Building your PQC readiness plan

The recent development of quantum computing signals an important shift in cybersecurity and presents a serious threat to established encryption techniques. As enterprises become more reliant on digital communications, the need to use post-quantum cryptography (PQC) methods has become essential. The National Institute of Standards and Technology (NIST) has indicated that algorithms such as RSA-2048 and ECC-256 are expected to be officially deprecated by 2030, with a complete phase-out of legacy cryptography anticipated by 2035. While large-scale quantum computers aren’t here yet, it’s only a matter of time. And when they do arrive, they could make today’s encryption methods useless. That’s why it’s so important for organizations to start preparing now. Building a solid post-quantum cryptography (PQC) readiness plan today can help ensure your digital assets stay protected in the quantum future.
While post-quantum computing promises accelerated computing power for scientific research and industry, it threatens the security of many cryptographic algorithms today. While you may not have all the time in the world to view white papers one after another, we have gathered a quick overview of the background, methods, and advice to help you understand where to start your journey to post-quantum readiness.
Quantum computers might not yet be powerful enough to break today’s cryptographic systems, but their fast-paced progress in recent years has sparked serious concern. Algorithms like RSA and Elliptic Curve Cryptography (ECC) are the foundation of internet security; they keep our online transactions safe, protect sensitive information, and ensure digital signatures are valid. As quantum technology continues to evolve, the security of these foundational systems is increasingly at risk. In fact, 63% of organizations believe that quantum advancements could eventually break the encryption methods we rely on today. On top of that, 61% see key distribution as one of the biggest challenges we’ll face in a world where quantum computers are a reality.
Post-quantum computing introduces newer quantum threats to the cryptographic systems that we currently rely on. Shor’s algorithm can efficiently factor large numbers, breaking the foundation of RSA and ECC. A key like RSA-2048, which is considered secure right now, could be cracked by a powerful enough quantum computer, exposing any data it protects. Grover’s algorithm, which speeds up brute-force attacks. It doesn’t completely break symmetric encryption like AES, but weakens it. For instance, AES-128 would only offer about 64 bits of security in the face of a quantum attack, cutting its strength in half.
In addition to these algorithmic risks, the “harvest now, decrypt later” approach is dangerous because attackers can gather encrypted data now in anticipation of future quantum decryption capabilities. Around 58% of organizations are concerned about the risk of “harvest now, decrypt later” attacks, where adversaries collect encrypted data today with the intention of decrypting it in the future when quantum capabilities become available. What’s more, post-quantum computing could make existing vulnerabilities even more dangerous. Attacks like side-channel and key recovery attacks might become more effective, giving attackers new ways to break into cryptographic systems. Side-channel attacks work by picking up on indirect clues, like how long a process takes or how much power it uses, to steal sensitive information. These techniques can even target post-quantum algorithms. Key recovery attacks take this a step further by using those signals to extract secret keys, posing a serious threat to the security of future cryptographic systems.
In light of these threats, organizations must recognize that any information transmitted via public channels today is vulnerable to eavesdropping without quantum-safe cryptography. Data that appears secure now could be preserved for future decryption, undermining the validity and integrity of transmitted information. The threat extends across the entire cybersecurity ecosystem, impacting communication protocols like TLS, IPSec, SSH, identity certificates, code signing, and key management protocols.
As we get closer to quantum computers becoming a reality, we can’t afford to wait until they’re fully developed to start preparing. To establish the best defense, we must protect sensitive data and ensure compliance before current cryptographic systems become outdated. Crypto-agility, the ability to quickly swap out cryptographic algorithms without overhauling your entire infrastructure, can be one of the best key strategies. Here’s how organizations can start preparing for a smooth shift to post-quantum cryptography (PQC):
To effectively prepare for the transition to post-quantum cryptography, consider the following steps:
Quantum computers capable of breaking current cryptography do not exist publicly yet, but experts estimate their arrival within the next decade.
While the shift to PQC is critical, alternative technologies such as Quantum Key Distribution (QKD) provide an alternative route to secure communication. QKD uses the principles of quantum mechanics to distribute cryptographic keys. One of the major advantages is its ability to detect eavesdropping. Any attempt to intercept the key disturbs the quantum states and alerts the communicating parties about a potential breach. However, because QKD focuses on key distribution, it cannot fully replace all cryptographic requirements. Therefore, an extensive security strategy may involve a combination of PQC for general encryption and QKD for specific high-security key exchange scenarios.
