Skip to content

Post-Quantum Cryptography Preparation: Securing Your Infrastructure Against the Quantum Threat

The advent of quantum computing represents one of the most significant paradigm shifts in the history of information security. While quantum computers promise revolutionary advances in fields ranging from drug discovery to financial modeling, they simultaneously pose an existential threat to the cryptographic foundations that secure our digital world. For security professionals, the question is not whether quantum computers will break current encryption standards, but when—and whether organizations will be prepared for this inevitable transition.

The urgency of post-quantum cryptography preparation cannot be overstated. Current estimates suggest that cryptographically relevant quantum computers could emerge within the next 10 to 15 years, with some experts warning that the timeline could be even shorter [1]. When this threshold is reached, virtually all public-key cryptographic systems currently in use—including RSA, Elliptic Curve Cryptography (ECC), and Diffie-Hellman key exchange—will become vulnerable to quantum attacks using Shor's algorithm [2]. The implications extend far beyond theoretical concerns, affecting everything from secure communications and digital signatures to blockchain technologies and internet infrastructure.

What makes the quantum threat particularly challenging is its retroactive nature. Adversaries are already harvesting encrypted data today with the expectation of decrypting it once quantum computers become available—a strategy known as "harvest now, decrypt later" [3]. This means that sensitive data encrypted with current standards may already be compromised, even if the decryption capabilities don't exist yet. For organizations handling long-term sensitive information, the window for implementing quantum-resistant solutions is rapidly closing.

The National Institute of Standards and Technology (NIST) has been leading the global effort to standardize post-quantum cryptographic algorithms, culminating in the publication of the first set of quantum-resistant standards in 2022 [4]. However, standardization is only the beginning of what promises to be one of the most complex and far-reaching security migrations in history. Organizations must now begin the challenging process of inventorying their cryptographic assets, assessing quantum risks, and developing comprehensive migration strategies that ensure both security and operational continuity.

Understanding the Quantum Cryptographic Threat Landscape

To effectively prepare for the post-quantum era, security professionals must first understand the fundamental nature of the quantum threat and how it differs from classical computational attacks. Quantum computers leverage the principles of quantum mechanics—specifically superposition and entanglement—to perform certain calculations exponentially faster than classical computers [5]. While this quantum advantage doesn't apply to all computational problems, it has devastating implications for the mathematical problems that underpin modern cryptography.

The most significant quantum threat comes from Shor's algorithm, developed by mathematician Peter Shor in 1994. This quantum algorithm can efficiently factor large integers and solve discrete logarithm problems—the mathematical foundations of RSA, ECC, and Diffie-Hellman cryptographic systems [6]. What makes Shor's algorithm particularly dangerous is that it provides an exponential speedup over the best-known classical algorithms for these problems. While factoring a 2048-bit RSA key would take classical computers longer than the age of the universe, a sufficiently large quantum computer could accomplish the same task in a matter of hours or days.

The implications extend beyond individual cryptographic algorithms to entire security architectures. Transport Layer Security (TLS), which secures web communications, relies heavily on quantum-vulnerable algorithms for key exchange and digital signatures. Secure Shell (SSH) protocols, Virtual Private Networks (VPNs), and encrypted messaging systems all face similar vulnerabilities [7]. Even blockchain technologies, which have gained prominence for their security properties, depend on elliptic curve digital signatures that would be trivially broken by quantum computers.

However, it's important to note that not all cryptographic systems are equally vulnerable to quantum attacks. Symmetric encryption algorithms like Advanced Encryption Standard (AES) are affected by quantum computing through Grover's algorithm, which provides a quadratic speedup for searching unsorted databases [8]. This means that AES-128 would have the effective security of AES-64 against quantum attacks, while AES-256 would maintain roughly AES-128 level security. While this represents a reduction in security strength, it's far less catastrophic than the complete break provided by Shor's algorithm against public-key systems.

Hash functions face similar quantum threats through Grover's algorithm, effectively halving their security strength. SHA-256 would provide approximately 128 bits of quantum security, while SHA-512 would maintain roughly 256 bits of security [9]. This understanding is crucial for organizations planning their post-quantum transitions, as it helps prioritize which systems require immediate attention and which can be addressed through relatively simple key length increases.

