The necessity to safeguard communication privacy against quantum technology is increasing. Although quantum computers are not currently available, it is crucial to strategize how to secure our communications once they are operational. Present-day protocols that underpin communication, such as IPsec and TLS (Transport Layer Security), rely heavily on cryptography. However, algorithms like RSA (Rivest–Shamir–Adleman) and ECC (Elliptic Curve Cryptography) can be easily compromised by quantum computers. Two solutions exist to address this challenge: 1. PQC (Post Quantum Cryptography) and 2. QKD (Quantum Key Distribution). PQC represents a new generation of cryptographic algorithms designed to withstand quantum computer attacks. In contrast, QKD allows two parties to generate and share a random secret key exclusively for message encryption and decryption.
As we navigate the transition to PQC, it is important to recognize that the introduction of new computing technologies has typically resulted in incremental changes to the IT environment. However, quantum computing is fundamentally disruptive, not only because it can dismantle current algorithms and compromise data security, but also due to the systemic transformations required in IT infrastructure and software and hardware architectures. On the positive side, quantum computing enhances problem-solving capabilities in optimization and simulation, utilizing qubits and quantum mechanics to tackle issues that classical computers struggle with.
Cybercriminals have adopted a new attack strategy known as ‘Harvest Now & Decrypt Later,’ which involves accumulating as much data as possible through security breaches and decrypting it once they gain access to quantum computers. This highlights the urgency of transitioning to the PQC era. The term ‘Q-day’ refers to the hypothetical moment when a large-scale quantum computer becomes capable of breaking current encryption methods, thus jeopardizing digital security systems. This phenomenon is sometimes referred to as a ‘Quantum apocalypse.’ Unlike the Y2K threat, which had a clear timeline, the countdown to Q-day is invisible and uncertain.
We cannot predict when a quantum computer will be developed that can breach current encryption methods, and even if such an event occurs, we may remain unaware of the breach. The journey to PQC is time-consuming and requires significant effort. Early action is essential to protect computer systems from potential cryptographic failures. Geopolitically, the stakes are high, as many nations are heavily investing in quantum technology, leading to a competitive race among them. It is critical to note that retrofitting is not possible; once data privacy is compromised, it cannot be restored. All classical computer systems face vulnerabilities, whether they are related to digital signatures, virtual private networks, IoT, encrypted data with financial institutions, or critical infrastructure.
Each sector must define its own migration path based on its specific needs, as universal guidelines may not be applicable. A modular approach is necessary, with transitions prioritized rather than implemented all at once. The globally adopted model is hybrid, allowing existing encryptions to remain while high-risk areas migrate to PQC first. It is vital to ensure interoperability since global systems are interconnected. A ‘one size fits all’ strategy could lead to security gaps and regulatory noncompliance. The urgency to transition to the PQC era escalates as Q-day approaches. This event could materialize sooner than anticipated due to ongoing research in quantum computing.
Google has announced a significant reduction in the resources needed to break the RSA 2048 key, crucial for securing sensitive data. A major challenge in quantum computing is its high error rate, but China has reportedly made significant progress in reducing it, currently holding the world record. Many countries are engaged in various aspects of quantum research or migration, with global investments projected to reach $55.7 billion by 2025. In terms of PQC migration, countries like the US, France, Germany, the Netherlands, and China have initiated efforts. The US is leading the charge, having recognized the need for action in early 2023 and issuing NSM (National Security Mandate) directives.
These directives mandate a comprehensive government transition to PQC by 2025, assigning roles to various agencies for developing standards, inventories, and migration plans. NSM emphasizes the need for agencies to assess cryptographic systems vulnerable to quantum attacks and prioritize high-value assets, promoting cryptographic agility, interoperability, and international collaboration. Migration to PQC is being spearheaded by the NIST (National Institute of Standards and Technology) National Cybersecurity Centre of Excellence, which has developed FIPS (Federal Information Processing Standards). Germany aims to secure high-risk systems against quantum threats by 2030, with full migration targeted for 2035. The Netherlands released its first migration handbook on March 23 and revised it on December 24, with migration timelines of 2-8 years based on system compatibility.
China, as the largest investor in quantum technology, has committed $15 billion and established the China Academy of Information and Communication Technology in 2023, alongside launching the National Institute of Commercial Cryptography Standards (NICCS) in 2025, focusing on developing indigenous algorithms for PQC independent of NIST while ensuring interoperability, with migration planned for 2035. Major breakthroughs in quantum communication have been made by China, which has developed QKD networks, including the 2,000 km Beijing-Shanghai Backbone Network across four cities and a satellite-based network featuring a 12,900 km intercontinental link to South Africa, demonstrating the world’s longest ultra-secure quantum satellite connection. Germany has successfully tested Quantum Cryptography over 250 km of telecom fiber, confirming secure key exchange on existing infrastructure.
Northwestern University in the USA achieved Quantum teleportation over active internet cables, illustrating that quantum and classical data can coexist on shared fiber. In India, preparations for PQC are underway, with TEC’s Technical Report detailing the migration roadmap. CERT-in’s whitepaper on Quantum Cyber Readiness (2025) outlines the foundational strategy, while the National Quantum Mission (NQM) has commenced activities, backed by a budget of ₹6,003 crore (2023-31) for quantum R&D, including T-Hubs for computing, communication, sensing, and materials. States like Andhra Pradesh and Karnataka have proposed initiatives for establishing Quantum Valley and Quantum City. India’s migration strategies emphasize hybrid cryptography, crypto agility, sectoral readiness, and the creation of an Indian Sandbox for testing.
The private sector is also playing a crucial role in enhancing the country’s readiness for quantum cyber threats. Looking ahead, it is vital to prepare in advance to ensure our cyber systems can withstand the challenges posed by quantum technologies when Q-day arrives.