Abstract

The rapid evolution of quantum computing technology has intensified the urgency to transition from traditional cryptographic systems to post-quantum cryptography (PQC). Over the past two years (2023–2025), significant strides have been made in standardizing quantum-resistant algorithms, addressing implementation challenges, and fostering global collaboration to mitigate the risks posed by quantum computers. This article examines the key developments, technical hurdles, and strategic initiatives undertaken by corporations and governments worldwide to prepare for potential quantum-based cryptographic attacks. Drawing on recent advancements, including the National Institute of Standards and Technology’s (NIST) standardization efforts and global policy frameworks, we explore the implications for industries and the path toward a quantum-secure future.

Introduction

Quantum computing, leveraging principles like superposition and entanglement, promises to solve complex problems exponentially faster than classical computers. However, this computational power threatens widely used cryptographic systems, such as RSA and Elliptic Curve Cryptography (ECC), which rely on mathematical problems vulnerable to quantum algorithms like Shor’s algorithm. The emergence of cryptographically relevant quantum computers (CRQCs) could enable adversaries to decrypt sensitive data, compromising digital infrastructure critical to governments, corporations, and individuals.

Post-quantum cryptography (PQC) aims to develop classical cryptographic algorithms resistant to both classical and quantum attacks. The past two years have marked a pivotal period for PQC, with significant progress in algorithm standardization, implementation strategies, and global preparedness. However, challenges such as performance trade-offs, crypto-agility, and the threat of “harvest now, decrypt later” attacks persist. This article provides a comprehensive analysis of these developments, focusing on technical advancements, implementation hurdles, and the proactive measures taken by corporations and governments to safeguard against quantum threats.

Key Developments in Post-Quantum Cryptography (2023–2025)

1. NIST’s PQC Standardization Milestone

In August 2024, NIST finalized three PQC algorithms as part of its standardization process initiated in 2016: ML-KEM (based on CRYSTALS-Kyber) for key encapsulation, ML-DSA (based on CRYSTALS-Dilithium) for digital signatures, and SLH-DSA (based on SPHINCS+) as a stateless hash-based signature scheme. These algorithms, designed to resist quantum attacks, are based on mathematical problems such as lattice-based cryptography and hash-based signatures, which are conjectured to be quantum-resistant.

• ML-KEM (Kyber): A lattice-based key encapsulation mechanism optimized for secure key exchange, offering a balance of security and performance.
• ML-DSA (Dilithium): A lattice-based digital signature scheme suitable for applications requiring robust authentication.
• SLH-DSA (SPHINCS+): A hash-based signature scheme providing a stateless alternative for scenarios where state management is impractical.

These standards, published as FIPS 203, FIPS 204, and FIPS 205, mark a significant step toward global adoption of PQC. NIST’s rigorous evaluation process, involving multiple rounds of cryptanalysis, ensured that these algorithms withstand both classical and quantum threats. However, their relative novelty compared to established algorithms like RSA raises concerns about potential undiscovered vulnerabilities, prompting recommendations for hybrid cryptographic approaches combining PQC with traditional methods.[^1]

2. Advancements in Algorithm Research

Beyond NIST’s standards, alternative PQC algorithms like Falcon (a lattice-based signature scheme) and McEliece (a code-based encryption scheme) have gained attention for specific use cases. Research has also explored hash-based signatures, such as the Merkle tree-based schemes, which are resistant to quantum attacks due to the lack of efficient quantum algorithms for finding hash collisions.[^2] Additionally, the German Federal Office for Information Security (BSI) has advocated for composite cryptographic methods, combining quantum-resistant and established algorithms to enhance security during the transition period.[^3]

3. Crypto-Agility and Security-by-Design

The concept of crypto-agility—the ability to seamlessly switch cryptographic algorithms—has become a cornerstone of PQC strategies. The PQC4MED project, funded by the German Ministry of Education and Research, emphasizes integrating crypto-agility into embedded systems, particularly in medical devices, through updatable secure elements and flexible firmware.[^4] This approach ensures that systems can adapt to new algorithms as vulnerabilities are discovered or standards evolve.

Security-by-design principles are also gaining traction, with initiatives like the Linux Foundation and the Internet Engineering Task Force (IETF) developing frameworks to embed PQC into software and hardware development cycles. These efforts aim to mitigate the risks of retrofitting legacy systems, which often lack the flexibility to adopt new cryptographic protocols.[^5]

4. Quantum Key Distribution (QKD) and Hybrid Approaches

While PQC focuses on classical algorithms, quantum key distribution (QKD) leverages quantum mechanics to securely share cryptographic keys. China’s Micius satellite, launched to demonstrate large-scale QKD, has showcased the potential for quantum-safe communication over long distances.[^6] However, QKD faces scalability challenges and vulnerabilities to side-channel attacks, limiting its near-term applicability. As a result, hybrid approaches combining QKD with PQC are being explored to balance security and practicality.

