Prognoses suggest that the first quantum computers capable of breaking current cryptographic processes will be available by the early 2030s. For this reason, the development of secure algorithms for post-quantum cryptography is a major focus in politics, industry and research. After several selection rounds, the first PQC standards from the US National Institute of Standards and Technology (NIST) will be made available in 2024. At the PQC Update 2024 from the Fraunhofer Institute for Applied and Integrated Security AISEC, the German-speaking PQC community met for the third time on May 13 – 14 to discuss the current state of development of post-quantum cryptography.

Over 100 experts from public authorities, companies, universities and research institutions at the annual event organized by the Competence Center for Post-Quantum Cryptography were all in agreement: Even if there was only a small chance that powerful quantum computers would become a reality, the enormous consequences of this would require immediate action and a migration towards quantum-secure encryption. A prerequisite here is that companies properly manage their cryptography in inventories and gradually switch to crypto-agile processes.

More secure, easier and low-energy algorithms

There also needs to be further improvements to the PQC algorithms themselves, as some of the presentations clearly demonstrated: Cryptologists are working closely on these algorithms and are constantly finding new vulnerabilities when PQC algorithms are used in software or hardware. Performance losses and the energy input that can result from the integration of PQC were also discussed. They need to be investigated in more detail in order to better understand how they can be managed.

Working toward crypto-agility

In the industry session of the PQC update, we gained an insight into how companies are currently dealing with the topic of PQC migration: For example, users want clear policies for their own crypto inventory and that of their stakeholders, e.g., suppliers, in order to prepare cryptographic governance for migration activities or crypto-agility. Suppliers, such as chip manufacturers, are preparing their products for upcoming PQC standards and certifications or are launching products on the market that already include PQC components.

A sword of Damocles: “Store now and decrypt later”

However, the PQC community agreed that PQC must be implemented much more efficiently, intensively and quickly than before in order to combat the looming risk. After all, the “store now and decrypt later” idea is like the sword of Damocles hanging over everything — regardless of when quantum computers will actually become available.