Why Post-Quantum Technology Adoption Is So Slow

The Challenges of Post-Quantum Cryptography Implementation With the finalization of post-quantum cryptographic (PQC) standards, many assume that implementation will be straightforward. However, according to Shahram Mossayebi, CEO of Crypto Quantique, the transition will be a monumental challenge across multiple industries, particularly in semiconductor design, hardware security, and enterprise integration. From a semiconductor perspective, implementing PQC requires addressing concerns such as side-channel attack vulnerabilities, efficiency optimization, and memory management. Hardware security modules (HSMs) must also be updated to support the new cryptographic protocols, adding complexity to an already intricate process. While new microcontrollers (MCUs) with built-in PQC capabilities are emerging, widespread adoption across existing hardware infrastructures will take time. On the enterprise side, the challenge extends beyond hardware readiness. Organizations must update and replace legacy systems, reconfigure security architectures, and ensure interoperability with emerging PQC-enabled devices. Mossayebi estimates that full-scale adoption will take approximately five years, as industries navigate the technical and logistical hurdles of securing digital communications against future quantum threats.

Migration Timelines for Enterprises Transitioning to Post-Quantum Cryptography (PQC): Large enterprises require 12–15 Years for PQC migration, while the time needed to secure the infrastructure exceeds the time remaining before the Fault-Tolerant Quantum Computers (FTQC) arrive (see table). PQC migration is not a technical refresh but a systemic transformation. This assertion is grounded in a deep analysis of the "interconnectedness" of IT ecosystems, where a single cryptographic dependency can trigger a cascade of failures across identity management, network transport, and data persistence layers. The migration difficulty rests on the technical differences between classical algorithms and the new NIST standards: FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA). The PKI and HSM Scalability Crisis Hardware Security Modules (HSMs) are the root of trust for the enterprise. They are expensive, proprietary, and heavily regulated (FIPS 140). Certification Lag: Before an enterprise can deploy a PQC-capable HSM, the vendor must develop it, and a lab must certify it. This certification process usually takes 12–24 months. Capacity Mismatch: Current HSMs are optimized for RSA/ECC math and have limited secure storage. PQC keys will consume this storage 50x faster. An enterprise that needs 10 HSMs today might need 50 HSMs for PQC to handle the same volume of keys. Procurement Cycles: The budget approval and procurement cycle can easily consume 2-3 years of the "Large Enterprise" timeline. Inter-Enterprise Coordination: The Synchronization Deadlock The B2B API Problem: If a large retailer migrates its API gateway to require PQC-TLS, but its thousands of small suppliers have not upgraded their client software, the supply chain breaks. The Hybrid Complexity: "Hybrid" operation, where systems must support both Classical and Quantum-safe algorithms simultaneously, doubles the testing matrix, doubles the potential for configuration errors, and increases the attack surface. Recommendations Mitigation This granular forecast reveals a stark reality: for many large enterprises, the "safe" migration window relative to the predicted arrival of FTQC has effectively closed (see table), necessitating immediate and aggressive risk mitigation strategies. The strategic imperative shifts from "prevention" to "mitigation" and "agility." [11] National Institute of Standards and Technology, "Transitioning the Use of Cryptographic Algorithms and Key Lengths," SP 800-131A Rev. 2, 2019. [14] Cloud Security Alliance, "Preparing Enterprises for Post-Quantum Cryptography," 2022. [16] Netherlands National Communications Security Agency, "The PQC Migration Handbook," March 2023. [17] Encryption Consulting, "How to Start Your Enterprise PQC Migration Plan," 2023. [19] DARPA, "Quantum Benchmarking Initiative (QBI)," November 2024. [20] BSI (Germany), "BSI TR-02102-1. Cryptographic Mechanisms: Recommendations and Key Lengths," 2023 #PQC, #FTQC, #Migration #Timelines

𝗪𝗵𝗶𝗹𝗲 𝘄𝗲'𝗿𝗲 𝗮𝗹𝗹 𝘁𝗮𝗹𝗸𝗶𝗻𝗴 𝗮𝗯𝗼𝘂𝘁 𝗔𝗜... Two research papers published last week put the quantum threat timeline closer than anyone planned for. Specifically, Google has set a 2029 target for migrating its systems to post-quantum cryptography, ahead of NIST's 2035 deadline. The prior industry assumption was ten years, minimum. Google and a startup called Oratomic published separate analyses pointing to a much shorter window. Cloudflare said publicly it was "very concerned" and still working through the findings. This isn't a defense contractor problem or a cryptocurrency problem. The encryption protecting your data in transit, your authentication systems, your stored credentials: it's built on RSA and elliptic curve. The same math these papers say is breakable. Post-quantum cryptography standards exist. NIST finalized them. Still, most organizations haven't even started migration planning. For most mid-market security programs, the fact is you don't know where all your cryptographic dependencies are. You haven't inventoried which systems rely on which algorithms. And "we'll deal with that when it's closer" got a lot less defensible last week. Crypto agility is what separates organizations that will handle this transition from ones that won't. Not a full migration right now, but rather the ability to swap algorithms without rebuilding your infrastructure from scratch. The first step is the inventory. Know what you're running. Nothing else matters until that work is done. https://lnkd.in/g7msPXBP

