Introduction
Countries worldwide are racing to create the first “truly” quantum computer that can benefit societies in many ways. The unprecedented speed at which quantum computers can perform calculations will lead to accelerated drug/vaccine discovery, enhanced weather forecasts, optimized business decisions, and more. Like the Artificial Intelligence (AI) wars we are witnessing now, the countries that can develop the most robust quantum technologies will be rewarded with a huge competitive edge in the global economy.
One of the main drawbacks of quantum computers is the increased cyberthreat they will present. If a quantum computer falls into the wrong hands, current cybersecurity defenses will be breached effortlessly. It’s already widely known that threat actors are harvesting currently impenetrable data today so that they can be decrypted later when quantum computers are developed. Apple is savvy to this trend and has responded by integrating Post-Quantum Cryptography (PQC) algorithms into its iMessage app. If one of the most influential technology companies in the world is concerned about this growing cyberthreat, the alarm has officially been raised.
While the first quantum computer was technically created in 1998, it was only 2 qubits—not all that powerful. Quantum research has advanced substantially since then, with IBM building a quantum computer in December 2023 that exceeds 1,000 qubits. While IBM’s computer still falls short of the horsepower needed to crack cryptographic techniques, attack-capable quantum computers could become a reality as early as 2030. The national security ramifications could be devastating as a quantum-based attack can breach the digitally connected world in ways few can imagine. Many of the cybersecurity solutions we often take for granted today would become obsolete. At the heart of securing digital communities and communication networks are quantum-safe technologies.
PQC is one of those quantum-safe technologies and, to date, the most promising/advanced solution to address the quantum threat. PQC standardization and government initiatives are well underway. The National Institute of Standards and Technology (NIST) has already chosen four PQC algorithms for integration into security solutions. This has enabled cybersecurity vendors and consultants to become more active in quantum-safe efforts, such as issuing firmware updates to existing hardware and helping enterprises transition to the new reality. Meanwhile, governments are investing billions of dollars in quantum technologies and passing legislation to speed up development.
The vendor landscape has been very active in recent years. Whether it’s Thales’ quantum-resistant Hardware Security Modules (HSMs) or Entrust’s PQC consulting services, many top cybersecurity firms are all-in on quantum-focused solutions. Furthermore, cybersecurity vendors across Europe and North America have participated in PQC standardization and testing.
Key Forecasts
ABI Research forecasts the PQC market to be valued at US$246 million once 2024 comes to a close. As algorithms are released and national guidance is in place, demand for quantum-safe cryptography solutions will more than double to US$530 million by 2028. Encryption/decryption capabilities and Public Key Infrastructure (PKI) will be primary PQC offerings from security vendors.
Sectors with national security implications, such as military, defense, aerospace, and critical infrastructure, have been the first to test quantum-safe solutions. Moreover, companies that sell products with long lifecycles, such as automakers and semiconductor manufacturers, have been working with PQC cryptographers to secure connected vehicles and chipsets.
Second-wave adopters of quantum-safe technologies include governments (other than military and defense), Banking, Financial Services & Insurance (BFSI), and Communication Service Providers (CSPs). Government and BFSI companies will begin adopting PQC solutions this year, with CSPs becoming more active in 2025. Our analysts expect healthcare providers and utilities to start investing in quantum-safe technologies by 2027.
The third wave of PQC integrations will come from regulated industries like transport and enterprises, healthcare, and utilities, which are waiting for official confirmation and real-world testing of cryptographic algorithms. Meanwhile, the enterprise market will be the slowest to adopt PQC because enterprises have varying demands, use cases, and budgets.
Post-Quantum Cryptography Algorithm Standardization
Like any other cryptographic security solution, organizations won’t transition to quantum-safe technologies until standardization is established. PQC standardization will be finalized this year, and there are plenty of cryptography developments to pay attention to, notably from Standards Development Organizations (SDOs) like the U.S. National Institute of Standards and Technology (NIST). With work going back to 2017, NIST has recently chosen four candidate algorithms for PQC standardization that target Key Establishment Mechanisms (KEMs) and Digital Signature Algorithms (DSAs). These four algorithms are CRYSTALS-Kyber, CRYSTALS-Dilithium, Falcon, and SPHINCS+. Four more algorithms will be selected in a Fourth Round.
