NIST's finalized Post-Quantum Cryptography standards appear well timed after a pivotal twelve months for quantum industry developments.
In this blog, Roberta Faux reflects on the increasing momentum in the PQC world since NIST released their standards and what it means going forward.
In August 2024, the National Institute of Standards and Technology (NIST) officially released its long-awaited Post-Quantum Cryptography (PQC) standards, culminating nearly a decade of intense global collaboration. With the selection of the first standard post-quantum algorithms, the cryptographic community took a definitive step toward a future in which traditional public-key cryptography can no longer be assumed secure.
These standards aim to protect not just against today's threats but also against future quantum adversaries who may someday be able to retroactively decrypt stolen data. These PQ algorithms form the foundation for a multi-year global transition away from RSA and ECC, and their release signals that it’s time to begin that work in earnest.
In the past year, the ecosystem has made encouraging progress. Large tech companies, including Cloudflare, Google, and Microsoft, have launched hybrid TLS deployments combining classical and quantum-safe key exchange methods. Cloud providers now offer PQC options in experimental or early-access modes. Financial institutions and defense contractors have begun piloting PQ-safe authentication in secure communication channels and firmware validation. The software ecosystem is maturing as well; libraries such as liboqs and OpenSSL 3.x now support PQC primitives; and hybrid certificate formats have been proposed to ease deployment friction. Hardware vendors are beginning to follow suit, with experimental support for PQ-safe algorithms in HSMs, TPMs, and smartcard firmware.
Despite that momentum, several critical steps remain. Much of the migration effort lies ahead, especially across long-tail systems where public-key infrastructure is deeply embedded. TLS stacks, certificate authorities, and network middleboxes all need to adapt to hybrid or PQ-native key exchange. Legacy embedded systems; many of which still rely on aging RSA-2048; pose one of the biggest challenges, as they often lack the resources to run larger PQ algorithms without significant redesign. Beyond the technical, regulatory frameworks have not yet caught up; compliance standards like FIPS, PCI-DSS, and ISO 27001 remain quiet or vague on PQ-readiness, leaving risk management and audit teams in limbo.
Perhaps most importantly, the field has underappreciated how asymmetric the migration burden truly is. While the focus has been on replacing public-key encryption and signatures, symmetric cryptographic solutions are often overlooked. Public-key primitives like RSA and ECC face existential threats from quantum computers, yet symmetric cryptography like AES remains surprisingly resilient. These symmetric tools are not only stable but can also play a critical role in bridging insecure systems. For instance, hybrid protocols that distribute symmetric keys through out-of-band channels, pre-shared secrets, or novel protocols can also provide quantum-safe communication in systems. IoT devices, SCADA systems, and air-gapped infrastructure all stand to benefit from these interim measures while longer-term migration efforts unfold. Well-placed symmetric primitives can close real-world gaps.
Most critically, we need to shift the conversation from theoretical readiness to practical deployment. Post-quantum cryptography is not just an algorithmic upgrade: it’s a strategic evolution in how we protect digital trust. One year after NIST’s landmark standards, the road ahead is clearer, but still long and full of hurdles. We have the tools, the guidance, and the urgency. What remains is the collective effort - by engineers, architects, policymakers, and educators - to implement the vision securely, thoughtfully, and completely. Quantum computing may still be years away, but the need to act is already here.
As we enter the second year of the post-quantum era, the biggest challenge isn't algorithm quality, it’s engineering at scale. Post-quantum cryptography isn’t about silver bullets. It’s about safeguarding trust in a post-classical world. NIST lit the blue touch paper, but the responsibility for secure implementation, thoughtful migration, and fallback resilience now belongs to the global technical community. Are you ready for what comes next?
13 August 2025