Quantum threat looming large to privacy

There is a need to protect privacy in communications against quantum technology. Though at present quantum computers are not available, we have to plan how to secure our communications when they are put in place. Today the protocols, which are the backbone of the communications, like IPsec, TLS (Transport Layer Security) are heavily dependent on cryptography.

These cryptographic algorithms like RSA (Rivest–Shamir–Adleman), ECC (Elliptic Curve Cryptography) will be broken by quantum computers easily. We have 2 solutions to overcome this problem: 1. PQC (Post Quantum Cryptography) 2. QKD (Quantum Key Distribution). PQC is the new generation of cryptographic algorithms designed to be secure against attacks from quantum computers. QKD enables two parties to produce and share a random secret key only between themselves which they can use to encrypt and decrypt their messages.

Navigating the PQC Transition

Whenever new computing technology was introduced, it had only an incremental effect on the IT environment and ecosystem.

But quantum computing is disruptive, not only because the quantum computers can break the present algorithms and breach the data security but it will force us to undertake the systemic changes in the IT infrastructure and software and hardware architecture. On the positive side, it accelerates the problem solving in Optimisation and Simulation as Quantum computing uses qubits and quantum mechanics to solve these problems which are intractable for classical computers.

The new type of attack ‘Harvest Now & Decrypt Later’ is popular among cyber criminals. They can stockpile as much data as they can, through security breaches, and decrypt it when they have access to quantum computers. So urgency exists in transiting to the PQC era.

There is a lot of talk of Q day which refers to the hypothetical point in time when a large scale Quantum computer becomes powerful enough to break current encryption methods, potentially compromising digital security systems. This event is also sometimes referred to as the ‘Quantum apocalypse’.

There is an invisible countdown unlike the Y2K threat where there was a definite timeline. We don't know for certain when the quantum computer will be developed which will break the current encryption methods and even if such eventuality happens, we will not know about the breach.

The journey to PQC takes time and effort. We have to start early to protect the computer systems from any cryptographic collapse. On the geopolitical front, the stacks are high as a lot of nations are spending huge money on quantum technology and virtual race is there among the nations.

The important point to be noted is that no retrofitting is possible and once data privacy is lost, we will not be able to secure the data again by any means. All the classical computer systems are vulnerable, whether it is Digital Signature in public domain or Virtual Private Networks or IOT or encrypted data with the financial institutions or critical infrastructure institutions.

Each sector has to chart its own migration path depending on the criticality of that sector and there can't be universal guidelines. Modular transition is required and the transition can't be done all in one go. Transition should be done as per priority.

The model adopted world wide is a hybrid one, with existing encryptions remaining and with highly risky areas migrating to PQC first. We have to ensure interoperability because global systems are in place. If we have a ‘one size fits all’ approach, there will be security gaps and regulatory non compliance.

There is a need for speed in transiting to the PQC era and urgency increases as Q day approaches. Q day can happen earlier than expected as a lot of research is going on in quantum computers. Google announced a 20 times reduction in resources required to break the RSA 2048 key, which is used to secure high risk sensitive data now.

One of the biggest problems in quantum computing is the high error rate and China has announced that they brought it down significantly and it is the world record at present. All the countries are involved in some kind of quantum research or migration. Worldwide investments in 2025 alone are estimated to be 55.7 billion US dollars.

Global PQC migration overview

Some countries like the US, France, Germany, Netherlands, China have taken initiatives for PQC migration.

The US is far ahead of others. They realised early in 2023 and came up with NSM (National Security Mandate) directives. NSM mandates a whole of government migration to PQC by 2025. Roles are assigned to various agencies to develop standards, inventories and migration plans.

NSM requires agencies to inventory cryptographic systems vulnerable to quantum attacks and prioritise high value assets. It emphasizes cryptographic agility, interoperability and international collaboration. The project of migration to PQC is established at NISTs (National Institute of Technology Standards) National Cybersecurity Centre of Excellence. They came up with FIPS (Federal Information Processing standards).

Germany: High risk systems will be made Quantum safe by 2030. Full migration target 2035.

Netherlands: First handbook was released on March 23 and revised on Dec 24. Migration 2-8 years depending on system compatibility.

China: It is the biggest investor in quantum technology. It committed 15 billion US dollars. China Academy of Information and Communication Technology was formed in 2023. The National Institute of Commercial Cryptography Standards (NICCS) was launched in 2025. Emphasis is on indigenous algorithms development for PQC, independent from NIST but evaluating interoperability. Migration by 2035.

Major Quantum communication Breakthroughs

China has pioneered QKD networks including the 2,000 km Beijing-Shanghai Backbone Network across 4 cities and a satellite based network including the 12,900 km intercontinental link with South Africa established in 2024, demonstrating the world’s longest ultra secure quantum satellite connection.

Germany successfully tested Quantum Cryptography over 250 km of telecom fiber, validating secure key exchange on existing infrastructure.

Northwestern University ( USA) achieved Quantum teleportation (the transfer of the precise quantum state of a particle from one location to another without physically moving the particle itself) over active internet cables, showing quantum and classical data can coexist on shared fibre.

India’s preparedness for PQC

TEC’s Technical Report outlines the migration roadmap. CERT-in’s whitepaper on Quantum Cyber Readiness (2025) sets foundational strategy. National Quantum Mission (NQM) has kicked off its activities with a base at Nagpur. Under NQM, ₹6,003 crores budget is allotted (2023-31) for quantum R&D T- Hubs for computing, communication, sensing and materials.

AP and Karnataka have taken initiatives and proposed to set up Quantum Valley and Quantum City. The migration strategies adopted in our country are, emphasis on Hybrid cryptography and crypto agility, focus on sectoral readiness and setting up of Indian Sandbox for testing. The private sector is also playing an important role in making the country Quantum Cyber ready.

Wayforward

We should not be caught off guard when Q day arrives and make our cyber systems robust against quantum threats, well in advance.

Reference: Webinar conducted by TEC

(The author is a former advisor to DoT)