PREPARING for the post-quantum cryptography (PQC) era will require more than a simple migration plan, cryptography expert Jean-Philippe Aumasson argues, with migration likely taking years and a continuous process of discovery, impact assessment and remediation. He warns that quantum computers are not merely faster machines but ones well suited to cracking current encryption, threatening RSA and ECDSA and potentially putting VPNs, PKI and distributed ledgers at risk.
There is good news, however, in the availability of PQC standards such as SLH-DSA and in early moves by major providers like Google and Apple toward quantum-safe schemes. According to Dark Reading, the bigger challenge is that many organisations aren’t adequately prepared for Q-Day, often lacking more than some documentation on quantum attacks and an inventory of vulnerable systems; migration for large organisations will be particularly demanding.
Aumasson emphasises a need for continuous quantum risk management, including system discovery, business impact assessment, remediation plans and supply chain management, with examples such as TLS in Go and the Cloudflare Tunnel VPN already moving toward post-quantum connections.