Executive Briefing on Post-Quantum Cryptography — April 2025

This is a snapshot summary of Post Quantum Cryptography Innovation April 2025.

The reality is that Quantum Technologies will be a threat to Cybersecurity.

Article illustration — executive-briefing-post-quantum-cryptography-april-2025

Some months ago an eminent scientist I follow claimed this was “BS” and that it would take more energy to boil the North Sea than to crack encryptionn.

The tables have turned.

Now the scientist, and other scientists, are raising the same alarm - those claiming BS are now relegated to a position of fringe statistical outliers.

Please consider sharing this post to help raise awareness.

”Known Knowns” in Relation to Post Quantum Cryptography

“There are known knowns; there are things we know we know.

We also know there are known unknowns; that is to say we know there are some things we do not know.

But there are also unknown unknowns - the ones we don’t know we don’t know.”

Donald Rumsfeld.

While I would not claim for a second that eminent standards organisations have it wrong, because they clearly do not, what I would like to point out is that there is the very high possibility of “Innovation curve balls” requiring the advice time lines to be adapted in the future, this would be true to past form.

So let’s start there.

Accelerating Innovation

There is rapid innovation in quantum and AI, particularly in circuit design, driven by advanced capabilities in AI that are now influencing chip and hardware development at an unprecedented rate.

The pace of innovation in Quantum is rapid. Dates from major security agencies are likely to be revised down as innovation speeds up. This has been the case to date.

AI speeds up chip design
Using AI to Detect and Categorise Quantum Entanglement

Harvest Now Decrypt Later Attacks

HNDL attacks, often stemming from data routing manipulation, do occur.

These attacks are difficult to detect and likely under-reported.

HDNL attacks vacuum up data to decrypt it later when quantum computers are powerful enough to break cryptography. 99.95% of data is probably useless on your average corporate network, but Quantum computers may have the ability to spot where the 00.05% of valuable data is very quickly.

On a banking network, or other critical infrastructure, this is a problem.

BGP Hijacking: A Real Threat
Post Quantum Cryptography Expert Lectures

Rapidly Evolving Guidelines

Guidelines on post-quantum cryptography (PQC) and quantum resilience have been updated multiple times and may be expected to continue evolving as innovation accelerates.

Some of the timeline forecasting and rationale may be missing the “true pace of innovation” factor in consideration of calculations.

Australia Depreciates Timelines
NIST PQC Timeline
There is No Q Day and Q Day is Now

Converging Technologies

There is convergence across AI, ML, QML (Quantum Machine Learning), and Quantum Computing, which may shorten the timeline to quantum-relevant threats.

It is almost certainly going to be possible to use hybrid Quantum environments to optimise, simulate and run both offensive cyber warfare and defensive cyber security capabilities. This includes attack optimisation.

Hybrid attacks on classical infrastructures and against traditional attack-vectors will become an increasing problem as AI becomes enabled with Quantum at an increasing rate of QuBits.

We are already witnessing statistical advantages in some data scenarios with QML, all be it with smaller data sizes and limited circuit depth, this is likely to improve quickly.

The AI Revolution: How Artificial Intelligence is Reshaping Technology
Quantum Machine Learning Just Got A Power Up
AI is Cool but Quantum Machine Learning Is Just Bonkers

Migration Now Recommended

Agencies such as NIST and ENISA (EU) are aligned in recommending that migration to quantum-resistant cryptography should start now, with most organisations stating the project needs to be started by 2028 and completed by 2035.

ENISA Cybersecurity Maturity & Criticality Assessment of NIS2 sectors
UK’s National Cyber Security Centre

Recommended steps

Start with a complete cryptographic inventory, use tooling to reduce work load
Map systems using public key cryptography
Document current encryption algorithms - CBOM / SBOM
Identify high-risk cryptography assets
List all of your certificates and their expiration dates

Quantum-ready transition plan:

Replace vulnerable algorithms takes longer than expected
Build cryptographic agility (how use AI where possible to reduce time)
Test quantum-safe solutions (Not all protocols are equal - horses for courses)
Train your team on new protocols

Management

Regular crypto assessments
Phased implementation with urgent replacements first
Continuous monitoring with SOC and change integration
Early adoption of new NIST standards

Tooling: QryptoCyber / Venari Security provide most of the capability for the above, there are also point tools that can be used ( Full vendors list here )

Forecasting Future Risk

There is general (not universal) agreement that timelines for cryptographically relevant quantum computers are shrinking due to faster innovation, consistent with prior historical trends.

Jensen Huang Is Wrong On Quantum - Here Is Why.
Nvidia Says It Will Now Be An Accelerator Of Quantum Computing
Quantum Computers are Cracking Secret Codes Faster

Major Tech Players Pushing Boundaries

Advances by Google Research , Microsoft , and others suggest progress toward usable quantum computers, though opinions vary.