Challenges in Implementing Post-Quantum Cryptography

1. Performance and Resource Constraints

PQC algorithms, particularly lattice-based schemes like Kyber and Dilithium, require longer keys and higher computational resources compared to RSA and ECC. This poses significant challenges for resource-constrained environments, such as smart cards, IoT devices, and embedded systems. For example, implementing PQC on smart cards requires optimizing algorithms for limited memory and processing power, often at the cost of performance.[^7]

Recent studies have highlighted the trade-offs between security and efficiency. Lattice-based algorithms, while secure, are less performant than traditional methods, leading to increased latency in applications like secure communication protocols. Hash-based signatures, such as SPHINCS+, offer quantum resistance but are computationally intensive, making them less suitable for high-frequency transactions.[^8]

2. Legacy System Integration

Many organizations rely on legacy systems that are deeply integrated with RSA or ECC-based cryptography. Retrofitting these systems to support PQC is a complex and time-consuming process, often requiring extensive infrastructure upgrades. The banking sector, for instance, faces challenges in updating legacy systems that handle millions of transactions daily, where interoperability and backward compatibility are critical.[^9]

3. Cryptographic Vulnerabilities and Cryptanalysis

PQC algorithms are based on relatively new mathematical problems, such as the Learning With Errors (LWE) problem for lattice-based schemes. Unlike the factorization problem underpinning RSA, which has been studied for centuries, these problems lack the same level of cryptanalytic scrutiny. In 2022, NIST’s candidate algorithm SIKE was broken using a classical computer, underscoring the risks of adopting untested algorithms.[^10] Ongoing cryptanalysis is essential to ensure the long-term security of PQC standards.

4. “Harvest Now, Decrypt Later” Threat

The threat of “harvest now, decrypt later” attacks, where adversaries collect encrypted data today for decryption once CRQCs become available, has heightened the urgency of PQC adoption. Sensitive data, such as financial records, intellectual property, and government secrets, with long-term confidentiality requirements is particularly vulnerable. Gartner predicts that asymmetric cryptography could become fully breakable by 2034, emphasizing the need for immediate action.[^11]

5. Scalability and Standardization

While NIST’s standards provide a foundation, global standardization remains fragmented. The International Telecommunication Union (ITU) and other bodies are working to harmonize PQC protocols, but differences in regional priorities and regulatory frameworks complicate adoption. For example, China’s focus on QKD contrasts with the U.S. emphasis on PQC, creating challenges for interoperable systems.[^12]

Corporate and Governmental Strategies for Quantum Preparedness

1. United States

The U.S. has taken a proactive stance through legislative and technical initiatives. The Quantum Computing Cybersecurity Preparedness Act (2022) mandates federal agencies to adopt PQC by 2035, with NIST leading the standardization effort.[^13] The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) have issued guidelines urging organizations to assess their cryptographic posture and prioritize PQC migration.[^14]

Corporations like Apple and Google are integrating PQC into their ecosystems. Apple’s PQ3 protocol, introduced in February 2024, enhances the security of iMessage against quantum attacks, while Google has adopted PQC for internal communications.[^15] These efforts reflect a broader industry trend toward preemptive protection against “harvest now, decrypt later” threats.

2. European Union

The EU has prioritized quantum-safe cybersecurity through collaborative research and funding. The EuroQCIinitiative aims to deploy QKD networks across member states, complementing PQC adoption.[^16] Germany’s BSI recommends hybrid cryptographic approaches and has supported projects like PQC4MED to integrate quantum-resistant algorithms into critical infrastructure.[^17]

European corporations, such as Infineon Technologies and Wibu-Systems, are developing PQC-enabled hardware and software solutions. Infineon’s work on optimizing PQC for chip-based platforms addresses the performance challenges of resource-constrained devices.[^18]

3. China

China has invested heavily in quantum technologies, with an estimated $15 billion allocated to its quantum program over the next five years.[^19] The Micius satellite demonstrates China’s leadership in QKD, while state-backed research focuses on both PQC and quantum cryptography. Chinese corporations like Huawei are exploring PQC integration into 5G and IoT networks, aligning with national security priorities.[^20]