The timeline for quantum threats remains a subject of intense debate and speculation within the cryptographic community. Conservative estimates suggest that cryptographically relevant quantum computers may emerge in 15 to 30 years, while more aggressive projections place the timeline at 10 to 15 years [10]. However, several factors could accelerate this timeline, including breakthrough advances in quantum error correction, improvements in quantum hardware, or significant increases in quantum computing investment by nation-states or large technology companies.

NIST Post-Quantum Cryptography Standards: The Foundation for Future Security

The National Institute of Standards and Technology has played a pivotal role in preparing the world for the post-quantum transition through its comprehensive Post-Quantum Cryptography Standardization process. Launched in 2016, this initiative represents one of the most thorough and transparent cryptographic standardization efforts in history, involving researchers from around the world in evaluating and selecting quantum-resistant algorithms [11].

In July 2022, NIST announced the first set of post-quantum cryptographic standards, marking a historic milestone in the transition to quantum-resistant security. The selected algorithms represent different approaches to achieving quantum resistance, each with unique strengths and trade-offs that make them suitable for different applications and environments [12].

For digital signatures, NIST selected CRYSTALS-Dilithium as the primary standard, with FALCON and SPHINCS+ as additional approved algorithms. CRYSTALS-Dilithium is based on the Module Learning With Errors (M-LWE) problem and offers a good balance of security, performance, and signature size [13]. The algorithm provides strong security guarantees against both classical and quantum attacks while maintaining reasonable computational requirements for most applications.

FALCON, based on the NTRU lattice problem, offers smaller signature sizes than Dilithium but requires more complex implementation considerations [14]. Its compact signatures make it particularly attractive for applications where bandwidth or storage is constrained, such as embedded systems or high-frequency trading environments.

SPHINCS+ represents a fundamentally different approach, using hash-based signatures that rely only on the security of cryptographic hash functions [15]. While SPHINCS+ signatures are significantly larger than lattice-based alternatives, the algorithm offers unique advantages in terms of security assumptions and long-term confidence, making it valuable for applications requiring the highest levels of security assurance.

For key establishment and encryption, NIST standardized CRYSTALS-Kyber, another lattice-based algorithm that provides efficient key encapsulation mechanisms [16]. Kyber offers excellent performance characteristics and has been designed with implementation security in mind, including resistance to side-channel attacks that have plagued some cryptographic implementations.

The standardization process also identified several algorithms for future standardization, recognizing that the post-quantum landscape will likely require multiple approaches to address different use cases and security requirements. This includes code-based algorithms like Classic McEliece, which offers strong security guarantees but requires very large key sizes, and isogeny-based algorithms, though the latter category has faced significant cryptanalytic advances that have called some approaches into question [17].

Understanding these standards is crucial for security professionals because each algorithm comes with specific implementation requirements, performance characteristics, and security considerations. CRYSTALS-Dilithium, for example, requires careful attention to random number generation and side-channel protection, while FALCON implementations must handle complex floating-point arithmetic securely [18].

The NIST standards also provide detailed guidance on parameter selection, with different security levels corresponding to different classical security strengths. Security Level 1 aims to match the security of AES-128, Level 3 matches AES-192, and Level 5 matches AES-256 [19]. This categorization helps organizations select appropriate algorithms based on their specific security requirements and risk tolerance.

Cryptographic Asset Inventory: Mapping Your Quantum Vulnerability

Before organizations can begin implementing post-quantum cryptography, they must first understand their current cryptographic landscape through comprehensive asset inventory and vulnerability assessment. This process, often called cryptographic discovery or crypto-agility assessment, involves identifying every instance where cryptographic algorithms are used throughout the organization's technology stack [20].

The scope of cryptographic asset inventory extends far beyond obvious applications like TLS certificates and VPN configurations. Modern organizations rely on cryptography in countless ways, many of which may not be immediately apparent to security teams. Database encryption, file system encryption, code signing certificates, API authentication tokens, mobile device management systems, and embedded device security all represent potential points of quantum vulnerability [21].

