Skip to content

PQK

Post-Quantum Cryptography

IT security in the age of Quantum Technology

Thinking about tomorrow today: Confidential information runs the risk of no longer being protected in the future.

Safe and discreet

Keep data and secrets safe

How long do your secrets need to remain secure? Post-Quantum Cryptography in the age of quantum computers

In a world where quantum computers are becoming a reality, the threat of quantum computer attacks on classical cryptographic mechanisms must be considered to ensure future-proof protection of information. Due to the higher performance of quantum computers in specific tasks, including breaking cryptography, there is a need for post-quantum security. This has been addressed at national and international level through the standardisation of PQK algorithms. Post-quantum cryptography is therefore particularly suitable for security-critical applications. Implementing it today strengthens the trust of customers and business partners in a secure future.

We support you with various services in your transition to the post-quantum age.

Ensure the security of your information and data for the future

On the threshold of the quantum computing era, it is important to become resistant to quantum computers today . With post-quantum cryptography, you can ensure that your data and systems are resistant to attacks using quantum computers - as well as traditional attacks.

Harvest now, decrypt later: The danger is already lurking today, as attackers are already stealing information today in order to decrypt it tomorrow using quantum computers. It is therefore advisable to migrate and develop appropriate concepts and measures today. Post-quantum cryptography secures this at an early stage. Taking measures today to protect confidential information with a view to quantum computers also means being one step ahead of regulation; compliance with legal requirements, such as the EU GDPR, may require a rapid transition. By making the switch early, you are demonstrating foresight.

Prepared for all eventualities

In order to achieve a quantum computer-resistant information and data architecture, concepts, migration strategies and suitable algorithms and technical solutions must be developed and evaluated. TÜVIT can provide support here: Through training, risk assessments, gap analyses and development-accompanying tests of product designs and product development, support in the migration to a PQK security infrastructure through to testing and certification according to various standards.

PQK in a nutshell: Post-Quantum Cryptography explained in 15 minutes

To the postcast

#85 - Discovered. Explained. Narrated.

IT security in the age of quantum technology

Quantum computers: How do we gain new encryption methods?

Current status of PQK standardization

1

2010 year

In the mid-2010s, both the US National Institute of Standards and Technology (NIST) and the BSI examined quantum-resistant cryptographic algorithms for public keys.

2

13 August 2024

With FIPS 203, 204 and 205, NIST published three Federal Information Processing Standards (FIPS) for post-quantum cryptography on 13 August 2024, which were derived from CRYSTALS-Kyber, CRYSTALS-Dilithium and SPHINCS+. These can be found on the NIST website.

3

04 March 2025

The BSI listed the recommended PQK algorithms in its TR-02102-1 on 4 March 2025. For quantum-safe asymmetric procedures, the BSI lists FrodoKEM key derivation, Classic McEliece key derivation and ML-KEM key derivation.

4

Further information

In addition, three further encryption and key generation algorithms will be analysed in a fourth round: BIKEClassic McElieceHQC

5

Further information

The aim of the NIST process is to standardise a certain number of encryption methods for the post-quantum era that are based on as many different mathematical operations as possible.

Industries particularly affected

Transport and Traffic

In the energy industry, for example, charging solutions for battery electric vehicles (BEV) or smart meter gateways (SMGW) are affected by a rapid changeover.

Telecommunications

For example, mobile network operators (MNOs) must be able to securely store their network access data on SIM cards and protect them against manipulation and theft.

Health

The pharmaceutical and healthcare industries are affected by the switch to post-quantum cryptography when it comes to implants with wireless interfaces, for example.

Energy

In the energy industry, for example, charging solutions for battery electric vehicles (BEV) or smart meter gateways (SMGW) are affected by a rapid changeover.

Internet of Things (IoT)

Internet-of-Things (IoT) devices - especially Industrial IoT (IIoT) devices - rely on hardware implementations of cryptographic algorithms.

Finance

Credit and debit cards and (mobile) payment applications in particular must be appropriately upgraded at an early stage and thus protected against attacks.