4. Other Global Efforts

• United Kingdom: The UK government has established security frameworks to support PQC adoption, emphasizing crypto-agility in critical infrastructure.[^21]
• Singapore: The Monetary Authority of Singapore issued advisories in 2024 to guide financial institutions in adopting PQC, focusing on quantum-safe digital signatures.[^22]
• International Collaboration: The World Economic Forum (WEF) has developed a toolkit to help organizations navigate quantum cybersecurity, advocating for global cooperation to standardize PQC protocols.[^23]

5. Industry-Specific Initiatives

• Finance: Banks are adopting quantum-safe digital signatures to secure transactions and protect customer data. The adoption of PQC in blockchain and secure cloud computing is also gaining momentum.[^24]
• Healthcare: The PQC4MED project targets medical devices, ensuring that patient data remains secure against quantum threats.[^25]
• Government and Military: Agencies are prioritizing PQC for classified communications, with QKD systems being tested for secure data transmission.[^26]

Future Directions and Recommendations

1. Accelerating PQC Adoption

Organizations must conduct cryptographic posture assessments to identify vulnerabilities and prioritize PQC migration. Early adopters have reported interoperability issues and infrastructure challenges, suggesting that multi-year modernization programs are necessary.[^27] Hybrid approaches, combining PQC with traditional algorithms, can facilitate a gradual transition.

2. Enhancing Crypto-Agility

Crypto-agility should be embedded in system design to enable rapid algorithm updates. This requires flexible hardware, updatable firmware, and robust key management systems. The PQC4MED project’s emphasis on secure elements offers a model for other industries.[^28]

3. Investing in Cryptanalysis

Continued cryptanalysis of PQC algorithms is critical to uncover potential weaknesses. Collaborative efforts, such as NIST’s open evaluation process, should be expanded to include global researchers and industry experts.[^29]

4. Addressing Scalability

Advancements in quantum repeaters and satellite-based QKD systems could address scalability challenges in quantum-safe communication. Meanwhile, optimizing PQC algorithms for performance will be essential for widespread adoption in IoT and embedded systems.[^30]

5. Global Standardization and Collaboration

Harmonizing PQC standards across regions will ensure interoperability and reduce fragmentation. The ITU and WEF should lead efforts to establish a unified framework, drawing on lessons from NIST’s standardization process.[^31]

Conclusion

The past two years have witnessed remarkable progress in post-quantum cryptography, driven by NIST’s standardization of quantum-resistant algorithms and global efforts to prepare for the quantum threat. However, challenges such as performance trade-offs, legacy system integration, and the risk of “harvest now, decrypt later” attacks underscore the complexity of the transition. Corporations and governments are responding with proactive measures, from legislative mandates to industry-specific innovations, but the path to a quantum-secure future requires sustained investment, collaboration, and vigilance.

As quantum computing advances, the urgency to adopt PQC intensifies. By prioritizing crypto-agility, investing in cryptanalysis, and fostering global cooperation, the technical community can ensure that digital infrastructure remains resilient against the quantum threat. The next few years will be critical in shaping a secure, quantum-resistant world.

Wibu-Systems INNO DAYS 2025

The author will also be moderating an upcoming roundtable during Wibu Systems INNO DAYS 2025 – Quantum Computing and Digital Sovereignty: Building Secure and Independent IT Infrastructures.

Quantum computing is rapidly evolving, promising profound transformations in IT security and digital sovereignty. This expert roundtable gathers leaders specializing in cybersecurity, cryptography, semiconductor technologies, enterprise software, and quantum research. Together, they will explore practical strategies for building quantum-resistant IT infrastructures, discuss Europe’s roadmap toward digital autonomy, and highlight initiatives aimed at securing sensitive data against quantum threats. Participants will gain clarity on Europe’s strategic response to quantum challenges and learn how to prepare effectively for the quantum era.

Panelists:

• Thomas Depeweg, Chief Product Manager, SAP
• Dr. Detlef Houdeau, Senior Director Business Development, Infineon Technologies AG
• Prof. Dr. Joern Mueller-Quade, Professor for IT Security at Karlsruhe Institute of Technology, and IT Security chairman at the Institute for Theoretical Computer Science (ITI)
• Oliver Winzenried, CEO and founder, WIBU-SYSTEMS AG

Moderator: Steve Atkins, CEO, Krowne Communications

INNO DAYS 2025 brings together visionary leaders, industry pioneers, and cybersecurity experts for an immersive two-day journey into the evolving world of software protection, licensing, and digital business models. Set against the backdrop of Wibu-Systems’ headquarters, this year’s agenda blends cutting-edge technological insights, regulatory updates, real-world case studies, and strategic networking opportunities.