Network infrastructure presents particularly complex inventory challenges because cryptographic implementations are often embedded deep within hardware and firmware. Routers, switches, firewalls, and load balancers frequently include cryptographic capabilities that may not be easily visible or configurable. Legacy systems pose additional challenges, as they may use outdated cryptographic implementations that are difficult to identify or modify [22].

Cloud services add another layer of complexity to cryptographic inventory efforts. Organizations using Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS) solutions must understand how their cloud providers implement cryptography and what migration paths will be available for post-quantum algorithms. This includes not only the cryptographic algorithms used to secure data in transit and at rest, but also the underlying key management systems and hardware security modules that support these implementations [23].

Application-level cryptography represents perhaps the most diverse and challenging aspect of asset inventory. Custom applications may implement cryptography in numerous ways, from simple password hashing to complex cryptographic protocols for secure communications. Third-party libraries and frameworks add additional complexity, as they may include cryptographic implementations that are not immediately obvious from application documentation [24].

The inventory process should document not only which cryptographic algorithms are in use, but also their specific implementations, key sizes, and operational contexts. This information is crucial for prioritizing migration efforts and understanding the potential impact of quantum attacks. For example, RSA keys used for long-term document signing may require more urgent attention than those used for short-lived session encryption [25].

Automated discovery tools can significantly accelerate the inventory process, but they must be supplemented with manual analysis and expert review. Network scanning tools can identify TLS implementations and certificate usage, while application security testing tools can detect cryptographic libraries and their configurations. However, these tools may miss embedded cryptography, custom implementations, or cryptographic usage that occurs in non-standard contexts [26].

The inventory process should also consider the operational lifecycle of cryptographic assets. Some systems may use cryptography only during specific operations or under certain conditions, making them difficult to detect through automated scanning. Others may have cryptographic capabilities that are currently disabled but could be activated in the future [27].

Documentation of cryptographic assets should include not only technical details but also business context and risk assessment. Understanding which systems are critical to business operations, which handle sensitive data, and which face external threats helps prioritize migration efforts and resource allocation. This business context is essential for making informed decisions about migration timelines and implementation approaches [28].

Migration Strategy Development: Planning Your Post-Quantum Transition

Developing an effective post-quantum migration strategy requires careful consideration of technical, operational, and business factors that will influence the transition timeline and approach. Unlike typical technology upgrades that can be implemented incrementally, the post-quantum transition represents a fundamental change to security infrastructure that must be coordinated across entire organizations and their partner ecosystems [29].

The migration strategy should begin with risk-based prioritization that considers both the quantum threat timeline and the specific vulnerabilities of different systems. High-value targets that handle sensitive long-term data should receive priority attention, as should systems that face sophisticated adversaries who might already be harvesting encrypted data for future decryption. Public-facing systems and those involved in critical business operations also warrant early attention due to their potential impact on business continuity [30].

Hybrid approaches that combine classical and post-quantum algorithms offer a practical path forward during the transition period. These hybrid implementations provide protection against both classical and quantum attacks while allowing organizations to gain experience with post-quantum algorithms before fully committing to them. The National Security Agency has specifically recommended hybrid approaches for national security systems, recognizing both their security benefits and their role in facilitating gradual migration [31].

Implementation of hybrid cryptography requires careful consideration of performance implications and compatibility requirements. Post-quantum algorithms generally have different performance characteristics than their classical counterparts, with larger key sizes, signature sizes, or computational requirements. Organizations must evaluate whether their existing infrastructure can support these requirements or whether hardware upgrades will be necessary [32].

Testing and validation represent critical components of any migration strategy. Post-quantum algorithms are relatively new compared to classical cryptographic systems, and their implementations may have different security considerations or operational requirements. Comprehensive testing should include not only functional validation but also performance testing, security testing, and interoperability testing with existing systems and partner organizations [33].

The migration strategy should also address key management and certificate authority considerations. Post-quantum cryptography will require new certificate formats, key generation procedures, and key management practices. Organizations must plan for the transition of their public key infrastructure (PKI) systems and coordinate with certificate authorities to ensure availability of post-quantum certificates when needed [34].

