{"id":2052,"date":"2025-10-28T10:47:00","date_gmt":"2025-10-28T09:47:00","guid":{"rendered":"https:\/\/showcase-preprod.neverhack.dev\/b\/?p=2052"},"modified":"2026-02-13T12:04:17","modified_gmt":"2026-02-13T11:04:17","slug":"post-quantum-cryptography-pqc-current-risk","status":"publish","type":"post","link":"https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/","title":{"rendered":"Post-Quantum chryptography (PQC): current Risk"},"content":{"rendered":"\n<p>In previous articles, we explored AI as a tactical weapon that is already reshaping attacks and Zero Trust as a strategic model for modern defence. Now, let&#8217;s address a threat that does not aim to&nbsp;<em>infiltrate<\/em>&nbsp;our infrastructure, but to&nbsp;<em>invalidate&nbsp;<\/em>the cryptographic foundations on which it is built.<\/p>\n\n\n\n<p>Analysts such as Gartner estimate that standard asymmetric encryption may not be secure by 2029 and could be completely broken by 2034. However, focusing on a specific date detracts attention from two much more pressing issues. Let&#8217;s take a look at what they are:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Harvest Now<\/strong>,&nbsp;<strong>Decrypt Later<\/strong>&nbsp;(HDNL): The risk is not future; it is present. Adversaries are already intercepting and storing huge volumes of encrypted data. They cannot read them today, but they are patiently storing them, waiting for a quantum computer (or another breakthrough) to be able to decrypt them. If a datum (industrial, health, government secret) must remain secret for 10 years, it is already compromised today.<\/li>\n\n\n\n<li><strong>The Complexity of Migration<\/strong>: The transition to Post-Quantum Cryptography (PQC) is not a \u201cpatch day\u201d. It is perhaps the most complex infrastructural migration ever undertaken, a colossal undertaking involving the entire global IT infrastructure.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>The real challenge: \u201chybrid\u201d architecture<\/strong><\/h2>\n\n\n\n<p>The National Institute of Standards and Technology (<strong><a href=\"https:\/\/www.nist.gov\/news-events\/news\/2024\/08\/nist-releases-first-3-finalized-post-quantum-encryption-standards\">NIST<\/a><\/strong>) has already standardized its first set of PQC algorithms, such as CRYSTALS-Kyber (now ML-KEM) and CRYSTALS-Dilithium (now ML-DSA). The point, however, is not to \u201cswitch off\u201d RSA and \u201cswitch on\u201d PQC.<\/p>\n\n\n\n<p>For at least a decade, we will live in a \u201chybrid\u201d cryptographic world. Our systems will have to manage an uncomfortable coexistence:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Interoperability<\/strong>: systems upgraded to PQC will still need to communicate with billions of legacy devices (IoT, OT, embedded systems) that cannot be updated.<\/li>\n\n\n\n<li><strong>Performance:<\/strong>&nbsp;The new PQC algorithms have different characteristics. Larger keys and heavier digital signatures can introduce latency. This is irrelevant for an email, but it is a huge problem for high-frequency payment systems or low-latency communications.<\/li>\n\n\n\n<li><strong>Key Management<\/strong>: The complexity of Key Management Systems (KMS) will explode, as they will have to manage the lifecycles of classical and quantum keys in parallel.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>PQC \u201cas\u201d a prerequisite for Zero Trust<\/strong><\/h2>\n\n\n\n<p>As we have seen, the Zero Trust model is based on identity and continuous authentication. But what happens when the encryption that&nbsp;<em>proves<\/em>&nbsp;that identity (digital certificates, signatures) is no longer reliable? The entire Zero Trust architecture collapses if the mathematics on which it is based fails.<\/p>\n\n\n\n<p>PQC is not a separate technological \u201csilo.\u201d It is the key prerequisite for ensuring that identity, access, and segmentation still have meaning in 2030. Quantum resilience is the natural evolution of \u201c<strong>Crypto-Agility<\/strong>\u201d that is, the ability to change cryptographic algorithms without having to redesign the entire architecture.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>From inventory to action: a pragmatic approach<\/strong><\/h2>\n\n\n\n<p>The question is no longer&nbsp;<em>whether<\/em>&nbsp;to migrate, but&nbsp;<em>how<\/em>&nbsp;to orchestrate this transition without disrupting business. The NSA roadmap (CNSA 2.0) sends a clear signal, recommending the start of adoption of quantum-resistant algorithms by 2025.