Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎07-29-2025 04:49 PM
‎07-29-2025 04:49 PM

Post Quantum Cryptography guidance and suggestions

Hi All

 

Now that US, EU and Australia have now publicly stated that critical infrastructure must migrate to Quantum cryptography algorithms by 203, this is less than five years away.  

 

Most non technical people head for the hills or run away due to the fact it is a compliance situation and run away from it all.   Let the technical specialist sort it out.

 

I have seen plenty of you tube videos, so called simple explanations which rapidly turn into technical diatribes on Quantum Cryptography.  

 

But in reality we need stories that non technical people including CEO's can understand without the mathematics and technical what will happen if you do not migrate expose.

 

Any one have suggestions, stories to share or do we have to break this down for each industrial sector, health care, financial, Energy, Water, and others?

 

The reality is that it took 10 years to migrate from DES to AES and there are still some pockets of resistance even in 2025!  It took the Payments Industry 6 years after resistance to migrate to TLS 1.2 from TLS 1.0 and SSL V3.

 

We have to pitch a message that tells a story, that is understandable and relates to what organisations need to do and commence publishing it widely.  

 

Yes, Browsers like Chrome and Firefox are ready getting ready to migrate to TLS V1.3 by default, but there is so much more that needs to be done to make this transition smooth.

 

There is no point giving it to an AI, because you don't know for sure where that information came from and that it is accurate.  Especially if you can hi-jack Gen-AI with a Prompt and root the system which occurred to Microsoft Co-Pilot recently.  

 

Suggestions folks that can assist the community get the message out, Post Quantum Cryptography is coming, and the runway is getting shorter every year.   

 

Thoughts, comments, lets get a dialogue started.

 

Regards

 

Caute_Cautim

 

 

Reply
3 Replies
wilson3adams
Viewer
‎08-05-2025 06:14 AM
‎08-05-2025 06:14 AM

Great read. There's a lot of buzz around this topic lately. What are your thoughts on NIST algorithms on PQC?

Reply
0 Kudos
Caute_cautim
Community Champion
‎08-05-2025 05:38 PM
‎08-05-2025 05:38 PM

@wilson3adams    My thoughts, is start the discovery process now, and create an cryptography inventory of your existing applications, authentication methods, communications methods, and any embedded systems including devices.

 

Organisations should approach post-quantum cryptography migration systematically:
1. Start with an inventory Map out everywhere encryption is currently used - applications, databases,
communication systems, certificates, VPNs, APIs, and third-party services. Many organisations are
surprised by how extensively they rely on encryption.
2. Assess risk and prioritize Identify which systems handle the most sensitive data or are most critical
to operations. These should be migrated first. Consider what would happen if each system's encryption
was compromised.
3. Choose standardised algorithms Use the post-quantum cryptographic algorithms that NIST has
already approved and standardised, such as ML-KEM, ML-DSA, and SLH-DSA. Avoid experimental
or non-standardised approaches.
4. Plan for hybrid approaches During the transition, use both traditional and post-quantum encryption
together. This provides protection even if one method has unexpected weaknesses.
5. Update in phases Start with the highest-risk systems and work systematically through your
infrastructure. Don't try to change everything at once, as this increases the chance of errors or
downtime.
6. Test thoroughly Post-quantum algorithms often require more processing power and create larger
data sizes. Test performance impacts and ensure systems can handle the changes before full
deployment.
7. Work with vendors Coordinate with software and hardware vendors to understand their post quantum
roadmaps. Some systems may need vendor updates before you can migrate.
8. Train your team Ensure IT and security staff understand the new algorithms and how to implement
them properly.
9. Create a timeline Start now and plan to complete migration well before quantum computers become
a real threat. The process typically takes 2-5 years for large organisations.
10. Monitor and maintain Cryptographic standards may evolve, so plan for ongoing updates and
monitoring of new developments in the field.

 

 

The main issue is start the process now, I have put together a draft explanation in non technical terms for organisations who will run a mile, if the subject is raised and they think they can mitigate the problem by passing to the compliance and audit team.   The entire organisation needs to be made aware, it is coming and is inevitable.

 

Regards

 

Caute_Cautim

 

Reply
wilson3adams
Viewer
‎08-06-2025 01:13 AM
‎08-06-2025 01:13 AM

Insightful. Thanks

Reply
0 Kudos