Vendor coordination represents another crucial aspect of migration planning. Many organizations rely on third-party vendors for cryptographic implementations, and the post-quantum transition will require close coordination with these vendors to ensure timely availability of quantum-resistant solutions. This includes not only software vendors but also hardware manufacturers, cloud service providers, and managed security service providers [35].

The strategy should include contingency planning for various scenarios, including accelerated quantum development that shortens the expected timeline for quantum threats. Organizations should identify which systems could be rapidly migrated if necessary and which would require more extensive modification or replacement. This contingency planning helps ensure that organizations can respond quickly to changing threat landscapes [36].

Training and skill development must be integrated into the migration strategy from the beginning. Post-quantum cryptography introduces new concepts, algorithms, and implementation considerations that may be unfamiliar to existing security teams. Organizations should plan for training programs, certification efforts, and knowledge transfer activities that will prepare their teams for the post-quantum era [37].

Implementation Best Practices: Deploying Post-Quantum Cryptography Securely

Successful implementation of post-quantum cryptography requires adherence to established security principles while adapting to the unique characteristics and requirements of quantum-resistant algorithms. The implementation process must balance security, performance, and operational considerations while maintaining compatibility with existing systems and processes [38].

Cryptographic agility represents a fundamental principle that should guide all post-quantum implementations. Systems should be designed to support multiple cryptographic algorithms and to facilitate future algorithm transitions without requiring extensive system modifications. This approach recognizes that the post-quantum landscape is still evolving and that organizations may need to adapt their cryptographic choices as new algorithms are developed or existing algorithms face new attacks [39].

Implementation of cryptographic agility requires careful architectural planning and standardized interfaces that abstract cryptographic operations from application logic. Organizations should adopt cryptographic libraries and frameworks that support multiple algorithms and provide clean interfaces for algorithm selection and configuration. This approach facilitates not only the current post-quantum transition but also future cryptographic evolution [40].

Side-channel attack resistance must be a primary consideration in post-quantum implementations. Many post-quantum algorithms have different side-channel vulnerabilities than classical algorithms, and implementations must be carefully designed to prevent information leakage through timing, power consumption, or electromagnetic emissions. This is particularly important for implementations in embedded systems or other environments where attackers might have physical access [41].

Random number generation requires special attention in post-quantum implementations because many quantum-resistant algorithms rely heavily on high-quality randomness for their security. Organizations must ensure that their random number generators meet the entropy requirements of post-quantum algorithms and that they are properly seeded and maintained. Weak randomness can completely compromise the security of post-quantum systems, making this a critical implementation consideration [42].

Key management practices must be adapted to accommodate the different characteristics of post-quantum algorithms. Post-quantum keys are often larger than classical keys, requiring updates to key storage systems, key distribution mechanisms, and key backup procedures. Organizations must also consider the lifecycle management of post-quantum keys, including generation, distribution, rotation, and destruction procedures [43].

Performance optimization becomes particularly important with post-quantum algorithms because they often have different computational requirements than classical algorithms. Organizations should conduct thorough performance testing to identify bottlenecks and optimize implementations for their specific use cases. This may include hardware acceleration, algorithm parameter tuning, or architectural modifications to accommodate performance requirements [44].

Interoperability testing is essential to ensure that post-quantum implementations can communicate effectively with other systems and organizations. The post-quantum transition will occur gradually across different organizations and systems, requiring careful attention to protocol negotiation, algorithm selection, and fallback mechanisms. Organizations should test their implementations against multiple other implementations to ensure broad compatibility [45].

Security validation should include both traditional security testing and quantum-specific considerations. This includes testing for implementation vulnerabilities, side-channel leakage, and proper handling of edge cases or error conditions. Organizations should also consider formal security analysis or third-party security reviews for critical implementations [46].

Monitoring and logging capabilities should be enhanced to provide visibility into post-quantum cryptographic operations. This includes logging algorithm usage, performance metrics, error conditions, and security events. Proper monitoring helps organizations detect implementation issues, performance problems, or potential security incidents related to their post-quantum deployments [47].