Table 1: NIST PQC Candidates
(Source: NIST)
|
Algorithms |
Type |
Selection |
Algorithm Developers |
|
CRYSTALS-Kyber |
Public Key Encryption/KEM |
To be Standardized |
Arm, NXP, CWI Amsterdam, Ruhr University, SRI International, IBM Research Zurich, University of Waterloo, MPI-SO & Radboud University, ENS Lyon |
|
CRYSTALS-Dilithium |
DSA |
To be Standardized |
Arm, NXP, CWI Amsterdam, Ruhr University, SRI International, IBM Research Zurich, University of Waterloo, MPI-SO & Radboud University, ENS Lyon |
|
Falcon |
DSA |
To be Standardized |
University Rennes 1, Brown University, NCC Group, PQShield, Thales, Qualcomm, IBM Research Zurich, Ethereum Foundation |
|
SPHINCS+ |
DSA |
To be Standardized |
Eindhoven University of Technology, Ruhr University Bochum, Academia Sinica, KU Leuven, Graz University of Technology, genua, Cisco, Google, Infineon, University of Southern Denmark, Radboud University, Cloudflare |
|
BIKE |
Public Key Encryption/KEM |
Fourth Round Candidate |
University Rennes, INRIA, University of Washington Tacoma, Worldline, University of Limoges, University of Toulouse, Intel, University of Haifa, Ruhr University, Google, Florida Atlantic University, University of Bordeaux |
|
Classic McEliece |
Public Key Encryption/KEM |
Fourth Round Candidate |
Royal Holloway, University of Illinois, Ruhr University, Academia Sinica, Okinawa Institute of Science and Technology, ETH Zurich, Google, University of Southern Denmark, Florida Atlantic University, Max Planck Institute for Security & Privacy, Radboud University, INRIA, Yale University, PQ Solutions, University of Plymouth |
|
HQC |
Public Key Encryption/KEM |
Fourth Round Candidate |
Toulouse University, University of Limoges, DGA, Worldline, Florida Atlantic University, University of Toulon, University of Bordeaux |
|
SIKE |
Public Key Encryption/KEM |
Fourth Round Candidate |
University of Waterloo, evolutionQ, Florida Atlantic University, PQSecure Technologies, Amazon, Microsoft Research, IBM Research Zurich, Infosec Global, Louisiana Tech University, LinkedIn, National Research Council Canada, Texas Instruments, Radboud University, University of Toronto |
NIST is not alone in the mission to standardize PQC; this endeavor necessitates collaboration with various stakeholders to ensure extensive and thorough testing of cryptographic solutions. These partners include other SDOs such as the Internet Engineering Task Force (IETF), national certification and regulatory bodies, consortia members, cloud service providers, industry associations, and open-source communities like OpenSSL.
The insights provided by these industry collaborators are essential in crafting the most secure cryptographic algorithms to thwart quantum-born cyberattacks. Quantum-safe solutions developed exclusively in-house are unlikely to succeed, as they miss out on the extensive evaluation and rigorous testing provided by NIST, IETF, and the open-source community.
At present, most PQC solutions on the market incorporate one or more of the candidate algorithms recommended by NIST.
Meanwhile, the U.S. National Security Agency (NSA) has recommended the Kyber, Dilithium, XMSS, and LMS “quantum-resistant” algorithms. The NSA also advocates for Secure Hash Algorithms (SHA-384 / 512) and Advanced Encryption Standard (AES-256).
Governments Preparing for a Quantum-Safe World
The NSA’s focus on quantum-resistant algorithms is representative of governments worldwide racing to establish an ironclad game plan to protect their digital communities from devastating—potentially societal-disrupting—attacks in the future. National policies play a crucial role in developing PQC standards. Governing bodies prioritize safeguarding national security, critical infrastructure, commercial interests, and citizen privacy from state-sponsored and criminal actors. In response to evolving cyberthreats, countries are increasingly adopting advanced cryptographic solutions.
