By Janet Jones, Microsoft with Judith Furlong, Dell Technologies; Brian Rosenberg, Raytheon Technologies; Souheil Moghnie, NortonLifeLock; Mathew Lyon, Dell Technologies; Steve Lipner, SAFECode

In our initial blog post, we discussed the impact of quantum computing on modern cryptography and the importance of taking immediate action to prepare for the migration to Post Quantum Cryptography (PQC). Industry migrations to new cryptographic algorithms take time and must be carefully orchestrated to minimize ecosystem disruptions and adverse impact on security. With the potential availability of quantum computing, a significant threat to modern cryptography will be created. Migration to, and adoption of, new major technology innovations such as PQC usually follows similar high-level phases. In this post, we will outline the high-level phases for the adoption of post-quantum cryptography and identify immediate and short-term activities to support the orderly transition to quantum-safe cryptography.

What are the high-level phases for PQC transition?


  • Development of quantum-resistant algorithms
  • Standardization of PQC algorithms and associated protocols


  • Design and development of new code and systems
  • Pilot Implementations and Testing
  • Production Implementations (existing/new, backward compatibility)
  • Production Migration
  • Decommissioning of old/vulnerable algorithms and associated protocols

The PQC transition began with research and development (R&D) of quantum-resistant algorithms. Shortly after R&D started for post-quantum cryptography, standardization discussions proceeded in parallel. The National Institute of Standards and Technology (NIST) has been leading an effort to evaluate and standardize quantum-resistant public-key cryptographic algorithms. Pilot implementations and testing of standardization candidate algorithms are currently underway. The Open Quantum Safe (OQS) project is a great resource for assisting with software prototyping of quantum-resistant cryptography. This is a critical phase to help determine potential areas of concern, plan for production implementations, and understand ecosystem impact.

Production Implementations, Production Migration, and Decommission phases will commence as recommended algorithms are selected and more information about pilot implementations and testing is documented. Production implementations and migrations must be carefully designed and orchestrated, taking potential backward compatibility issues into consideration. Threat modeling is recommended prior to any implementation or migration to understand risk and subsequent protections required to secure the ecosystem. Decommissioning cryptography that is not quantum-resistant should not be overlooked as such cryptography exposes legacy systems to vulnerabilities that can be exploited once cryptographically relevant quantum computers are available.

What immediate and short-term activities are needed to support the PQC transition?

To prepare for the upcoming Post Quantum Cryptography transition, SAFECode recommends the following steps:

  • Conduct inventory where your product/code use cryptography.
  • Implement crypto agility – minimizing the code churn required when cryptography changes. 
  • Begin to pilot use of the candidate quantum-safe algorithms in your products or services that use cryptography.
  • Be prepared to use different public key algorithms for encryption, key exchange, and signatures.
  • Test your applications for the impact of very large key sizes, ciphers, and signatures.
  • Standardization is a very long lead-time item in the transition to quantum-safe cryptography. Therefore, if you are active in standards bodies that work on standards that use public key cryptography, advocate for experimentation with and adaptation to post-quantum algorithms now. 
Next Steps & Conclusion

SAFECode members are proceeding with the activities listed above, and their experience has made it clear that the PQC transition will involve significant time and effort. While the exact timing of the advent of quantum computers that will pose a threat to public key cryptography is still uncertain, it’s clear that we do not want to be put in the position of using vulnerable encryption algorithms to protect our information. Immediate action must be taken as adversaries can record encrypted data now and exploit it later once a quantum computer is available. Thus we have committed to being prepared rather than being surprised.

Future blogs in this series will discuss our experience in initiating and executing the activities that will lead to our successful transition to PQC.