Risk Assessment and Timeline Planning: Balancing Urgency with Practicality

Effective post-quantum preparation requires sophisticated risk assessment that balances the uncertain timeline of quantum threats against the practical constraints of organizational change management. This assessment must consider not only technical factors but also business continuity, resource availability, and strategic priorities that influence implementation timelines [48].

The risk assessment process should begin with threat modeling that considers the specific adversaries and attack scenarios relevant to the organization. Nation-state actors with significant resources may have access to quantum computing capabilities before they become commercially available, making them a priority consideration for organizations handling sensitive government or military information. Similarly, organizations in critical infrastructure sectors may face heightened risks due to their strategic importance [49].

Data sensitivity and retention periods play crucial roles in risk assessment because they determine the window of vulnerability for different types of information. Data that must remain confidential for decades faces greater quantum risk than information with shorter sensitivity periods. Organizations should classify their data based on sensitivity levels and retention requirements to prioritize protection efforts appropriately [50].

The "harvest now, decrypt later" threat model requires special consideration in timeline planning because it means that some data may already be compromised even before quantum computers become operational. Organizations handling highly sensitive information should consider this threat when establishing migration timelines and may need to implement post-quantum protections earlier than would otherwise be necessary [51].

Business impact assessment should evaluate the potential consequences of quantum attacks on different systems and processes. This includes not only direct financial losses but also reputational damage, regulatory penalties, competitive disadvantages, and operational disruptions. Understanding these potential impacts helps organizations allocate resources appropriately and justify investment in post-quantum preparations [52].

Resource constraints and competing priorities must be realistically assessed when developing implementation timelines. Post-quantum migration represents a significant undertaking that will require substantial technical resources, training investments, and coordination efforts. Organizations must balance these requirements against other security initiatives and business priorities to develop achievable implementation plans [53].

Vendor dependencies and supply chain considerations significantly influence timeline planning because organizations often rely on third-party providers for cryptographic implementations. The availability of post-quantum solutions from key vendors may constrain migration timelines, requiring organizations to work closely with their suppliers to ensure timely availability of quantum-resistant alternatives [54].

Regulatory and compliance requirements may also influence timeline planning, particularly for organizations in heavily regulated industries. Some regulatory frameworks may eventually mandate post-quantum cryptography, while others may provide guidance or incentives for early adoption. Organizations should monitor regulatory developments and incorporate compliance requirements into their planning processes [55].

The risk assessment should also consider the potential for false starts or algorithm changes that could require re-implementation of post-quantum solutions. While NIST has standardized initial post-quantum algorithms, the field continues to evolve, and new cryptanalytic advances could affect the security of current algorithms. Organizations should plan for the possibility of algorithm transitions and build flexibility into their implementations [56].

Scenario planning helps organizations prepare for different possible futures regarding quantum development timelines and threat evolution. This includes optimistic scenarios where quantum threats develop slowly, pessimistic scenarios where quantum capabilities emerge sooner than expected, and various intermediate scenarios. Having plans for different scenarios helps organizations respond appropriately to changing circumstances [57].

Testing and Validation Frameworks: Ensuring Post-Quantum Security

Comprehensive testing and validation represent critical success factors for post-quantum cryptography implementations because these algorithms and their implementations are less mature than classical cryptographic systems. Organizations must develop robust testing frameworks that address both functional correctness and security properties while accounting for the unique characteristics of quantum-resistant algorithms [58].

Functional testing should verify that post-quantum implementations correctly perform their intended cryptographic operations under normal operating conditions. This includes testing key generation, encryption and decryption operations, digital signature creation and verification, and key exchange protocols. Functional testing must cover not only typical use cases but also edge cases and error conditions that might not be immediately apparent [59].

Interoperability testing becomes particularly important in the post-quantum era because different implementations of the same algorithms may have subtle differences in their behavior or parameter handling. Organizations should test their implementations against multiple other implementations to ensure broad compatibility and identify potential interoperability issues before deployment [60].

Performance testing must evaluate the computational, memory, and bandwidth requirements of post-quantum algorithms in realistic operational environments. This testing should measure not only average performance but also worst-case performance and performance under stress conditions. Organizations should also evaluate the impact of post-quantum algorithms on overall system performance and user experience [61].