The United States spearheads the quantum-safe discussion in the West due to its significant influence and open nature toward standardization. The country spends roughly US$1 billion annually on developing quantum technologies. Recent initiatives include a memorandum on improving cybersecurity for national security, the Department of Defense, and intelligence community systems, as well as an executive order aimed at enhancing the National Quantum Initiative Advisory Committee.
On December 21, 2022, President Biden signed H.R.7535, known as the Quantum Computing Cybersecurity Preparedness Act. This law urges federal agencies to implement technologies designed to safeguard against quantum computing attacks. This legislation emphasizes the need for advanced security measures to protect sensitive data and critical infrastructure from future quantum threats.
While the world looks to the United States for quantum-safe guidance, it’s not alone in investing in quantum technologies. In 2023, the United Kingdom announced £2.5 billion for quantum technology development. Germany plans to invest about €3 billion, while France, South Korea, Canada, the Netherlands, Russia, and Japan have allocated between €1 billion and €3 billion each. The European Union (EU) spends more than €7 billion, and China leads with US$15 billion dedicated to quantum technologies.
Quantum-Safe Offerings
Currently, a diverse array of quantum-safe solutions and services are available to organizations aiming to future-proof their infrastructure. Below is a brief overview of the broader market, as outlined in ABI Research’s Post-Quantum Cryptography (AN-5679) report:
- Consulting Services: As organizations navigate the complexities of quantum-safe technology, demand for specialized consulting services is on the rise. Enterprises are increasingly seeking expert guidance to effectively implement these new solutions, relying on third-party consultants for their expertise.
- Software Libraries: Targeted primarily at semiconductor and chipset manufacturers, numerous companies involved in the NIST standardization process offer software libraries that incorporate their algorithms. In cases where their proprietary algorithms do not meet standardization criteria, these providers often supply a range of alternative algorithms.
- Semiconductors and Chipsets: Companies like NXP, Infineon, IDEMIA, Qualcomm, and others deliver a variety of hardware solutions equipped with cryptographic flexibility. Their products include Integrated Circuits (ICs), Microcontroller Units (MCUs), Microprocessor Units (MPUs), Access Points (APs), and Field-Programmable Gate Arrays (FPGAs).
- PKI and EKM: Vendors specializing in Public Key Infrastructure (PKI) and Encryption Key Management (EKM), such as Entrust, PQ Solutions, and QuantumXchange, focus largely on public certificates rather than private Internet of Things (IoT) applications. These vendors are all active participants in the NIST standardization initiatives.
Ensuring Quantum-Resistance for Hardware Security Modules
In a post-quantum world, Hardware Security Modules (HSMs) will play an increasingly important role in safeguarding data through encryption and securing communications with PKI. HSMs are designed to provide a secure environment for cryptographic keys, as well as the algorithms needed to encrypt and decrypt data. Without HSMs, encryption and key management technologies are vulnerable to various cyberthreats and, notably, data theft. While HSMs are highly reliable today, future quantum computers will bypass legacy HSM solutions. Therefore, there is strong impetus for digital security vendors to integrate PQC into HSMs.
HSM vendors and Certification Authority (CA) providers are well-suited to help organizations implement quantum-safe solutions. Leading cybersecurity vendors and consultants like IBM, Thales, Entrust, Utimaco, Crypto4A, and IDEMIA have been involved in NIST and other PQC standardization processes for several years. Their experience enables them to accurately identify network vulnerabilities, provide PQC software libraries, and smooth the transition to quantum-safe technologies.
With the finalized algorithm selections and the imminent publication of standards, HSM vendors can now confidently meet organizations’ quantum-safe needs. They have already been testing firmware updates for existing HSM appliances. Upcoming HSMs certified under the new FIPS 140-3 certification will likely all include the latest NIST PQC features and standards recognized by national bodies such as Germany’s BSI and France’s ANSSI.
Recent PQC Efforts Among Leading HSM Vendors
IBM (United States)
New York-based IBM is highly active in PQC, with its cryptographers and mathematicians contributing to algorithm development for NIST and other standards organizations. IBM Cloud is a key participant in the Open Quantum Safe (OQS) project, which focuses on quantum-resistant cryptography. The IBM Z16 platform’s HSMs support PQC libraries for Kyber and Dilithium algorithms. Additionally, IBM helps clients transition to quantum computing through its Quantum Safe Program, in collaboration with Thales.