Last week, Ethereum announced it is forming a post-quantum working group because they can read the room: cryptography isn’t a “future upgrade,” it’s a ticking dependency and a grown-up admission that digital trust has a shelf life. In 𝑵𝒐𝒘 𝑾𝒉𝒂𝒕? I called this the Big Crunch: the moment quantum collapses the economics of breaking today’s public-key cryptography. Unlike Y2K, this isn’t a bug you patch. It’s a global migration you either start early or you finish in panic. And timelines are already wobbling, Google research from 2025 suggested breaking RSA could need 20x fewer qubits than previously thought of. Unfortunately, most leaders treat quantum like a storm on the horizon: “interesting, but not today.” That’s a mistake. Attackers can already copy encrypted traffic and files now, store it, and unlock it later when quantum tools get good enough. That’s not theory. It’s a rational investment strategy from an adversary's perspective. And if a major system ever gets quietly cracked, you won’t hear about it when it happens. You’ll hear about it after someone has made money from it. After all, the incentives reward silence; think Enigma, but automated, monetized and at scale. The smart path is boring, but effective: start upgrading before the break, and form working groups like Ethereum to start today. It also means running hybrid encryption, today’s algorithms paired with post-quantum ones, across the places where trust lives: web connections (TLS), logins and identity, enterprise software, key management and HSMs, cloud services, and blockchain signatures. Do it early and you turn a cliff-edge event into a controlled rollout. Wait too long and it’s not just your future data at risk, old encrypted backups, archived emails, contracts, customer records, IP can become readable years later. In other words: you don’t just lose security going forward. You lose your history.

Most quantum boardroom conversations end without an agenda. They end with a posture — "we're monitoring quantum developments," "we're taking it seriously". Neither statement produces a plan. The distinction matters because quantum creates three problem classes, each with a different urgency and a different cost of inaction. A generic posture misaddresses all three at once. The right response, for most leadership teams, has three parts. The first is to defend now. Post-quantum cryptography belongs on the enterprise risk agenda as a current priority. That means building visibility into cryptographic dependencies across the enterprise, identifying migration priorities, and mapping third-party exposure. This is the part of the quantum agenda that cannot wait. The second is to explore selectively. Most leadership teams do not need a wide portfolio of quantum pilots. They need a small number of focused efforts on high-value problems where the workload aligns with quantum's actual strengths — evaluated against the strongest available classical alternative. Each effort should be a targeted test: one specific problem, one clear classical benchmark, one honest evaluation. The third is to build options. For companies in simulation-relevant sectors — pharmaceuticals, advanced materials, energy — the right posture is modest investment in partnerships and early hardware collaborations. The goal is R&D workflows that are ready to integrate quantum subroutines when the technology matures. The companies that benefit most will not necessarily be those spending the most today. They will be the ones best positioned to move when the moment arrives. The most common failure on quantum is conflating the urgency of the three classes — treating all three as equally distant or equally immediate, when each has a different clock running. The organizations that get this right understand early which problem classes matter to their business, which ones to set aside, and what the distinction demands of them starting Monday morning. https://lnkd.in/gkymW7Xm

We’re all bracing for “Harvest Now, Decrypt Later.” The risk that keeps me up at night is its more dangerous twin: “Trust Now, Forge Later.” This isn’t about reading your secrets tomorrow. It’s about forging the signatures and certificates your systems trust today - software updates, firmware, documents, device identities - once quantum computers can break RSA/ECC. When the control plane (signing and verification) fails, attackers can push "validly signed" malware and instructions that our systems accept without a blink. Why this matters - especially in OT and cyber‑physical environments: - Integrity -> safety. In factories, energy, healthcare, and transport, forged signatures can become physical harm. - Long‑lived devices. Roots of trust burned into ROM, narrow maintenance windows, and legacy protocols mean PQC migration in OT is harder (much harder) and slower than in IT. - Evidence and provenance. If signatures become forgeable, non‑repudiation and long‑term legal trust need PQ‑secure timestamping and re‑signing strategies. I lay it out here - including why “Sign Today, Forge Tomorrow / Trust Now, Forge Later” is often a bigger risk than HNDL for OT and critical infrastructure, and why the migration is uniquely complex. #QuantumThreat #QuantumComputing #TrustNowForgeLater #TNFL #QuantumSecurity #PQC #PostQuantum #QuantumReadiness