Google uncovers how quantum computers can beat today’s best supercomputers
Microsoft’s Azure Quantum
Is Microsofts 4th state of matter claim BS?
IQM wants to be Europes Answer to Google and IBM

Outlier Opinions Exist

Some researchers argue that acryptographically relevant quantum computer may never be possible, but these are increasingly seen as an outlier positions.

Resource & Time Constraints

Quantum Cryptography upgrade projects are proving longer and more complex than expected, and needs an investment in tooling and new cryptography enterprise wide.

Relevant tooling and automation software for PQC projects.

Elevating Post Quantum Data Security and Compliance Management (video presentation)

Preparing For A Post Quantum Cryptography Project (video presentation)

Classified Programs

It is likely that some national-level programs are ahead of behind public disclosures. Some national level-program designs are disclosing that they are ahead of where they are.

China may be overstating Quantum Capability and understating AI capability

Breaking Down The Zuchongzhi-3
Is China Set to Dominate the Future—And What Happens If They Do?”

AI-Aided Cryptographic Advances

Emerging AI paradigms are being applied directly to cryptographic discovery and attacks, which may shift traditional cryptanalysis. This is not just a Quantum problem, but likely that it will be AI+ Quantum Hybrid systems that will break cryptography in the future.

Quantum technologies themselves are not free of their own specific security weaknesses, there are side channel attacks and specific types of threat unique to quantum communications technologies and compute hardware.

Breakthrough quantum algorithm can break advanced data encryption
Course on Quantum Cyber Security
Advanced AI needs new math, and it’s likely already on the way

Secondary Implementation Risks

Secondary implementation issues are emerging in new cryptographic primitives – including speed, size, and unforeseen attack vectors and some new cryptography not really working that well.

Quantum cryptography and post quantum primitives are new and such they may come with teething problems in their adoption.

Quantum Computers Vs Blockchain
QuDef Quantum Advanced Threat Analysis With SQOUT

Deep Circuit Simulations

Quantum circuit simulation capabilities have grown significantly, accelerating testing and validation cycles, creating and testing new quantum solutions just waiting for the right number of QuBits to arrive will hasten innovation speed as compute becomes available.

IBM Quantum Circuit Simulator
Take A Free Spin On The industry’s most advanced quantum simulator

Updating Blockchain Will Be Required

Evaluation and re-engineering of blockchain infrastructure for quantum resilience is anticipated. This is complicated by a requirement for global co-ordination, although solutions exist they are piecemeal and time is running out. IOT devices with non compliment cryptography are numerous and a significant concern.

Sui Blockchain Prepares for Quantum Computing Challenges
Course in Quantum Resilient Blockchain by QSECDEF
Shielding IoT & Web3 with Post-Quantum Defenses

Advances in Teleportation of Data

Significant advances in Quantum teleportation of data is likely to have positive impact to interconnectivity and scalability of Quantum Systems further compressing timelines.

Quantum Teleportation Is Now A Thing.
A ‘Teleportation’ Breakthrough

Robust Solutions Will Be Hybrid Solutions

Robust solutions for Quantum Cybersecurity are likely to involve hybrid approaches incorporating Quantum Random Number Generation, Quantum Key Distribution (popular in Europe not so much in the USA) and Post Quantum Cryptography solutions.

Memory assisted QKD
DISCRETION for Defence
QRNGs: physical principles, industrialisation, and use cases

The Known Unknowns

What we know we don’t know.

Quantum Requirements for Breakthrough

The exact number of qubits and their configuration needed to break today’s encryption remains unknown—estimates range widely.

The actual date will be driven by the pace of global innovation, and getting a grip on innovation is like trying to pick up a snake.

State of Global Programs

Full visibility into the quantum capabilities of other nations remains opaque.

QuBit + Hybrid Threats

Unknown whether combinations of qubits and advanced tech (e.g., AI or neuromorphic chips) will accelerate code-breaking capabilities.

Potential paradigm shifts in the way that AI is done

Critical Infrastructure Risk

The real-world threat to critical infrastructure and systems from quantum computing is still unclear in scope or immediacy.

The Systems Thinkers- Your Quantum Roadmap Needs them

Industry Recommendations (Balanced Risk Perspective)

Conduct Cryptographic Audits Now

Initiate a full Cryptographic Bill of Materials (CBOM) and Software (SBOM) review.

The Five Pillars of Cryptographic Discovery & Inventory
Everything you need to know about PQC for a project

Transition to quantum-safe primitives,

Implement Software to help you transition to quantum-safe cryptography.

