Azure, and Microsoft 365. In December 2024, ML-DSA (formerly CRYSTALS-Dilithium) and LMS algorithms were added to SymCrypt, Microsoft’s core cryptographic library. Microsoft is collaborating with standardization bodies, such as the IETF, to incorporate PQC into TLS, SSH, and IPsec.
- Google has used PQC for internal communications since 2022 and, in May 2024, activated ML-KEM by default for TLS 1.3 and QUIC in Chrome. This means that connections to Google services, such as Cloud Console and Gmail, are already experimentally protected by quantum-secure keys. Google is also contributing to the development of PQC standards at NIST, ISO, and the IETF, as well as integrating PQC algorithms into its open-source cryptography library, Tink.
- IBM is taking a comprehensive approach with its Quantum Safe portfolio.
- Standards & algorithms: IBM researchers have contributed to ML-KEM (Kyber), ML-DSA (Dilithium), and FALCON, all of which are NIST PQC standards.
- IBM quantum safe transformation services: IBM offers consulting, risk assessments, hybrid migrations, and implementation support in both cloud and enterprise environments.
- IBM cloud & platform integration: Since 2022, IBM Cloud Internet Services (Edge) has supported PQC hybrid TLS (ML-KEM + X25519). The IBM Quantum Platform also offers quantum-safe TLS connections.
These initiatives demonstrate that major technology providers are preparing for the post-quantum era. Companies and public institutions should act now to secure their systems and reap the benefits of these developments.
Planning and Implementing PQC Migration in 4 Steps
If you want your systems to remain secure in 2030 and beyond, begin introducing PQC by 2025. To do so effectively, take a structured, multi-step approach.
Step 1: Taking stock
Systematically identify which cryptographic methods are currently used in your products, applications, and backend systems. Which systems still rely on RSA or ECC and need to be replaced or adapted? Consider the following:
- On-premises systems
- Cloud services
- Client-server systems
- Embedded systems, such as vehicle control units and machine controls
- Mobile devices and Internet of Things components.
Communication and transmission paths
Include all communication channels that use cryptographic protocols and may be vulnerable in your cryptography inventory.
- Web and API traffic: TLS / HTTPS, gRPC-TLS
- VPN tunnels: IPsec, WireGuard, OpenVPN
- Remote shell and administration: SSH, RDP with TLS
- Email transport and signing: SMTPS, STARTTLS, S/MIME, PGP / OpenPGP
- Machine-to-machine messaging: MQTT-TLS, AMQP-TLS
- Data replication and storage: TLS-protected database replicas, S3-HTTPS, NFS-Kerberos
Be sure to document the following: versions, cipher suites, key lengths, and any fallback mechanisms. This detailed inventory is essential for preparing your systems for post-quantum cryptography and aligning with the latest NIST standards.
Older, proprietary, and embedded protocols:
Identify outdated or proprietary protocols, especially in IoT and embedded environments, as these are often difficult to patch. Examples include:
- Radio and fieldbus protocols: Zigbee, BLE, Z-Wave, CAN bus, Modbus
- Legacy industrial standards or manufacturer-specific protocols without up-to-date cryptography
- Device or firmware versions that no longer receive updates
Evaluate whether these protocols:
- Use outdated algorithms, such as 1024-bit RSA or SHA-1
- Rely on insecure custom implementations or lack encryption altogether
- Contain cryptographic co-processors that are not compatible with post-quantum cryptography
If an immediate replacement is not feasible, develop a migration or mitigation strategy. This could include using gateways or network segmentation to ensure security during the transition. This approach aligns with the goal of adopting NIST post-quantum cryptography standards.
Certificates, key management, and dependencies
Finally, list all of the following:
- Certificates (root, intermediate, end-entity) including validity periods, algorithms, and key lengths
- HSM (Hardware Security Module) and KMS (Key Management System) instances, secrets managers, TPMs
- Signature and authentication mechanisms such as JWT, SAML, OAuth, and code signing
- Libraries and frameworks like OpenSSL, Bouncy Castle, mbedTLS, and others
The result: A complete cryptography inventory that covers all methods, transmission paths, and protocols. This inventory provides a solid foundation for making informed decisions about your post-quantum cryptography migration.
Step 2: Risk assessment
Prioritize systems and data based on business relevance, such as trade secrets, personal data, and security-critical software. Also consider their lifecycle, especially if long-term protection is required over years or decades. Furthermore, consider the "store now, decrypt later" risk. Where is sensitive communication transmitted over public channels that could be intercepted and decrypted later? This analysis helps identify critical components and prioritize their protection with post-quantum cryptography solutions.
Step 3: Take initial measures
Begin by using hybrid solutions that combine classical cryptography with post-quantum cryptography methods. Crypto agility is key: Systems that can adapt to new algorithms can maintain compatibility with current environments while ensuring readiness for future cryptanalytic breakthroughs. This approach enables a gradual transition with minimal security compromises or productivity risks.