Security testing for post-quantum implementations requires specialized approaches that address the unique vulnerabilities and attack vectors relevant to quantum-resistant algorithms. This includes testing for side-channel vulnerabilities, fault injection attacks, and implementation-specific weaknesses that might not affect classical cryptographic systems. Organizations should consider both automated security testing tools and manual security analysis [62].

Cryptographic validation testing should verify that implementations correctly implement the specified algorithms and produce results that match reference implementations or test vectors. This testing helps identify implementation errors that could compromise security or interoperability. Organizations should use official test vectors when available and develop additional test cases for their specific use cases [63].

Stress testing and fault tolerance evaluation should assess how post-quantum implementations behave under adverse conditions such as resource exhaustion, network failures, or hardware malfunctions. This testing helps identify potential failure modes and ensures that implementations fail securely when they cannot operate normally [64].

Long-term testing programs should evaluate the stability and reliability of post-quantum implementations over extended periods. This includes testing for memory leaks, performance degradation, and other issues that might only become apparent during extended operation. Long-term testing is particularly important for post-quantum algorithms because they have less operational history than classical systems [65].

Regression testing frameworks should ensure that updates and modifications to post-quantum implementations do not introduce new vulnerabilities or break existing functionality. This includes testing not only the cryptographic implementations themselves but also their integration with other system components and their interaction with existing security controls [66].

Third-party validation and independent security review provide additional assurance for critical post-quantum implementations. Organizations should consider engaging external security experts or certification bodies to review their implementations and validate their security properties. This external validation can identify issues that internal testing might miss and provide additional confidence in implementation security [67].

Continuous monitoring and validation should extend testing efforts into the operational environment to detect issues that might not be apparent during pre-deployment testing. This includes monitoring for performance anomalies, security events, and operational issues that could indicate implementation problems or emerging threats [68].

Conclusion: Preparing for the Quantum Future

The transition to post-quantum cryptography represents one of the most significant security challenges of our time, requiring organizations to fundamentally rethink their approach to cryptographic security while maintaining operational continuity and business effectiveness. Success in this transition demands not only technical expertise but also strategic planning, risk management, and organizational commitment to long-term security excellence.

The quantum threat is not a distant theoretical concern but an immediate practical challenge that requires action today. Organizations that begin their post-quantum preparations now will be better positioned to protect their assets, maintain customer trust, and ensure business continuity as quantum computing capabilities continue to advance. Those who delay risk finding themselves vulnerable to quantum attacks or scrambling to implement hasty solutions under pressure.

The path forward requires a balanced approach that combines urgency with practicality, recognizing both the importance of quantum preparation and the constraints of real-world implementation. Organizations should begin with comprehensive asset inventory and risk assessment, develop realistic migration strategies that account for their specific circumstances, and implement post-quantum solutions using established security principles and best practices.

The post-quantum era will bring both challenges and opportunities for security professionals. While the transition will require significant effort and investment, it also provides an opportunity to modernize security architectures, improve cryptographic agility, and build more resilient security foundations for the future. Organizations that approach this transition strategically and systematically will emerge stronger and more secure in the quantum age.

The time for post-quantum preparation is now. The quantum future is approaching rapidly, and organizations must act decisively to protect their most valuable assets against this emerging threat. By beginning the journey today, security professionals can ensure that their organizations are ready for whatever the quantum future may bring.

References

[1] IBM Security. "Cost of a Data Breach Report 2021." https://www.ibm.com/security/data-breach

[2] Shor, P. W. "Algorithms for quantum computation: discrete logarithms and factoring." Proceedings 35th Annual Symposium on Foundations of Computer Science, 1994.

[3] Mosca, M. "Cybersecurity in an era with quantum computers: will we be ready?" IEEE Security & Privacy, 2018.

[4] NIST. "Post-Quantum Cryptography Standardization." https://csrc.nist.gov/projects/post-quantum-cryptography

[5] Nielsen, M. A., & Chuang, I. L. "Quantum Computation and Quantum Information." Cambridge University Press, 2010.