MITRE worked with key industry stakeholders a couple years ago to launch the Post Quantum Cryptography (#PQC) Coalition, looking to accelerate implementation and adoption of PQC ciphers once the core algorithmic standards were completed. The coalition just released its migration roadmap, designed to help CIOs and CISOs with a transition that is going to be much more complicated than most people realize. Migration starts with inventorying the cryptography used by your organization, which can be extremely difficult to answer. Beyond things like PKI used for IdM or TLS-based web services, cryptography shows up all over the place, from code signing to network management and control functions. While many vendors, cloud services, SaaS platforms, etc, will have PQC migration baked into their future offerings, full enterprise migration will have to cope with legacy systems, unmanaged/governed systems, and complex integration challenges across systems. An entire industry is beginning to emerge around helping organizations independently audit/inventory their crypto use, apply stop-gap solutions to legacy systems, and measure overall migration progress. https://lnkd.in/e_kBKKXU

A recent comprehensive study, issued by Federal Office for Information Security (BSI) on the Status of #Quantum #Computer #Development provides a sober, evidence-based assessment of progress, risks, and timelines, particularly relevant for #cryptography, #cybersecurity, and strategic planning, with a focus on applications in #cryptanalysis. Key takeaways: • Quantum advantage is real, but still narrow Quantum computers have demonstrated advantage only on highly specialized benchmark problems. Broad, application-relevant superiority remains out of reach. • Cryptography is the primary strategic risk driver Shor’s algorithm continues to pose a credible long-term threat to RSA and elliptic-curve cryptography, while symmetric cryptography (e.g. AES) remains comparatively resilient with appropriate key lengths. • Fault tolerance is the true bottleneck Error rates not qubit counts are the dominant constraint. Scalable, fault-tolerant quantum computing requires massive overheads in error correction and infrastructure. • Leading hardware platforms are converging Superconducting qubits, trapped ions, and neutral atoms (Rydberg) currently lead the field, with rapid progress but no clear single winner. • #NISQ systems are not a near-term cryptographic threat Noisy Intermediate-Scale Quantum (NISQ) devices lack the depth and reliability needed for meaningful cryptanalysis, despite frequent hype. • A realistic timeline is emerging Based on verified advances in error correction, a cryptographically relevant quantum computer may be achievable in ~10–15 years—not decades, but not imminent either. • “Harvest now, decrypt later” remains a credible risk Sensitive data encrypted today may be vulnerable in the future, reinforcing the urgency of post-quantum cryptography migration. • Security preparedness must start now Transition planning, crypto-agility, standards development, and quantum-readiness assessments are no longer optional for governments and critical sectors. 👉 Bottom line: quantum computing is progressing steadily, not explosively, but its long-term implications for cybersecurity and digital trust demand early, structured, and risk-based action today. https://lnkd.in/eMui-D_W

Quantum risk will not break the network first. It will break trust first. The OSI model still explains how data moves. In a post-quantum world, it also becomes a useful lens for understanding where trust dependencies are embedded across protocols, identities, endpoints, applications, firmware, and management planes. Most leaders still look at the OSI stack as a classroom model. I look at it as an exposure map. Quantum computing does not pressure every layer equally. The most immediate pressure falls on quantum-vulnerable public-key mechanisms used for key establishment and digital signatures, including PKI, certificates, TLS handshakes, VPN key exchange, software signing, and related trust services. NIST finalized its first three post-quantum cryptography standards in 2024 and is encouraging organizations to begin transitioning now. That matters because long-lived sensitive data is already exposed to a harvest now, decrypt later risk models. NIST’s migration work specifically calls out TLS as one of the most widely deployed security protocols and a prime target for that threat. When you map that back to the OSI model, the message is clear: The problem is not Layer 1 cabling. It is the cryptographic trust fabric spanning protocols, identities, endpoints, applications, firmware, and management planes that still depends on quantum-vulnerable public-key cryptography. That is why this is not just a cryptography discussion. It is an enterprise architecture discussion. A PKI discussion. A certificate lifecycle discussion. A software signing discussion. A vendor governance discussion. An OT and IoT lifecycle discussion. NIST guidance and CISA’s OT-focused post-quantum materials both point organizations toward first identifying where quantum-vulnerable cryptography exists across hardware, software, services, firmware, PKI, IT, OT, and vendor dependencies before trying to migrate. For boards and executive teams, the real questions are straightforward: Do we know where we use quantum-vulnerable public-key cryptography? Do we know which data must remain confidential longer than our migration window? Do we know which OT, IoT, and embedded assets are not crypto-agile enough to adapt? Do our vendors have a credible roadmap for PQC in certificates, TLS, VPNs, browsers, firmware, and signing? The OSI model still explains how data moves. In 2026, it can also help explain where trust dependencies may fail first if cryptographic migration is delayed. Quantum readiness is not about hype. It is about rebuilding the trust layer before the threat catches up. #Cybersecurity #PostQuantumCryptography #EnterpriseArchitecture