Thales (France)
Europe is a cybersecurity powerhouse, and French vendor Thales is a leader in quantum-safe technology development. The company has been involved in PQC research since at least 2013, contributing to European projects and co-authoring the Falcon and Kyber algorithms. Its HSMs (Luna Network 7 and TCT Luna T-Series) and High-Speed Encryptors (HSEs) include a PQC Functionality Module. Thales has implemented quantum-safe hash-based signatures (Falcon, Dilithium, Kyber, and SPHINCS+) and actively participates in the NIST NCCoE Migration to PQC Project, submitting HSM and HSE products to support migration.
Entrust (United States)
Headquartered in Minneapolis, Entrust has led PQC efforts in IETF forums, proposing a draft on PQ composite signatures. It has commercialized a cloud-based PKI solution using this research. Entrust’s HSMs, equipped with a Software Development Kit (SDK), integrate PQC algorithms via nShield HSMs. The Entrust nShield PQ Option Pack supports all four NIST algorithms chosen for HSM products. Additionally, Entrust offers PQC consulting services through its Cryptographic Center of Excellence.
Utimaco (Germany)
German cybersecurity vendor Utimaco is involved in PQC standardization, particularly within the PKCS#11 group. It supports PQC algorithms such as HSS/LMS, XMSS, Dilithium, and Kyber. The Q-Safe firmware module, part of the SecurityServer platform, provides PQC updates and is also available via CryptoServer Cloud. Utimaco’s Q-Safe HSM simulator allows enterprises to test PQC algorithms.
Crypto4A (Canada)
Based in Ottawa, Ontario, Crypto4A offers the QxHSM, a Hybrid Security Platform (HSP) supporting both classical and post-quantum cryptography (e.g., hybrid certificates). The HSP integrates a Quantum Assured Security Module (QASM) with FIPS 140-2 Level 4 compliance and features a patented Trusted Communications Matrix (TCMx) and six onboard computers. Crypto4A collaborates with NIST on PQC standardization and has secured funding for a Quantum-Safe Secure Manufacturing Initiative in Canada.
IDEMIA (France)
French digital security vendor IDEMIA is actively involved in developing quantum-safe technologies through its participation in the Hyperform consortium project. This initiative focuses on creating PQC solutions to secure cloud data, including online storage and collaboration. IDEMIA leads the project, working alongside French security companies and government agencies such as INRIA and ANSSI. Supported by the French government’s France 2030 plan, IDEMIA’s efforts aim to enhance digital security and position France as a leader in quantum-safe technologies.
Satellite-Based Quantum Key Distribution Capabilities
Quantum Key Distribution (QKD) is another quantum-safe technology currently being commercialized today. It is a secure communication method using quantum mechanics to generate encryption keys. Two parties exchange photons with specific properties, forming a shared secret key.
The unique feature of QKD is its ability to detect eavesdropping, as any interception disturbs the quantum state of the photons, revealing the presence of an intruder. New keys can continue to be provided until the intrusion stops. Once the key is securely established, it can be used for encrypted communication, providing theoretically unbreakable security based on the laws of physics.
ABI Research has been covering the use of satellite-based QKDs, which are not bound to the 100-Kilometer (km) limitation of optical fiber-based (terrestrial) solutions. Satellite QKD, delivered via Low Earth Orbit (LEO), covers much greater distances, enabling secure global communication links. It should be mentioned that satellite QKD is not a direct competitor to terrestrial QKD, but rather a complementary technology.
One company pioneering satellite-based QKD technology is SpeQtral, an offshoot of Singapore’s Centre for Quantum Technologies. SpeQtral plans to launch two new satellites, SpeQtre and SpeQtral-1, by 2026 to test and validate QKD protocols. SpeQtral’s TarQuis ground station integrates with data centers to hand off quantum-safe keys to secure fiber nodes. This setup allows QKD to either provide direct access to satellite authentication or serve as a node in a metropolitan fiber-QKD network. As a result, the overall security communication infrastructure is enhanced.