[6] Preskill, J. "Quantum Computing in the NISQ era and beyond." Quantum, 2018.

[7] Kampanakis, P., & Panburana, P. "The Viability of Post-quantum X.509 Certificates." IACR Cryptology ePrint Archive, 2018.

[8] Grover, L. K. "A fast quantum mechanical algorithm for database search." Proceedings of the 28th Annual ACM Symposium on Theory of Computing, 1996.

[9] Bernstein, D. J. "Cost analysis of hash collisions: Will quantum computers make SHARCS obsolete?" Workshop Record of SHARCS, 2009.

[10] National Academy of Sciences. "Quantum Computing: Progress and Prospects." The National Academies Press, 2019.

[11] Moody, D., et al. "Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process." NIST Internal Report 8413, 2022.

[12] NIST. "FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard." 2024.

[13] Bai, S., et al. "CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme." IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018.

[14] Fouque, P. A., et al. "FALCON: Fast-Fourier Lattice-based Compact Signatures over NTRU." Submission to NIST Post-Quantum Cryptography Standardization, 2020.

[15] Bernstein, D. J., et al. "SPHINCS+: Submission to the NIST post-quantum project." 2020.

[16] Bos, J., et al. "CRYSTALS-Kyber: a CCA-secure module-lattice-based KEM." 2018 IEEE European Symposium on Security and Privacy, 2018.

[17] Castryck, W., & Decru, T. "An efficient key recovery attack on SIDH." Advances in Cryptology – EUROCRYPT 2023.

[18] Ravi, P., et al. "Side-channel assisted existential forgery attack on Dilithium." IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022.

[19] NIST. "Security Requirements for Cryptographic Modules." FIPS 140-2, 2001.

[20] Bindel, N., et al. "Transitioning to a quantum-resistant public key infrastructure." Post-Quantum Cryptography, 2017.

[21] Fluhrer, S. "Cryptographic Agility and Interoperability." Internet Engineering Task Force, 2019.

[22] Hoffman, P., & Schlyter, J. "The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA." RFC 6698, 2012.

[23] Barker, E., & Roginsky, A. "Transitioning the Use of Cryptographic Algorithms and Key Lengths." NIST Special Publication 800-131A Rev. 2, 2019.

[24] McGrew, D., et al. "Framework for Algorithm Agility in the Internet Key Exchange Protocol Version 2 (IKEv2)." RFC 7296, 2014.

[25] Housley, R. "Guidelines for Cryptographic Algorithm Agility and Selecting Mandatory-to-Implement Algorithms." RFC 7696, 2015.

[26] Aviram, N., et al. "DROWN: Breaking TLS using SSLv2." 25th USENIX Security Symposium, 2016.

[27] Bhargavan, K., & Leurent, G. "On the practical (in-)security of 64-bit block ciphers." Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016.

[28] Cremers, C., et al. "A comprehensive symbolic analysis of TLS 1.3." Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017.

[29] NSA. "Quantum Computing and Post-Quantum Cryptography." Cybersecurity Information Sheet, 2021.

[30] ENISA. "Post-Quantum Cryptography: Current state and quantum mitigation." European Union Agency for Cybersecurity, 2021.

[31] NSA. "Commercial National Security Algorithm Suite 2.0." Cybersecurity Advisory, 2022.

[32] Paquin, C., et al. "Benchmarking Post-Quantum Cryptography in TLS." Post-Quantum Cryptography, 2019.

[33] Sikeridis, D., et al. "Post-Quantum Authentication in TLS 1.3: A Performance Study." Network and Distributed Systems Security Symposium, 2020.

[34] Ounsworth, M., & Pala, M. "Internet X.509 Public Key Infrastructure: Algorithm Identifiers for HSS and XMSS." RFC 8708, 2020.

[35] Kampanakis, P., et al. "The Impact of Quantum Computing on Present Cryptography." arXiv preprint arXiv:1804.00200, 2018.

[36] Chen, L., et al. "Report on Post-Quantum Cryptography." NIST Internal Report 8105, 2016.

[37] Alagic, G., et al. "Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process." NIST Internal Report 8309, 2020.