In July 2024, NIST announced the first set of standardized post-quantum cryptographic algorithms. These algorithms are designed to resist attacks from both classical and quantum computers.
Algorithms | CRYSTALS-Kyber (ML-KEM) | CRYSTALS-Dilithium (ML-DSA) | FALCON (FN-DSA) | SPHINCS+ (SLH-DSA) | HQC (Hamming Quasi-Cyclic) |
---|---|---|---|---|---|
Overview | CRYSTALS-Kyber is a Module-Lattice-based Key-Encapsulation Mechanism (ML-KEM). It’s based on the hardness of solving the Module Learning With Errors (MLWE) problem over structured lattices. | CRYSTALS-Dilithium is a Module-Lattice-based Digital Signature (ML-DSA) scheme. It’s based on the hardness of solving the Module Learning With Errors (MLWE) and Module Short Integer Solution (MSIS) problems over structured lattices. | FALCON is a lattice-based signature scheme based on the Fast Fourier Orthogonal Lattice Construction. It leverages the algebraic structure of lattices to achieve very compact signatures. | SPHINCS+ is a stateless hash-based signature scheme. This means it doesn’t require maintaining any internal state between signature operations, making it more resilient to certain attacks and easier to deploy in some situations. | HQC is a code-based public key encryption scheme that relies on the hardness of decoding random linear codes, specifically using quasi-cyclic codes to enhance efficiency. |
Use Cases | General-purpose key exchange, similar to RSA or Diffie-Hellman, is suitable for protecting the confidentiality of data in transit. | Digital signatures for authentication and non-repudiation ensure data integrity and authenticity. | Digital signatures where small signature sizes are critical, such as in bandwidth-constrained environments or when storing signatures is expensive. | Digital signatures are particularly useful in environments where resistance to side-channel attacks is paramount or where simplicity of implementation is desired. | General-purpose encryption is suitable for secure data transmission and storage, providing confidentiality and integrity for sensitive information. |
Replaces | RSA, Diffie-Hellman, ECC (ECDH and X25519/448) for key exchange. | RSA, ECDSA, EdDSA (specifically, ECDSA with NIST curves and Ed25519/448) for digital signatures. | RSA, ECDSA, EdDSA (for digital signatures) in scenarios where signature size is a primary concern. | RSA, ECDSA, EdDSA (for digital signatures) in scenarios where side-channel resistance is a major concern. | RSA and ECC (specifically, schemes like ECDSA and ECDH) for public key encryption and digital signatures. |
Technical Details | Kyber operates in a key encapsulation mechanism (KEM) framework, where the sender generates a random key, encapsulates it using the recipient’s public key, and sends the ciphertext to the recipient. The recipient then uses their private key to decapsulate the key. | Dilithium uses a “commit-and-open” approach, where the signer commits to a value, then reveals part of it based on a challenge derived from the signed message. | FALCON uses a trapdoor function based on the Shortest Integer Solution (SIS) problem on lattices. | SPHINCS+ is based on a Merkle tree structure and uses hash functions as its primary building blocks. | HQC works by producing a public-private key pair, with the public key extracted from a random linear code. By encoding the plaintext message with a random error vector, encryption creates a ciphertext that may be transmitted to the destination. To ensure safe communication, the recipient decrypts the ciphertext and recovers the original message using their private key. |
Each algorithm provides a distinct set of parameters to reach different levels of security. You can focus on selecting a set of parameters that satisfies your application’s unique security needs. Depending on the platform and implementation, these algorithms’ performance can change. Benchmarking is essential to determine the best algorithm for your needs. While some algorithms are relatively easy to implement, others may require specialized expertise.
This information is based on the current understanding of these algorithms. As research progresses, new findings that could affect their security or performance may emerge.
Industry professionals acknowledge that we are at a crucial turning point in the shift towards post-quantum cryptography (PQC). With NIST’s announcement of the PQC algorithm finalists and the recent finalization of key algorithms, many businesses and vendors are starting to strategize their migrations. As organizations assess the potential impacts of these changes, it is essential to take proactive measures to stay ahead in this evolving landscape. Regulatory bodies worldwide also emphasize the importance of immediate preparation to ensure compliance and security in an evolving digital landscape.
Developing an effective PQC readiness plan requires a blend of strategic foresight, technical assessment, and operational discipline.
