The Quantum-Safe Sentinel #1

Welcome to the inaugural issue of QuRISK’s monthly bulletin, launched in celebration of Cybersecurity Awareness Month.

This new series is dedicated to shedding light on the rapidly evolving quantum cyber threat landscape and the emerging quantum-safe solutions: from Post-Quantum Cryptography (PQC) to Quantum Key Distribution (QKD) and beyond.

Each month, QuRISK will bring you a curated selection of insights, including key awareness points, the latest industry news and regulatory updates, and a spotlight feature on a timely quantum security topic.

Let’s dive in and stay a step ahead and secure in the quantum era.

1. The Quantum Cyber Threat

Overview

Quantum computing is expected to bring unprecedented power and significant risk. Algorithms like RSA and ECC, once considered secure, could be broken by future quantum computers using Shor’s algorithm. This creates a “harvest now, decrypt later” threat: data encrypted today may be exposed tomorrow. As quantum capabilities accelerate, this is no longer a distant concern but a strategic cybersecurity challenge that demands early action.

Recent News & Trends

• A new study from the U.S. Federal Reserve warns that quantum computers could one day decrypt historical Bitcoin transactions, exposing private data recorded under current encryption standards.

• Security experts argue that the date of “Q-Day” (when quantum computers can break widely used cryptography) may be unknowable, but that doesn’t relieve urgency. Organizations are increasingly pressured to plan ahead. (Read more)

• In a global context, governments are diverging on quantum security standards and pushing tighter timelines, some now expect concrete quantum-safe adoption roadmaps. (Source: IOT World Today)

• Europol’s Quantum Safe Financial Forum is urging banks to begin migrating now, warning that adversaries may already be hoarding encrypted data to crack later. (Source: Reuters)

QuRISK’s Position

In 2025, we observed a major shift: the quantum cyber threat is now being taken seriously across sectors. For the first time, regulatory guidance and positions are clear, emphasizing the urgency for organizations to start planning their PQC migration. However, while awareness has grown, the path to implementation remains unclear for many organizations. They require expert support throughout the entire journey, from strengthening cryptography management and crypto-agility, to assessing, planning, and implementing their quantum-safe migration.

2. Post-Quantum Cryptography (PQC)

Overview

Post-Quantum Cryptography (PQC) refers to classical algorithms designed to withstand both traditional and quantum attacks. Unlike quantum hardware solutions, PQC operates on today’s systems, making it practical and deployable now. It aims to replace or strengthen vulnerable asymmetric schemes like RSA and ECC with quantum-safe alternatives such as CRYSTALS-Kyber and CRYSTALS-Dilithium, recently standardized by NIST.

Recent News & Trends

• NIST has published guidance mapping PQC migration steps into its existing risk and security frameworks, helping organizations integrate quantum transitions into standard security practices.

• In 2025, NIST added a new backup algorithm, HQC, to its PQC suite (complementing the existing lattice-based schemes).

• A recent survey evaluates PQC support across major cryptographic libraries (OpenSSL, Bouncy Castle, etc.), finding varied levels of readiness and highlighting performance or integration gaps. (Source: arXiv)

• Cloudflare has announced plans to integrate PQC into its Zero Trust Network Access and other services, further pushing PQC adoption in real-world systems. (Read more)

• A recent paper surveys strategies for making cloud infrastructures quantum-safe, recommending hybrid transition paths and emphasizing the importance of cryptographic agility. (Source: arXiv)

QuRISK’s Position

The standardization of PQC algorithms by NIST marks a turning point, transforming post-quantum security from theory to action. Yet, implementation remains challenging: organizations must translate standards into operational practices while ensuring compatibility, performance, and compliance. In 2025, QuRISK observed that most organizations are still in the early stages of readiness, often lacking visibility over their cryptographic landscape. We believe the priority now is to build crypto-agility and cryptographic governance capabilities, enabling organizations to adopt PQC progressively and confidently within their existing infrastructures.