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Problem n.1<\/strong>:&nbsp;<strong>The Cryptographic Inventory<\/strong>. We cannot protect what we cannot see. The first real hurdle is mapping every single library, certificate, and hard-coded protocol in the infrastructure.<\/li>\n\n\n\n<li><strong>Quantify the risk<\/strong>. Management does not react to \u201cShor,\u201d it reacts to \u201cRisk.\u201d We need to map the data and then ask ourselves: \u201cWhat is the value of this data if it is made public in 7 years?\u201d This shifts the debate from the IT budget to the business continuity plan.<\/li>\n\n\n\n<li><strong>Test the Impact<\/strong>. Architectures must start testing PQC algorithms&nbsp;<em>now<\/em>, in hybrid mode. Not (only) for security, but for&nbsp;<em>performance<\/em>. Will your VPN handle the overhead? Will your mobile apps experience delays?<\/li>\n\n\n\n<li><strong>Check the Supply Chain<\/strong>. It is essential to ask your cloud, software, and hardware suppliers about their PQC roadmap.<\/li>\n<\/ol>\n\n\n\n<p>The quantum transition has begun. It is not a future event, it is an engineering process that is already behind schedule.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>The path to post-quantum security: where are we now?<\/strong><\/h2>\n\n\n\n<p>The transition process towards&nbsp;<strong>post-quantum cryptography&nbsp;<\/strong>(<strong>PQC<\/strong>) is not only a technological issue, but also an organizational and strategic one. Every company is currently at a different point along this path, which we can ideally divide into three levels of maturity:&nbsp;<strong>Aware<\/strong>,&nbsp;<strong>Defined<\/strong>, and&nbsp;<strong>Managed<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Level 1 \u201caware\u201d (awareness)<\/strong><\/h3>\n\n\n\n<p>In the first stage, the organization became aware of the threat posed by quantum computers, but has not yet taken any concrete action. This is the stage in which&nbsp;<strong>Top Management<\/strong>&nbsp;and&nbsp;<strong>Risk Management<\/strong>&nbsp;were formally informed about the PQC risk, including the issue of&nbsp;<strong>Harvest Now<\/strong>,&nbsp;<strong>Decrypt Later<\/strong>&nbsp;(<strong>HDNL<\/strong>) \u2014 i.e., the possibility that data encrypted today could be collected and decrypted in the future thanks to quantum computing capabilities.<\/p>\n\n\n\n<p>During this initial phase, internal discussions often focus on fundamental concepts such as the&nbsp;<strong>\u201cuseful life\u201d of data<\/strong>, that is, how long certain information must remain confidential. At the same time, the organization begins to&nbsp;<strong>monitor announcements from NIST<\/strong>&nbsp;and the roadmaps of its key suppliers\u2014such as cloud providers, operating system manufacturers, or firewall manufacturers\u2014to understand the direction in which the market is moving.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Level 2 \u201cdefined\u201d (inventory and planning)<\/strong><\/h3>\n\n\n\n<p>Once simple awareness has been overcome, a more operational phase begins. The organization starts to&nbsp;<strong>map what already exists<\/strong>&nbsp;and&nbsp;<strong>plan<\/strong>&nbsp;the following steps. This involves starting a&nbsp;<strong>cryptographic inventory<\/strong>, aimed at identifying where vulnerable algorithms such as RSA or ECC are used, both in applications and in internal systems and libraries.<\/p>\n\n\n\n<p>Furthermore,&nbsp;<strong>critical systems<\/strong>&nbsp;and&nbsp;<strong>data at higher risk<\/strong>&nbsp;are identified, i.e., those that require protection for a long period of time. Based on this analysis, a&nbsp;<strong>roadmap for migration<\/strong>&nbsp;to post-quantum solutions is defined, even if only in preliminary form. At the same time,&nbsp;<strong>crypto-agility<\/strong>\u2014the ability to easily replace one cryptographic algorithm with another\u2014becomes a<strong>&nbsp;fundamental feature in new contracts<\/strong>&nbsp;and in the required specifications for suppliers.