ITS Blog: News in Post-Quantum Cryptography – March 2026

Welcome to another regular roundup of key developments in the world of post-quantum cryptography (PQC). The rapid pace at which we are approaching the practical limits of quantum computers is driving technology leaders and researchers to constantly innovate. Over the past month and a half, we have seen not only significant progress in hardware and software implementations of the final NIST standards, but also troubling findings regarding claims of breaking current encryption and vulnerabilities in development.

Here is a summary of the most important points that no IT strategist or security architect should overlook.

Industrial Implementations and Cloud Security

Google Issues a "Call to Action" for the Quantum Era

Division Google Quantum AI and its parent company Alphabet have published a detailed manifesto reporting on the current status of PQC integration into their critical network infrastructure and cloud services. Google strongly urges organizations not to delay in building so-called crypto-agility. The main argument remains the growing threat of " Harvest Now, Decrypt Later " attacks, against which it is necessary to defend oneself today by deploying hybrid encryption models.

Orange Business and Cisco provide global SD-WAN

The operator has introduced a major milestone in the field of network security Orange Business, which, in collaboration with Cisco, has deployed end-to-end PQC-secured traffic across its global backbone network. This modern architecture utilizes Cisco 8000 Series routers and implements quantum-resistant encryption for enterprise SD-WAN connectivity. This demonstrates that PQC can be successfully scaled even in the most complex enterprise networks.

Standardization and software libraries

NIST-certified algorithms

A popular provider of cryptographic libraries wolfSSL has officially released a new FIPS 140-3 certification. The significance of this update lies in the full integration of the three final NIST PQC algorithms: FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), andFIPS 205 (SLH-DSA). The system now fully supports hybrid PQC modes in strict compliance with the NSA CNSA 2.0 government standards. For developers of embedded systems and IoT devices, this is an absolutely crucial building block.

Research, Threats, and Implementation Risks

Models show a drastic reduction in the difficulty of cracking RSA (February 13, 2026)

The cryptography community has been shaken by a new simulation exploring the use of the "lattice surgery"optimization technique in quantum computer architecture. According to these models, thanks to improved error correction, factoring a 2048-bit RSA key (using Shor’s algorithm) would require fewer than 100,000 physical qubits. This represents a dramatic drop compared to previously estimated theoretical requirements (which were in the millions), meaning that “Q-Day” may arrive sooner than expected.

The Human Factor as a Weakness: Vulnerabilities in PQC Integration

The implementation of new standards will not be painless. An empirical study titled When Security Meets Usability analyzed how ordinary developers cope with the new PQC APIs. The results are alarming: the study revealed a high rate of introducing new vulnerabilities. The main culprits are the unexpected complexity of these APIs, insufficient terminological consistency across libraries, and the high cognitive load on programmers. Organizations should invest in thorough training for their development teams before migrating critical applications to the new standards.

Text: František Kovařík, ITS