It is crucial to understand where and how cryptography is utilized within your organization. This involves creating a detailed cryptographic inventory to identify quantum-vulnerable technology and associated data criticality. This inventory will:
Specifically, this diagnosis should include:
Once you have done your crypto discovery, the next step is to evaluate the state of your current environment to identify risks and gaps. A risk assessment helps identify the list of applications, algorithms that can be affected by quantum computing. It is important to note that not all data and systems face equal risk. Prioritize risk to your assets by data sensitivity and lifespan, exposure, compliance, and legal requirements.
PQC readiness is not a one-time fix, but a phased process.
Your organization’s governance should evolve alongside technical changes to adapt to PQC.
The initial transition might be done, but it is important to look out for updates and progress in the field of PQC. Look out for any advancements, track updates in PQC regulations and standards, regularly train your staff to maintain expertise and awareness, and reassess and update strategies periodically to incorporate new advancements.
The path to PQC readiness might not be a smooth one, and it can present several complex challenges:
As you prepare to build a PQC readiness plan for your organization, crypto agility should be an important concept. Crypto agility refers to the ability of an organization to quickly adapt its cryptographic algorithms and protocols in response to emerging threats, vulnerabilities, or technological changes. Crypto agility allows organizations to respond to quantum threats, as organizations with crypto agility can swiftly transition to stronger, quantum-resistant algorithms without extensive fallbacks, mitigate risks by maintaining flexibility in cryptographic choices, and enhance security posture by regularly updating cryptographic practices.
To achieve crypto agility, organizations should design systems with architectures that allow for easy swapping of cryptographic algorithms. Organizations can also implement automated key management systems to accommodate new algorithms and key sizes as they are adopted.
Using NIST-aligned planning, focused risk reduction, and deep crypto discovery, our PQC Advisory Services can transform your environment into an audit-ready, quantum-resilient infrastructure.
We evaluate governance frameworks and optimize cryptographic processes, identifying vulnerabilities in encryption protocols and key management. Through discovery and inventory, we assess all cryptographic assets and their usage. We classify data and crypto assets by sensitivity, and apply protection measures customized to you. We work on analyzing the cryptographic risk exposure to deliver a report. The report will contain detailed gap analysis with mitigation strategies and recommendations to address each identified gap, all aligned with NIST’s post-quantum cryptography (PQC) standards.
To ensure strategic alignment, we assess organizational goals, risk tolerance, and the cryptographic environment. Our approach includes developing a phased PQC migration strategy aligned with business operations, defining governance frameworks, and planning hybrid deployment models for gradual adoption.
Deliverables consist of an extensive PQC strategy document, a cryptographic agility framework, and a phased migration roadmap with business-aligned timelines to address emerging quantum threats effectively.
We conduct real-world performance testing to evaluate the effectiveness of cryptographic solutions against quantum attack vectors. We create Proof of Concepts to validate quantum-resistant cryptographic methods. We do comprehensive data scanning and inventorying of cryptographic assets, followed by careful planning to ensure smooth, low-disruption transitions. This makes it easier to integrate quantum-safe cryptography, including hybrid cryptographic models seamlessly. Additionally, we resolve issues identified during pilot testing and integrate lessons learned into the overall implementation strategy.
You can greatly benefit from our service as we categorize data by lifespan and implement customized quantum-resistant protection for long-term confidentiality. We also provide enterprise-wide crypto strategies and remediation plans to mitigate risks from outdated or weak cryptographic algorithms. We facilitate seamless migration to post-quantum algorithms for lasting resilience.
We focus on developing a robust governance structure that specifies roles, responsibilities, ownership, and rules for cryptographic standards and processes in the post-quantum age. We emphasize developing crypto-agile PKI architectures that readily swap out cryptographic algorithms as new threats or standards arise.
The timeline for quantum computing is dynamic and evolving. If you have started to work on a plan to be prepared for the outcomes of this, you are on track; if you haven’t, it is high time to start working on it, as preparing for this isn’t optional. Building your PQC readiness plan enables a controlled, well-informed transition to quantum-safe cryptography, protecting your most valuable digital assets. This exhaustive journey requires continuous education, complete inventory and risk analysis, phased migration, rigorous testing, policy evolution, and persistent vigilance. Start early, collaborate broadly, and build your cryptographic resilience step-by-step.
If you are wondering where and how to start, Encryption Consulting is here to help you. You can count on us as your trusted partner in the PQC readiness process. The future of secure communication and data protection depends on today’s actions. Reach out to us at [email protected] to build a plan that is fitted to your needs.