PQC is potentially cheaper, but QKD offers robust protection because it uses the laws of physics to detect eavesdropping. SpeQtral has partnered with Toshiba to roll out a nationwide quantum-safe network in Singapore using QKD. The network will first focus on the government, medical, financial, and Research and Development (R&D) sectors.
SpeQtral’s collaboration with telecoms provider SPTel and the use of Toshiba’s QKD solutions are crucial for the network buildout. This secure network transmits data using photonics and constantly updates encryption keys to detect eavesdropping attempts. QKD is also being integrated with satellite systems for global coverage, enabling secure intercontinental data transmissions.
Why Crypto Agility is the Way Forward… for Now
The transition to quantum-safe technologies will not happen overnight. Instead, it will be a decades-long process. For PQC, this means using hybrid formats—combining classic cryptography and PQC algorithms for the foreseeable future. Crypto agility is a core focus of many cybersecurity vendors in the market today, as they understand enterprises need time to warm up to PQC and amass PQC expertise. This approach ensures that legacy devices and systems remain operable during the gradual transitioning phase.
Given the uncertainties surrounding quantum-safe solutions in the commercial space, it’s possible that even NIST-standardized algorithms could eventually be compromised and rendered obsolete. Therefore, it is crucial for semiconductors and solution providers to develop backward-compatible solutions that support both legacy systems and new PQC technologies. At the same time, all eyes must be on the latest standardization developments because of the dynamic nature of PQC.
For QKD, deployers must build out the networks, and invest in the supporting technologies, which can be costly. For QKD to work well, the industry has to provide affordable photon detectors and create quantum repeaters (which is a nascent technology) for fixed-line communications, as well as solve degradation issues over long distances both in ground and air communication links. The market maturity of such equipment will enable greater commercialization and eventually lower costs for QKD deployment, but this maturity will take time to achieve globally.
Partner with ABI Research
Quantum-safe solutions are still in their early days, with many questions remaining to be answered. Notable challenges stand in the way of mass adoption of PQC, such as complexity in PQC-based key exchange and a risk of market fragmentation due to too many algorithms being standardized. ABI Research is committed to guiding organizations on this journey, providing access to the latest trends, best practices, vendor competition, and investment figures in the world of quantum computing. Subscribe to ABI Research’s Quantum Safe Technologies Research Service today to join us on the path to Y2Q.
Frequently Asked Questions
What is quantum security?
Quantum security refers to protecting digital systems, data, and communications against the new risks posed by quantum computers. Traditional cryptographic defenses will eventually be broken by quantum machines, which can solve complex calculations far faster than today’s computers. To prepare, organizations are adopting quantum-safe technologies such as Post-Quantum Cryptography (PQC) and Quantum Key Distribution (QKD) that can withstand attacks in a post-quantum world.
How will quantum computing affect cybersecurity?
Quantum computing will render many of today’s encryption methods obsolete. Once attack-capable quantum computers exist, they could effortlessly breach current cybersecurity defenses. Threat actors are already harvesting encrypted data now so they can decrypt it later when quantum machines are ready. This makes the transition to quantum-safe solutions urgent, as national security, critical infrastructure, and enterprise systems will all be vulnerable without them.
What are quantum-safe algorithms?
Quantum-safe algorithms are cryptographic methods designed to resist attacks from quantum computers. The U.S. National Institute of Standards and Technology (NIST) has selected four main candidates for standardization: CRYSTALS-Kyber, CRYSTALS-Dilithium, Falcon, and SPHINCS+. These algorithms will be integrated into security systems worldwide, and additional algorithms are under review. Governments and vendors are already testing and deploying these to ensure future resilience.
How does quantum key distribution ensure secure communication?
Quantum Key Distribution (QKD) uses the laws of quantum mechanics to generate and share encryption keys between two parties. If an eavesdropper tries to intercept the exchange, the quantum state of the photons is disturbed, which immediately reveals the intrusion. This built-in detection makes QKD theoretically unbreakable. It allows new keys to be issued continuously until the connection is secure, enabling highly protected communication across fiber networks and satellites.