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Level 3 \u201cmanaged\u201d (test and integration)<\/strong><\/h3>\n\n\n\n<p>Finally, in the \u201cManaged\u201d phase, the organization moves on to the&nbsp;<strong>active testing&nbsp;<\/strong>of PQC technologies. In controlled environments, post-quantum algorithms\u2014such as&nbsp;<strong>ML-KEM<\/strong>\u2014are tested to assess their performance impact in terms of latency, CPU usage, and bandwidth on critical applications.&nbsp;<strong>Hybrid-mode interoperability<\/strong>&nbsp;is also verified, combining classical and post-quantum algorithms in popular protocols such as&nbsp;<strong>TLS 1.3,<\/strong>&nbsp;while&nbsp;<strong>DevSecOps<\/strong>&nbsp;pipelines begin to include automated testing for new cryptographic libraries.<\/p>\n\n\n\n<p><strong>At which level is your organization today?<\/strong>&nbsp;And above all, what do you think are the&nbsp;<strong>main obstacles<\/strong>&nbsp;slowing down the path to post-quantum security? Is it a question of&nbsp;<strong>technology<\/strong>,&nbsp;<strong>budget<\/strong>, or&nbsp;<strong>legacy complexity<\/strong>?<\/p>\n\n\n\n<p><a href=\"https:\/\/neverhack.com\/en\/offers\/data-security\">For further information<\/a><\/p>\n\n\n\n<p>Raffaele Sarno<\/p>\n\n\n\n<p>Head Pre-Sale Manager, NEVERHACK Security Operation Department, Italy<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In previous articles, we explored AI as a tactical weapon that is already reshaping attacks and Zero Trust as a strategic model for modern defence. Now, let&#8217;s address a threat that does not aim to&nbsp;infiltrate&nbsp;our infrastructure, but to&nbsp;invalidate&nbsp;the cryptographic foundations on which it is built. Analysts such as Gartner estimate that standard asymmetric encryption may &hellip; <a href=\"https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/\">Continued<\/a><\/p>\n","protected":false},"author":12,"featured_media":2053,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[70],"tags":[576,28,574,578],"class_list":["post-2052","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trends","tag-cryptography","tag-high-risk","tag-post-quantum","tag-risk"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.5 (Yoast SEO v26.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Post-Quantum chryptography (PQC): current Risk - Neverhack<\/title>\n<meta name=\"description\" content=\"Is your encryption ready for the quantum threat? How NEVERHACK leads the transition to Post-Quantum Cryptography.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Post-Quantum chryptography (PQC): current Risk\" \/>\n<meta property=\"og:description\" content=\"Is your encryption ready for the quantum threat? How NEVERHACK leads the transition to Post-Quantum Cryptography.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/\" \/>\n<meta property=\"og:site_name\" content=\"Neverhack\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-28T09:47:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-13T11:04:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/neverhack.com\/b\/app\/uploads\/2026\/01\/pqc-neverhack.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1184\" \/>\n\t<meta property=\"og:image:height\" content=\"864\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ciro PANICO\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ciro PANICO\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/\",\"url\":\"https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/\",\"name\":\"Post-Quantum chryptography (PQC): current Risk - Neverhack\",\"isPartOf\":{\"@id\":\"https:\/\/neverhack.com\/b\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/neverhack.com\/b\/app\/uploads\/2026\/01\/pqc-neverhack.jpg\",\"datePublished\":\"2025-10-28T09:47:00+00:00\",\"dateModified\":\"2026-02-13T11:04:17+00:00\",\"author\":{\"@id\":\"https:\/\/neverhack.com\/b\/#\/schema\/person\/242fd3c033376be457fb8e56fe6c9103\"},\"description\":\"Is your encryption ready for the quantum threat? How NEVERHACK leads the transition to Post-Quantum Cryptography.