3. Quantum Cryptography (QKD & Beyond)

Overview

Quantum Cryptography is the discipline that applies the laws of quantum mechanics to secure communication and information, instead of relying on mathematical hardness. It encompasses several technologies, including Quantum Key Distribution (QKD) for secure key exchange, Quantum Random Number Generation (QRNG) for true randomness, and Quantum Secure Direct Communication (QSDC) for direct message transmission. Together, these approaches lay the groundwork for physics-based, future-proof cybersecurity.

Recent News & Trends

• Spain’s QKD-GEO project, part of the EuroQCI program, advances with €100M in funding and 67% domestic development, aiming to deliver satellite-based QKD for European secure communications.

• In Germany, researchers achieved quantum-encrypted messaging over 254 km of standard telecom fiber without cryogenic cooling — a major milestone for practical QKD integration. (Source: Financial Times)

• A Polish team demonstrated four-dimensional time-phase QKD, using the Talbot effect to boost data density per photon and enhance next-gen QKD efficiency.

• Side-channel-secure QKD (SCS-QKD) was tested over 200 km of fiber, maintaining protection against device-source vulnerabilities while extending range. (Source: arXiv)

• Continuous-variable QKD (CV-QKD) now coexists with classical data over 120 km of fiber, showing how QKD can integrate within today’s telecom networks. (Source: arXiv)

• At CERN, the White Rabbit synchronization tech is being paired with entangled-photon signals, paving the way for precise timing in quantum networks. (Read more)

QuRISK’s Position

Quantum cryptography is rapidly evolving, transitioning from research to early deployments across Europe and Asia, notably through initiatives like EuroQCI. In 2025, governments and telecom operators showed renewed interest in QKD and quantum network infrastructures. While these technologies promise unprecedented security, their costs, interoperability, and scalability remain challenges. QuRISK believes that although PQC migration is the current priority, quantum cryptography should be treated as a complementary pillar, together enabling balanced, resilient, and truly quantum-safe networks.

This Month’s Awareness Topic: Crypto-Agility

This month’s spotlight is crypto-agility: the capacity of a system to adapt cryptographic algorithms or parameters over time without wholesale redesign.

Why Crypto-Agility matters

• The quantum threat landscape is evolving; new attacks or algorithmic breakthroughs may require switching algorithms.

• As PQC standards mature, organizations need the flexibility to adopt new schemes or combine multiple.

• Hybrid deployments (mixing classical + post-quantum) may evolve, and agile systems can adjust parameters, rollback, or upgrade as necessary.

• Crypto-agility reduces “lock-in” risk: deploying a quantum-safe algorithm today doesn’t guarantee it will remain secure indefinitely.

Best Practices & Suggestions

• Enhance cryptography management and maintain cryptographic inventory.

• Use modular, pluggable cryptographic APIs rather than hard-coded algorithms.

• Design protocols and key management layers to support algorithm negotiation or upgrades.

• Test fallback paths and transition scenarios periodically.

• Monitor cryptographic community developments (new attacks, recommendations, standards).

QuRISK’s Position

At QuRISK, we consider crypto-agility the foundation upon which any PQC migration program must be built. Without achieving an adequate level of cryptographic agility and governance capability, migration initiatives risk facing serious integration and sustainability issues, and in some cases, outright failure. Strengthening these foundations first ensures that organizations can adapt, evolve, and scale their cryptographic landscape confidently as quantum-safe standards and technologies continue to mature.

This bulletin is powered by oQo, QuRISK’s Quantum Virtual Advisor: an AI-driven LLM designed to augment professionals on quantum technology–related themes, including securing adoption, risk management, and cybersecurity.

It is published by QuRISK - Quantum Risk Advisory, a French firm specialized in Quantum Risk & Cybersecurity.

For more information or inquiries, please visit www.qurisk.fr or contact us at contact@qurisk.fr

To learn more about oQo, please visit www.myoqo.ai