Which path is right for me?

Manufacturers have various standards to test and verify their post-quantum cryptography implementation. This gives customers the certainty that they fulfil legal requirements.

FIPS 140-3

Security requirements for cryptographic modules & products
Learn more

Common Criteria

Common Criteria (CC) is a global IT security standard in accordance with ISO/IEC 15408.
Learn more

SQ-Best-Practice

Certification procedures for the consideration of cyber security requirements
Learn more

We will support you – no matter what

Get started at last!

We advise you

TÜV NORD IT Secure Communication I Berlin
To the consulting services Contact us
Goal achieved?

We check that

TÜV Informationstechnik I Essen
To the test offers Contact us

Relevant laws and legislative proposals

Cyber Resilience Act (CRA)
NIS-2
EU-DSGVO

Frequently Asked Questions (FAQ)

What you need to know about post-quantum technologies

A quantum computer is a new type of computer that is clearly superior to the classic PC in terms of some problems. Instead of bits, a quantum computer works with qubits.

Qubits are the quantum computer equivalent of the classical bit. A bit can only store information as either "0" or "1", but a qubit can also be in an intermediate state.

There are different assumptions in research as to when the first commercial quantum computers will be available. Some experts assume that quantum computers could be able to break cryptographic processes in the next 10 to 20 years. Others estimate that this could take longer.

Yes, since post-quantum cryptography also works on conventional computers, no quantum computer is required to develop, implement or use PQK. Companies can therefore start the transition at an early stage.

Asymmetric cryptography: Cryptography based on two different keys, a private key (owned by the creator) and a corresponding public key (generally available, not secret); a key pair is used to perform a specific operation and the corresponding counterpart (e.g. encryption with public key/decryption with private key; signing with private key/verification of signature with public key); can be used to communicate via an insecure channel without prior key exchange

Classical cryptography: In the context of post-quantum cryptography, this refers to the part of the algorithms used in asymmetric cryptography that can be efficiently attacked with a quantum computer (e.g. RSA, DH, ECDSA).

Post-quantum cryptography: Cryptography that can be used on classical computers and is secure against both classical attacks and attacks with a quantum computer; based on different mathematical problems than the classical cryptography used so far; no quantum computer is required for execution

Quantum computer: A new type of computer that is clearly superior to the classical computer for some problems; instead of using bits, a quantum computer works with qubits

Quantum computing (computing with quantum computers): Execution of calculations on a quantum computer

Quantum cryptography: Cryptography based on the laws of quantum physics; utilises new hardware and protocols

Quantum key exchange: Secure exchange of key material using quantum physical effects; currently still at a very low data rate and limited in range

Qubit: The quantum computer equivalent of the classical bit; a bit can only store information as either "0" or "1", but a qubit can also be in an intermediate state

Key exchange: protocol for computing a shared secret between multiple parties; the exchanged messages do not need to be kept secret to protect the derived secret itself (but protected from tampering).

Superposition: Ability of a quantum object to be in a superposition state of its basic states (e.g. "0" and "1"); the quantum object obeys the laws of quantum physics (physics of small particles); in contrast to everyday perception, according to which an object follows an "either-or" logic (either "here" or "there", "zero" or "one"), it can be in this intermediate state

Symmetric cryptography: cryptography based on a common key exchanged in advance for an operation and its corresponding counterpart (e.g. encryption/decryption; calculation of a message authentication code (MAC)/validation of the MAC); requires a secure exchange of the key before first use

Entanglement: Quantum physical property, entangled particles behave like a single quantum object and manipulation of one of them affects all entangled partners

Why we are a strong partner for you

Good reasons that speak in our favour

Independence
International network of experts
Expertise
Industry experience
Customised for you

You may also be interested in the following

Services

Source code & firmware solutions

Quality and safety management: Today, software controls all important machine and business processes.
Learn more
Services

Hardware lab

Our state-of-the-art laboratory with leakage and laser systems carries out side channel analyses and defect injections.
Learn more