Step 4: Roadmap for implementation
Begin with pilot projects that are simple and clearly defined. Examples include internal public key infrastructure (PKI) environments or selected virtual private network (VPN) gateways. Replacing TLS certificates with post-quantum cryptography alternatives is also an effective and quick first step. Evaluate the performance, compatibility, security, and operational effort of the PQC algorithms you use. The insights gained will help define best practices for other parts of your organization. This knowledge will support the planning and execution of a controlled rollout across larger system environments in alignment with NIST's post-quantum cryptography standards.
Quantum-Security Expertise Meets Future Technology: How Your Business Benefits From Partnering With MHP
Timely action is essential when it comes to migrating and implementing post-quantum cryptography. MHP supports your company with technical and strategic expertise to ensure you are not facing this challenge alone. Together, we will prepare your PQC migration and design a security strategy tailored to the evolving landscape of quantum computing. Here’s what you can expect from working with us:
- Strong partnership with IBM: As an IBM Silver Partner since 2007, we are part of the powerful IBM ecosystem and have direct access to the first European IBM Quantum Data Center in Ehningen. Operated by a global leader in quantum computing, this partnership enables us to offer valuable insights and resources. Although post-quantum cryptography is designed for use on classical systems, our broader quantum expertise benefits you in many ways, including real-world quantum applications in AI, optimization, and materials science, as well as strategic planning for the post-quantum era.
- Internal workshops: We offer customized workshops that raise awareness and provide foundational knowledge in quantum computing. These workshops include use case ideation and initial implementation using the Qiskit quantum computing framework and a real IBM Quantum Computer.
- Ongoing monitoring of market and technology trends: We continuously track developments in quantum computing and PQC, including the analysis of emerging NIST PQC standards, EU initiatives, and the latest innovations from major cloud and technology providers.
- More than 25 years of industry experience: Our in-depth knowledge of sectors such as automotive, manufacturing, and security allows us to identify high-risk systems and develop customized post-quantum cryptography blueprints that align with your industry's unique security needs.
- Expertise at the intersection of AI and quantum technology: In our blog post "Quantum Machine Learning", we explore how quantum technologies can be combined with artificial intelligence to unlock new innovation potential.
PQC: Protect Today What Will Still Matter Tomorrow
Quantum computers are challenging the foundations of today's IT security. Widely used cryptographic methods, such as RSA and ECC, which currently underpin most digital communication and data protection, will become obsolete within the next few years. The most critical threat is that attackers are currently storing encrypted information with the intent of decrypting it in the future using quantum computers. This is particularly relevant for long-lived data and systems commonly found in industries such as manufacturing and automotive as well as in the public sector.
If you want to be secure in 2030, you have to act now. Migrating to post-quantum cryptography is not a short-term IT project but rather a long-term strategic challenge. Organizations that begin preparing today will protect the confidentiality of their data and gain a technological edge. They will also meet emerging compliance requirements early and build lasting trust among customers, partners, and regulators.
MHP supports you every step of the way. With our deep technical expertise, strong partnership with IBM, and over 25 years of experience securing industrial environments, we offer the ideal combination of foresight, practical implementation, and industry insight. We help you think quantum-secure, identify risks, and make informed strategic decisions for the years ahead – securely, proactively, and tailored to real-world applications.
FAQs
Post-quantum cryptography (PQC) is based on mathematical problems that even powerful quantum computers cannot efficiently solve. These problems include lattice problems, error-correcting codes, and hash-based constructions. PQC algorithms secure data using asymmetric or symmetric encryption, as well as digital signatures.
Post-quantum cryptography (PQC) protects digital communication in the long term - even when quantum computers become available. A key risk is “store now, decrypt later”: attackers can store encrypted data today and decrypt it later - as soon as sufficiently powerful quantum computers are available. Companies that sell products with long life cycles and process data with a long confidentiality period must therefore act now.
Experts estimate that quantum computers could break widely used classical encryption methods, such as RSA or ECC, by around 2030. Since migrating to PQC takes time, companies need to act now to stay ahead of the curve.
It refers to a strategy where attackers collect encrypted data today and store it, intending to decrypt it later, once quantum computing technology is advanced enough. This strategy poses a significant threat to data requiring long-term confidentiality – for example, in industry, government, or healthcare.
Quantum computers can break classical encryption algorithms through quantum-optimized attacks, undermining the foundations of today’s digital security. This could expose confidential communications, digital signatures, and digital identities. An additional risk is the collection of encrypted data today that could be decrypted in the future – the "store now, decrypt later" threat.
No, post-quantum cryptography (PQC) is designed to run on classical systems and does not require a quantum computer.
No, PQC enhances existing cryptographic techniques to ensure security against quantum attacks. Quantum cryptography, on the other hand, uses physical principles from quantum mechanics to create new, hardware-based security protocols.
Cryptographic agility is the ability of systems to switch cryptographic algorithms, key sizes, and protocols without major disruption. It is essential in the context of PQC because organizations must be able to adapt quickly as new standards emerge or vulnerabilities are discovered.
Not yet, but they are coming. The German government's digital strategy encourages the early adoption of post-quantum cryptography, particularly among public authorities and critical infrastructure operators. Eighteen EU countries have jointly called for PQC to become a top priority for businesses. In the US, the Quantum Computing Cybersecurity Preparedness Act has already passed.