[38] Ducas, L., et al. "CRYSTALS-Dilithium: Digital Signatures from Module Lattices." Transactions on Cryptographic Hardware and Embedded Systems, 2018.

[39] Fluhrer, S. "Cryptographic Algorithm Agility." Internet Engineering Task Force, 2019.

[40] McGrew, D., & Hoffman, P. "Cryptographic Algorithm Agility and Selecting Mandatory-to-Implement Algorithms." RFC 7696, 2015.

[41] Ravi, P., et al. "Generic Side-channel attacks on CCA-secure lattice-based PKE and KEMs." IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020.

[42] Barker, E., & Kelsey, J. "Recommendation for Random Number Generation Using Deterministic Random Bit Generators." NIST Special Publication 800-90A Rev. 1, 2015.

[43] Barker, E. "Recommendation for Key Management: Part 1 – General." NIST Special Publication 800-57 Part 1 Rev. 5, 2020.

[44] Alkim, E., et al. "Post-quantum key exchange—a new hope." 25th USENIX Security Symposium, 2016.

[45] Stebila, D., & Mosca, M. "Post-quantum key exchange for the Internet and the Open Quantum Safe project." Selected Areas in Cryptography, 2017.

[46] Bernstein, D. J., et al. "Post-quantum cryptography." Nature, 2017.

[47] Barker, E., & Dang, Q. "Recommendation for Key Management: Part 3 – Application-Specific Key Management Guidance." NIST Special Publication 800-57 Part 3 Rev. 1, 2015.

[48] Mosca, M., & Mulholland, J. "A methodology for quantum risk assessment." Global Risk Institute, 2017.

[49] CISA. "Quantum Computing Cybersecurity Preparedness." Cybersecurity and Infrastructure Security Agency, 2021.

[50] Barker, E., & Roginsky, A. "Transitioning the Use of Cryptographic Algorithms and Key Lengths." NIST Special Publication 800-131A Rev. 2, 2019.

[51] Mosca, M. "Cybersecurity in an era with quantum computers: will we be ready?" IEEE Security & Privacy, 2018.

[52] Deloitte. "Quantum technologies and their impact on cybersecurity." Deloitte Insights, 2020.

[53] PwC. "The quantum threat to cybersecurity." PricewaterhouseCoopers, 2019.

[54] ETSI. "Quantum Safe Cryptography and Security." European Telecommunications Standards Institute, 2015.

[55] BSI. "Cryptographic Mechanisms: Recommendations and Key Lengths." Federal Office for Information Security, 2021.

[56] ANSSI. "Position Paper on Quantum Key Distribution." French National Cybersecurity Agency, 2020.

[57] RAND Corporation. "Quantum Computing and Its Impact on Cryptography." RAND Research Report, 2019.

[58] NIST. "Guidelines for Cryptographic Algorithm Validation Programs." NIST Special Publication 800-140, 2020.

[59] ISO/IEC. "Information technology — Security techniques — Testing methods for the mitigation of non-invasive attack classes against cryptographic modules." ISO/IEC 17825:2016.

[60] IETF. "Cryptographic Algorithm Agility and Selecting Mandatory-to-Implement Algorithms." RFC 7696, 2015.

[61] Avanzi, R., et al. "CRYSTALS-Kyber Algorithm Specifications and Supporting Documentation." NIST Post-Quantum Cryptography Standardization, 2020.

[62] Kocher, P., et al. "Differential power analysis." Annual International Cryptology Conference, 1999.

[63] NIST. "Cryptographic Algorithm Validation Program." https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program

[64] Common Criteria. "Common Methodology for Information Technology Security Evaluation." Version 3.1 Revision 5, 2017.

[65] FIPS. "Security Requirements for Cryptographic Modules." FIPS 140-3, 2019.

[66] OWASP. "Cryptographic Storage Cheat Sheet." Open Web Application Security Project, 2021.

[67] CC. "Common Criteria for Information Technology Security Evaluation." ISO/IEC 15408, 2012.

[68] NIST. "Guide for Conducting Risk Assessments." NIST Special Publication 800-30 Rev. 1, 2012.