Post-Quantum Cryptography, the Journey so far and the Challenges Ahead

The JRC report “Post-Quantum Cryptography: the Journey so far and the Challenges Ahead” provides an overview of how the emergence of quantum computing threatens the foundations of current digital security and examines the progress made towards developing cryptographic solutions that can remain secure in a post-quantum era.

The report explains that many of today’s widely deployed cryptographic algorithms - particularly those used for public-key encryption, digital signatures, and secure key exchange - are based on mathematical problems that could be efficiently solved by quantum computers. Although such computers are not yet available at scale, the report stresses that the long lifespan of sensitive data and systems means action is required well in advance. Information encrypted today could be harvested and decrypted in the future once quantum capabilities mature.

Against this background, the report describes the evolution of post-quantum cryptography (PQC), focusing on research efforts to design algorithms that are resistant to both classical and quantum attacks. It outlines the main families of PQC algorithms and highlights international standardisation initiatives, with particular attention to coordinated efforts aimed at ensuring interoperability, trust, and long-term security. The report notes that standardisation is a critical step, as fragmented or premature adoption could create new security risks.

Drawing on lessons from previous cryptographic transitions, the report emphasises that moving to quantum-resistant cryptography will be a complex, long-term process rather than a one-off technical change. Past migrations have shown that delays, legacy dependencies, and lack of cryptographic agility can significantly increase risk. As a result, the report underlines the importance of planning, inventorying cryptographic assets, and designing systems that can be updated as standards evolve.

The report also discusses practical challenges associated with early implementations of post-quantum algorithms, such as increased computational costs, larger key sizes, and integration with existing infrastructures. These challenges reinforce the need for careful testing, performance evaluation, and gradual deployment. In this context, the use of hybrid cryptographic schemes, combining classical and post-quantum algorithms, is presented as a pragmatic interim approach to managing risk during the transition period.

Overall, the report concludes that while post-quantum cryptography is still evolving, proactive preparation is essential. It calls for continued research, close international cooperation on standards, inclusion of quantum-resistant requirements in cybersecurity frameworks, and early awareness-raising among policymakers and system owners. By taking these steps, organisations and public authorities can reduce future disruption and ensure the long-term resilience of digital systems in the face of advancing quantum technologies.