Blockchain Exchanges, cloud environments and data networks with high-throughput demands and heavy latency demands contact me to discuss the fix.

Highlighted Observations from Industry

Executive leadership are still generally unaware of PQC impact - Non Complicated Overview of PQC even though they carry personal liability for its implementation and security of data.
Projects are frequently under-scoped and underestimated in terms of technical complexity.
Immediate risk is normally overstated, where as >3 year risk is normally heavily understated - within 3 years you really should have this buttoned down, just in case there is an innovation curve ball thrown into the mix, which is likely.
Not all cryptographic new post quantum cryptography is deployment-ready or equal in operational cost impact to the business. New quantum algorithms may cause latency or throughput challenges in transactional systems after a PQC update.
Quantum companies still struggle with effective communication and commercialisation. when communicating impacts of PQC. Primarily this is not a quantum solution, nor does it require you to adopt Quantum Technology.
Classical algorithm improvements are catalysing advances in quantum techniques.
Many quantum systems are hybrid, combining classical and quantum resources and this is likely a permanent feature.
There is and increasing interest in a global adjudicator for algorithmic quality, thousands of Quantum algorithms exist with unclear viability and impact to cybersecurity, nobody knows if they work or not, at this point its best guess, teams like Quant.Bond are working on this.
Quantum sensing is increasingly considered a component of future cybersecurity architectures. DoE: Quantum Sensing for Defense
Heightened attention is being paid to third-party data hygiene and supply chain security.
PQC as a service capabilities developing in labs at Colt Technology Services, Quantum Resistant VPN’s are becoming available, network infrastructure leaders Sparkle are implementing Quantum Safe Encryption at Scale.

Net Result and Summary

Critical Infrastructure Faces Unacceptable Risk Begin migration planning and execution now, in alignment with NIST and UK NCSC recommendations. ▸ UK NCSC: PQC Guidance
Innovation Visibility Needs Strengthening Internal tracking and horizon scanning for relevant innovation must be institutionalised and communicated. Communicating Innovation to Customers..
Export Controls Are Emerging Early-stage quantum technology export controls are being implemented in the US, EU, and UK. ▸ US Export Controls on Quantum
Quantum Timeline: Sooner Rather Than Never. The idea that “quantum won’t arrive” is increasingly considered implausible, and will likely be a boiling frog than a big bang for cybersecurity impacts. There is no QDAY and QDAY Is Now.

“Only the Paranoid Survive” — Andy Grove, former CEO of Intel - Kindly Peer-reviewed for sanity by cyber professionals with national security backgrounds from inside and outside the friendly community at QSECDEF

Companies and organisations mentioned in the above article, or included in research

Please note I have not included all vendors but feel free to add you solution to the comments if you have been omitted.

Quantum Security Defence - Innovation community for Quantum and Research Library
National Institute of Standards and Technology (NIST) - Standard Body
National Cybersecurity Coordination Center (NCSCC) - Ukraine
European Union Agency for Cybersecurity (ENISA)
Aireon LLC - Case study used for effective implementation
Karlsruhe Institute of Technology (KIT) - Export controls overview (video)
Sparkle - case study of effective data network deployment (video linked in article)
Venari Security - Tooling used by some of the large financial companies in EMEA - (Case study video linked in article)
QryptoCyber - Tooling used companies in the USA / Americas - (Case study video linked in article)
National Cyber Security Centre - Government department UK for Cyber advice
National Cyber Security Centre (NKSC/CERT-LT) - Lithuanian cyber security
National Cyber Security Centre - New Zealand cyber security
IBM - Provides wide range of services and technology in Quantum
Defense Advanced Research Projects Agency (DARPA) - Advancements in QS for Cyber
Analog Physics Inc. - Advanced AI technology with high impact possibility
Deimos - Deployed European Defence QKD project
IQM Quantum Computers - European Quantum Computing Company
ID Quantique - Company providing QRNG / QKD Technology
Wolfberry LLC - Provides IOT blockchain PQC solutions
Airbus - Case studies for implementation of QKD / PQC
Quantum Rings - Advanced quantum technology simulation environment
Quant Bond - Web3 Quantum Algorithm mathematical validation
ANSSI - Agence nationale de la sécurité des systèmes d’information - French Cyber Standards Office
Federal Office for Information Security (BSI) - German Cyber Standards Office
European University Cyprus - Quantum QKD memory case study
Microsoft Security - Chip design
Google Research - Chip design
IonQ - Quantum Platform provider
Sui Foundation - Blockchain platform implementing PQC case study.
Papers and research that can be found on my profile under articles

Steven Vaile

Board technology advisor and QSECDEF co-founder. Writes on AI governance, quantum security, and commercial strategy for boards and deep tech founders.