Realizing Quantum Safe Encryption for Our Post-Quantum World

Quantum safe encryption, also referred to as Post-Quantum Cryptography (PQC), refers to the use of new cryptographic algorithms for the continued protection of our digital universe from Cryptographically Relevant Quantum Computers (CRQCs) which will break today’s conventional public key encryption.

Even though we currently face some technical challenges that limit the practical application of quantum processors, the quantum threat is already here with “harvest now, decrypt later” (HNDL) style attacks that target long life data and devices.  

Key Takeaways: 

• The journey to quantum safe encryption is non-linear with quantum safe readiness varying widely across sectors and regions. In some cases, CRQCs may emerge five to six years before organizations complete their transition.
• Today, most organizations have begun their journey to quantum safe encryption and are in the process of compiling a complete inventory of cryptographic assets.
• Crypto agility is the foundation of PQC migration, enabling organizations to move beyond crypto inventory to quantum safe encryption.
• Draft NIST IR 8547 Transition to Post-Quantum Cryptography Standards provides a structured framework for organizations to seamlessly realize quantum safe encryption using a hybrid migration approach.

What is quantum safe encryption and why does it matter? 

Quantum safe encryption, otherwise known as Post Quantum Cryptography (PQC), is the use of new cryptographic algorithms including those from NIST that are essential for the continued protection of our digital universe from Cryptographically Relevant Quantum Computers (CRQCs). These computers are known as the quantum threat.

Google, IBM, and others have already demonstrated quantum computers with over one hundred qubits but have yet to realize CRQCs which promise to break today’s conventional encryption, including RSA or ECC. Poor qubit stability, also known as noisy qubits, is one of the key challenges that limits the practical application of these machines today. However, that does not mean that the quantum threat is yet to come. Indeed, “harvest now, decrypt later” (HNDL) style attacks that target long life data and devices mean the “quantum genie” has already left the bottle

The time for quantum safe encryption is now

CISA, NIST, and NSA are all jointly urging organizations to prepare now and with the availability of NIST PQC standards, most organizations have at least begun their journey to quantum safe encryption. However, quantum safe readiness varies widely across sectors and regions with governments and financial institutions generally leading the pack.

Compiling a cryptographic inventory on the road to quantum safe encryption

Today, most organizations are in the process of compiling a full inventory of cryptographic assets including algorithms, protocols, libraries, keys, certificates, and dependencies like APIs and third-party integrations. Typical blind spots include legacy systems, shadow IT, and supply chain partners. The use of a cryptographic security platform (CSP) can be invaluable to this effort and will also help keep the inventory current, essentially being a living cryptographic bill of materials (CBOM).

Moving from crypto inventory to quantum safe encryption

While cryptographic asset discovery is a critical step towards PQC migration, organizations must quickly move beyond inventory to action on quantum safe encryption. General global regulatory guidance is that high priority systems must be migrated to PQC by 2030/31, with all systems migrated by 2035.

Draft NIST Interagency Report 8547(NISTIR 8547), Transition to Post-Quantum Cryptography Standards, deprecates conventional encryption algorithms by 2030, replacing them with new NIST PQC standards, and disallows the use of the former by 2035. The United Kingdom and Europe are largely aligning with NIST, while many Asia Pacific countries are building their own quantum safe encryption frameworks.

The journey to quantum safe encryption is non-linear and must begin now, not in response to future threats. Yet, IBM’s Quantum-Safe Readiness Index (QSRI) shows an average score of just 25 out of 100 for organizations in 2025, highlighting that there’s still much work to be done. Most concerning is that CRQCs may emerge five to six years before most organizations complete their transition.

Crypto agility is the foundation of quantum safe encryption

The missing link between crypto inventory and quantum safe encryption is often cryptographic agility, or crypto agility. Crypto agility is the foundation of an effective and seamless quantum safe encryption migration plan enabling:

• Incremental staged migration of crypto assets and data based on priority and longevity.
• Use of hybrid cryptography (conventional and PQC) during an organization’s migration to pure PQC.
• Future proof security with the ability to swap out vulnerable cryptographic algorithms with quantum safe ones quickly and seamlessly, without major redesigns or disruptions. This also helps address the uncertainty surrounding the longevity and efficacy of new PQC standards.

Implementing quantum safe encryption 

Armed with a complete cryptographic inventory and crypto agile foundation, NISTIR 8547 provides a structured framework for organizations to seamlessly transition to quantum safe encryption via a multi-year staged migration. Steps include:

• Applying NIST’s recommendations to classify systems by vulnerability, migration, and urgency.
• Using that cryptographic inventory to identify and prioritize high value and long-life assets for PQC migration. For example:
  • Phase 1: High-priority assets like those protecting national security, intellectual property, or critical infrastructure.
  • Phase 2: Medium priority assets like internal applications.
  • Phase 3: Remaining systems and archival data.
• Piloting PQC algorithms in test environments using NIST’s staged approach (Preparation > Baseline understanding > Planning and execution > Monitoring and evaluation)
• Working with supply chain partners to ensure their roadmaps also align with NIST PQC standards. Once again, the use of a CSP can help simplify and facilitate these efforts both initially and on an ongoing basis.
• Applying a hybrid approach (conventional and PQC algorithms) during migration to ensure backwards compatibility and facilitate the transition of legacy systems.
• Aligning PQC migration efforts with the organization’s IT refresh cycle to streamline implementation with minimal cost and disruption.
• Updating security policies to include the adoption of quantum safe encryption.
• Executing a phased rollout starting with non-critical systems to validate performance and interoperability before transitioning mission critical assets. Using a CSP to track progress, along with compliance and government regulations.
• Training developers and security teams on quantum safe encryption algorithms, key management, and migration pitfalls.
• Committing to ongoing quantum resistance training and awareness across the organization.
• Staying vigilant and continuously monitoring the quantum safe encryption ecosystem for vulnerabilities from NIST and other cryptographic thinktanks.

Benchmark your quantum safe encryption progress today

The quantum threat to our digital universe is here, and governments and regulatory bodies around the world are urging organizations to prepare. As most scramble to compile a complete inventory of their cryptographic assets, many are struggling with poor crypto agility which is further inhibiting their ability to proceed on their journey to quantum safe encryption. NIST IR 8547 provides a structured framework for organizations to improve crypto agility and seamlessly transition to quantum safe encryption using a hybrid approach.

Don’t leave your organization unnecessarily exposed and a relatively easy target for cybercrooks. Benchmark your quantum safe encryption progress with this Post-Quantum Readiness Assessment and explore our post quantum cryptography solutions.