Encryption looks like a solved problem: TLS everywhere, strong algorithms, proven over decades. Quantum computers call exactly this certainty into question, and they do so retroactively. That is why post-quantum cryptography now sits on the agenda of regulators, browser vendors and infrastructure operators.
What is post-quantum cryptography?
Post-quantum cryptography (PQC) refers to cryptographic methods that run on classical hardware but whose security holds even against attacks using quantum computers. The background: a sufficiently large quantum computer could use Shor's algorithm to solve the mathematical problems on which today's public-key methods such as RSA and elliptic curves rely. Key exchange and digital signatures would then fall, that is, the foundation of TLS, VPNs, software updates and digital identities.
PQC methods therefore rely on different mathematical foundations, above all on lattice problems and hash functions. The US standards body NIST finalized the first standards in 2024: ML-KEM (FIPS 203) for key exchange, ML-DSA (FIPS 204) and the hash-based SLH-DSA (FIPS 205) for signatures.
Important for the urgency is the harvest now, decrypt later pattern: attackers record encrypted traffic today and decrypt it as soon as the technology allows. For data with a long confidentiality period, such as health data, engineering documents or state secrets, the clock is therefore already running.
How does the transition work?
- Hybrid methods as an entry point: In practice, classical and post-quantum methods are combined, for TLS key exchange for example an elliptic curve together with ML-KEM. The connection stays secure as long as at least one of the two methods holds.
- Rollout through the infrastructure: Major browsers, CDNs and cloud platforms already negotiate hybrid key agreement in everyday operation. Anyone running their services behind a modern edge often already uses PQC for the first connection segment today.
- Crypto inventory: The actual work in an organization begins with taking stock: which algorithms, certificates, libraries and protocols sit where, from the web application through VPN gateways to signed firmware?
- Establish crypto agility: Systems are rebuilt so that algorithms can be swapped without rewriting the application. This also helps beyond PQC with every future algorithm change.
- Migrate by priority: First the paths with long-lived confidential data and the signature chains with long validity, then the rest in an orderly program.
Why PQC matters
- Traffic captured today can be decrypted later; for long-lived confidential data, every year of lead time counts.
- Signatures secure software updates and identities over years; compromised signature methods would hit entire supply chains.
- Authorities such as the BSI recommend planning the migration now and implementing it promptly for critical systems, instead of waiting for the first relevant quantum computer.
- The standards are here: since the NIST publications of 2024, there is no longer any reason to wait for final methods.
- Certificate and key lifetimes are getting shorter; anyone building crypto agility solves both tasks with the same groundwork.
Typical scenarios
- A company activates hybrid key exchange at the web edge and thereby protects its customers' connections without touching its own applications.
- A manufacturer inventories the signature methods of its device firmware, because products stay in the field for 15 years.
- A bank prioritizes the PQC migration of its backbone and backup paths, which carry data with decades-long confidentiality.
- A mid-sized company adds PQC capability as a criterion in tenders for VPN, SASE/SSE and certificate services.
PQC and quantum cryptography: the difference
The terms sound similar but mean opposite things. Post-quantum cryptography is software: new algorithms on normal hardware, deployable via updates and configuration. Quantum cryptography, such as Quantum Key Distribution (QKD), by contrast uses quantum-physical effects on specialized hardware with dedicated fiber-optic links and thus remains reserved for niche solutions. For the breadth of enterprise IT, PQC is the practical path. The basics of transport encryption are explained in our entry on TLS/SSL , and the blog post Post-Quantum Cryptography: the countdown is running provides context on the timeline.
PQC at KAEMI
The fastest PQC gain lies at the edge of the network: via Application Security , your websites, applications and APIs terminate TLS at an edge platform that already supports hybrid post-quantum key agreement; your user connections benefit immediately. For the access side, a SASE/SSE architecture brings modern encryption to the paths between employees, sites and applications. We work out the inventory and the migration roadmap for your own environment together with you, oriented to your requirements.