\",\"breadcrumb\":{\"@id\":\"https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/#primaryimage\",\"url\":\"https:\/\/neverhack.com\/b\/app\/uploads\/2026\/01\/pqc-neverhack.jpg\",\"contentUrl\":\"https:\/\/neverhack.com\/b\/app\/uploads\/2026\/01\/pqc-neverhack.jpg\",\"width\":1184,\"height\":864},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/neverhack.com\/b\/en\/home-en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Post-Quantum chryptography (PQC): current Risk\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/neverhack.com\/b\/#website\",\"url\":\"https:\/\/neverhack.com\/b\/\",\"name\":\"Neverhack\",\"description\":\"Advanced cybersecurity solutions\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/neverhack.com\/b\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/neverhack.com\/b\/#\/schema\/person\/242fd3c033376be457fb8e56fe6c9103\",\"name\":\"Ciro PANICO\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Post-Quantum chryptography (PQC): current Risk - Neverhack","description":"Is your encryption ready for the quantum threat? How NEVERHACK leads the transition to Post-Quantum Cryptography.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Post-Quantum chryptography (PQC): current Risk","og_description":"Is your encryption ready for the quantum threat? How NEVERHACK leads the transition to Post-Quantum Cryptography.","og_url":"https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/","og_site_name":"Neverhack","article_published_time":"2025-10-28T09:47:00+00:00","article_modified_time":"2026-02-13T11:04:17+00:00","og_image":[{"width":1184,"height":864,"url":"https:\/\/neverhack.com\/b\/app\/uploads\/2026\/01\/pqc-neverhack.jpg","type":"image\/jpeg"}],"author":"Ciro PANICO","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Ciro PANICO","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/","url":"https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/","name":"Post-Quantum chryptography (PQC): current Risk - Neverhack","isPartOf":{"@id":"https:\/\/neverhack.com\/b\/#website"},"primaryImageOfPage":{"@id":"https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/#primaryimage"},"image":{"@id":"https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/#primaryimage"},"thumbnailUrl":"https:\/\/neverhack.com\/b\/app\/uploads\/2026\/01\/pqc-neverhack.jpg","datePublished":"2025-10-28T09:47:00+00:00","dateModified":"2026-02-13T11:04:17+00:00","author":{"@id":"https:\/\/neverhack.com\/b\/#\/schema\/person\/242fd3c033376be457fb8e56fe6c9103"},"description":"Is your encryption ready for the quantum threat? How NEVERHACK leads the transition to Post-Quantum Cryptography.","breadcrumb":{"@id":"https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/#primaryimage","url":"https:\/\/neverhack.com\/b\/app\/uploads\/2026\/01\/pqc-neverhack.jpg","contentUrl":"https:\/\/neverhack.com\/b\/app\/uploads\/2026\/01\/pqc-neverhack.jpg","width":1184,"height":864},{"@type":"BreadcrumbList","@id":"https:\/\/neverhack.com\/b\/en\/blog\/post-quantum-cryptography-pqc-current-risk\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/neverhack.com\/b\/en\/home-en\/"},{"@type":"ListItem","position":2,"name":"Post-Quantum chryptography (PQC): current Risk"}]},{"@type":"WebSite","@id":"https:\/\/neverhack.com\/b\/#website","url":"https:\/\/neverhack.com\/b\/","name":"Neverhack","description":"Advanced cybersecurity solutions","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/neverhack.com\/b\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/neverhack.com\/b\/#\/schema\/person\/242fd3c033376be457fb8e56fe6c9103","name":"Ciro PANICO"}]}},"lang":"en","translations":{"en":2052},"pll_sync_post":[],"_links":{"self":[{"href":"https:\/\/neverhack.com\/b\/wp-json\/wp\/v2\/posts\/2052","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/neverhack.com\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/neverhack.com\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/neverhack.com\/b\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/neverhack.com\/b\/wp-json\/wp\/v2\/comments?post=2052"}],"version-history":[{"count":3,"href":"https:\/\/neverhack.com\/b\/wp-json\/wp\/v2\/posts\/2052\/revisions"}],"predecessor-version":[{"id":2807,"href":"https:\/\/neverhack.com\/b\/wp-json\/wp\/v2\/posts\/2052\/revisions\/2807"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/neverhack.com\/b\/wp-json\/wp\/v2\/media\/2053"}],"wp:attachment":[{"href":"https:\/\/neverhack.com\/b\/wp-json\/wp\/v2\/media?parent=2052"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/neverhack.com\/b\/wp-json\/wp\/v2\/categories?post=2052"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/neverhack.com\/b\/wp-json\/wp\/v2\/tags?post=2052"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}