The event kicks off with a networking dinner in a stylish yet welcoming setting, providing the perfect opportunity for engaging conversations and valuable connections. Attendees can exchange ideas with industry peers, thought leaders, and the Wibu-Systems team while enjoying great food in a relaxed atmosphere.

The following day unfolds with an agenda designed to inform, inspire, and empower. We will explore new business landscapes in Asia, dissect emerging trends in software license enforcement, and examine the impact of upcoming EU regulations on cybersecurity and digital governance. The program also features expert-led discussions on cybersecurity threats, digital sovereignty, and quantum computing, providing crucial insights into the challenges and opportunities shaping our industry.

Throughout the day, the showcase area will host live demonstrations from INFORMATICS and Nitrobox, showcasing their expertise in integrating CodeMeter License Central with SAP and agile subscription-based billing models for smart equipment manufacturers.

A highlight of the agenda is the much-anticipated live-streamed roundtable on Quantum Computing and Digital Sovereignty, where experts in cybersecurity, cryptography, and IT infrastructure will discuss how organizations can prepare for the quantum era and build secure, independent IT ecosystems.

With dedicated networking sessions, engaging keynote speeches, and hands-on demonstrations, INNO DAYS 2025 is a unique opportunity to stay at the forefront of industry advancements, forge strategic partnerships, and gain actionable insights into the future of software monetization, security, and compliance.

Explore the full agenda here and get ready for an unforgettable experience at INNO DAYS 2025.

Footnotes and Sources

[^1]: NIST, “Post-Quantum Cryptography Standards,” August 2024. [^2]: PMC, “Post-Quantum Security: Opportunities and Challenges,” 2024. [^3]: Wibu-Systems, “Next in Post-Quantum Cryptography,” April 15, 2025. [^4]: Wibu-Systems, “Crypto-Agility for Post-Quantum Security,” 2020. [^5]: Wibu-Systems, “Next in Post-Quantum Cryptography,” April 15, 2025. [^6]: Coherent Market Insights, “Challenges in Implementing Quantum Cryptography,” February 12, 2025. [^7]: Wibu-Systems, “Post-Quantum Cryptography – The Impact on Identity,” April 10, 2024. [^8]: Fraunhofer AISEC, “Post-Quantum Cryptography,” March 6, 2024. [^9]: Cryptomathic, “Quantum Computing’s Impact on Cryptography,” April 29, 2019. [^10]: FedTech Magazine, “Quantum Cryptography: Challenges and Opportunities,” July 5, 2023. [^11]: Cybersecurity Intelligence, “Quantum Computing: A New Technological Era,” March 19, 2025. [^12]: EMB Global, “Challenges and Opportunities in Quantum Cryptography,” May 30, 2024. [^13]: KPMG, “Quantum is Coming,” 2024. [^14]: Wibu-Systems, “Next in Post-Quantum Cryptography,” April 15, 2025. [^15]: World Economic Forum, “Quantum Computing Could Threaten Cybersecurity,” April 23, 2024. [^16]: RiskInsight, “Quantum Computing and Post-Quantum Cryptography,” March 17, 2025. [^17]: Wibu-Systems, “Crypto-Agility for Post-Quantum Security,” 2020. [^18]: Wibu-Systems, “Post-Quantum Cryptography – The Impact on Identity,” April 10, 2024. [^19]: Cybersecurity Intelligence, “Quantum Computing: A New Technological Era,” March 19, 2025. [^20]: Coherent Market Insights, “Challenges in Implementing Quantum Cryptography,” February 12, 2025. [^21]: Wibu-Systems, “Next in Post-Quantum Cryptography,” April 15, 2025. [^22]: KPMG, “Quantum is Coming,” 2024. [^23]: World Economic Forum, “Quantum Computing Could Threaten Cybersecurity,” April 23, 2024. [^24]: EMB Global, “Challenges and Opportunities in Quantum Cryptography,” May 30, 2024. [^25]: Wibu-Systems, “Crypto-Agility for Post-Quantum Security,” 2020. [^26]: EMB Global, “Challenges and Opportunities in Quantum Cryptography,” May 30, 2024. [^27]: Unisys, “10 Seconds to Break: Preparing for Quantum Security Threats,” January 7, 2025. [^28]: Wibu-Systems, “Crypto-Agility for Post-Quantum Security,” 2020. [^29]: NIST, “Post-Quantum Cryptography Standards,” August 2024. [^30]: Coherent Market Insights, “Challenges in Implementing Quantum Cryptography,” February 12, 2025. [^31]: EMB Global, “Challenges and Opportunities in Quantum Cryptography,” May 30, 2024.