ITS blog: news in post-quantum cryptography - April 2025

European and Czech institutions are significantly intensifying their preparations for the era of quantum computers. Recent weeks have brought several key initiatives and recommendations that security teams and IT managers should not overlook.

NÚKIB: European coordination and the 2030 migration deadline

At the Prague Cybersecurity Conference(PCSC 2025), the NUCIB officially supported the joint approach of 18 EU Member States towards post-quantum cryptography. What are the key messages?

Commitment to migration by 2030 - especially in the area of Public Key Infrastructure (PKI), the transition needs to start as soon as possible.
The "Collect now, decrypt later " threat - attackers can already steal encrypted data today with the aim of decrypting it later using quantum means.
Establishment of a European working group - a new team is being established within the NIS Cooperation Group to coordinate the transition, with Czech participation.

These statements confirm the need for systematic preparation and underline that the time horizon for action is rapidly shortening.

Quantum Day at CTU: Emphasis on education and hybrid approaches

On 31 March, the FIT CTU hosted a professional event Quantum Day 2025, which highlighted the role of education and technology testing.
Main topics:

Quantum literacy: Experts such as Leoš Boháč (CTU FEL) and Bohuslav Rudolf (NÚKIB) called for increased professional readiness of IT communities.
Hybrid solution: Ray Harishankar (IBM) presented a model that combines post-quantum algorithms (e.g. CRYSTALS-Kyber) with quantum key distribution (QKD).
Cooperation with industry: the CTU announced the opening of the Q-SafeLab (June 2025), a testing laboratory focused on cooperation with companies in testing quantum-safe technologies.

US breakthrough: JPMorgan certifies truly random numbers using a quantum computer

JPMorgan, in collaboration with Argonne and Oak Ridge National Laboratories and the University of Texas, has mathematically verified that the numbers generated by the Quantinuum quantum computer meet the "true randomness" condition. This property is essential for cryptography, election audits and financial security. The quantum generator thus outperforms conventional software RNGs that produce predictable sequences. In doing so, JPMorgan shows that quantum security is not just an academic discipline, but is beginning to have concrete, certified deliverables.

EU strategy: the PQC and QKD as complementary approaches

A new EU strategy paper from March 2025 recommends a dual approach taking advantage of both technologies:

Technology	Benefits	Challenges
PQC	Easy software integration, independence from physical infrastructure	The need for widespread updating of equipment and systems
QKD	Physically guaranteed security, resistance to quantum attacks	Limited geographical accessibility, high costs

Companies are encouraged to pilot test hybrid models, especially in sectors with high data sensitivity, such as finance or healthcare.

New European CEPS Task Force project: practical tools for migration

The CEPS Task Force project with the participation of Czech partners will start in April 2025. Main objectives:

Creation of a clear catalogue of PQC and QKD solutions for individual sectors
Analysis of the impact of migration on finance, energy and public administration
Harmonisation of European procedure with NIST (USA) standards

At the same time, the Czech Republic is moving forward in the field of quantum infrastructure - the CZQCI project, led by CyberSecurityHub (BUT, CTU, MUNI), has entered the phase of selecting technologies for the distribution of quantum keys between Prague, Brno and Ostrava. Renowned companies such as Toshiba, ID Quantique and CETIN have joined the tender worth CZK 65 million. CZQCI will be connected to the EuroQCI network and will contribute to the practical deployment of quantum security in the Czech Republic.

Practical recommendations for Czech organisations

Regardless of the size of the organisation or sector, it is advisable to start preparations now.
Specific recommendations:

Map assets: identify systems and data that require long-term confidentiality.
Pilot new solutions: Consider getting involved in research projects or public testing environments (e.g. Q-SafeLab).
Take advantage of the funding. The Ministry of the Environment has allocated 150 CZK for critical infrastructure.
Keep an eye on the legislation: An amendment to the Cybersecurity Act is expected in Q3 2025 and may impose obligations in the area of quantum resilience.

Conclusion: systemic change, not just technological innovation

"Quantum security is not just a technical problem, but a systemic change in the approach to digital trust," said Bohuslav Rudolf (NUCIB) during PCSC 2025.

And we at ITS share this view. Preparing for the post-quantum era is not a matter of a single purchase or upgrade - it is a transformational process that takes time, coordination and the involvement of all key stakeholders. In this respect, Czech companies and institutions now have a unique opportunity to be part of the European leadership.

If you are interested in finding out what the possibilities are in quantum safe now, please do not hesitate to contact us contact.