ITS blog: news in post-quantum cryptography - May 2025

European and Czech institutions are significantly intensifying their preparations for the era of quantum computers. Recent weeks have brought several key initiatives and recommendations that security teams and IT managers should definitely not ignore. We bring you again a selection of the most important developments around quantum computing through our lens.

DigiCert: The gap between awareness and action

A new global survey by DigiCert reveals an alarming disparity between awareness of quantum threats and the actual steps organisations are actually taking to secure themselves.

While 69% of companies expect quantum computers to break current encryption within five years, only 5% have already deployed quantum-secure encryption. This gap is particularly worrying in sectors such as logistics, IoT or smart cities, where long-standing data requires great confidentiality.

The survey of 1,042 executives in the US, UK and Australia also found that 46.4% of respondents admit that their encrypted data is still vulnerable to quantum attacks. DigiCert therefore stresses the need for crypto-agility and a systematic migration to post-quantum algorithms. Read the full survey here.

Microsoft integrates post-quantum algorithms into Windows and Linux

At the end of May 2025, Microsoft made a major technology announcement: the ML-KEM and ML-DSA post-quantum cryptographic algorithms are now available in Windows Insider (Canary Channel Build 27852+) and for Linux via SymCrypt-OpenSSL 1.9.0. This update allows developers to test for resilience against a "harvest now , decrypt later" scenario and prepare for the transition to a hybrid model combining traditional and quantum-resistant algorithms (e.g., ECDH + ML-KEM).

Microsoft has introduced support for hybrid TLS key exchange for Linux programmers following IETF suggestions. This gives developers the ability to analyze the impact on secure connection size and latency, while preparing to defend against future quantum threats.

China Telecom: quantum-encrypted calls for 16 cities

China Telecom Quantum Group has announced the commercial deployment of a hybrid quantum-post-quantum system for city-to-city telephone communications. On May 14, 2025, the first quantum-encrypted call was made over a distance of 1,000 km between Beijing and Hefei, demonstrating the stability of the technology in the real world. The system now protects critical infrastructure in 16 cities, including Shanghai and Guangzhou.

EU coordinates transition to quantum-resistant solutions

The European Commission and CEPS launched the project in April 2025 Task Force to strengthen the EU's transition to a quantum-safe world. This initiative involves academic institutions, industry and public authorities and focuses on key issues:

• Harmonization of migration models with NIST (USA)
• Prioritisation of sectors (finance, energy, public administration)
• Use of hybrid PQC and QKD models
• Creation of a catalogue of solutions for each sector

At the international Prague Cyber Security Conference, NCSIB officially endorsed the common approach of 18 EU Member States, including the commitment to complete the migration of PKI infrastructure by 2030. For a report summarizing the events of PSCS 2025, please visit read our news.

Recommendations for the financial sector and critical infrastructure

Quantum Safe Financial Forum (QSFF) in cooperation with Europol, an agency of the European Union, has issued a comprehensive report for banks and regulators, the key points of which can be summarised as follows:

• Immediate migration: start pilot projects with post-quantum algorithms by 2028
• Crypto-agility: implement automated processes to update crypto protocols
• International coordination: share best practices across jurisdictions
• Own initiative: Create your own standards without waiting for regulation

For the sake of interest, we will add another milestone. US bank JP Morgan announced that it was the first entity in the world to generate a set of truly random numbers using a quantum computer. Researchers and other experts from universities were able to verify that the resulting numbers meet the mathematical definition of "true randomness". This fact could have key implications and applications in cryptography, auditing election results, and also, for example, in gambling.

Recommendations for organisations

Some practical recommendations for organisations in general:

• Map sensitive assets: keep an eye on your corporate assets. Identify systems and data requiring long-term confidentiality (e.g., contracts, certificates)
• Pilot hybrid models: Test a combination of PQC (e.g. CRYSTALS-Kyber) and QKD in isolated environments
• Take advantage of testing infrastructure: join projects like Q-SafeLab (CTU) or CZQCI (testing network between Prague, Brno and Ostrava)
• Keep an eye on the legislation: Preparing for the amendment to the Cybersecurity Act (currently expected in Q3 2025)

Conclusion: not just a technical upgrade, but a systemic change

Preparing for the post-quantum era is not a technical innovation, but requires a systemic transformation. As Bohuslav Rudolf from NUCIB pointed out: "Quantum security requires a change of approach to digital trust."

Czech companies and institutions have a unique opportunity to be part of Europe's leading companies. If you are interested in specific possibilities of deploying quantum resistant technologies, please do not hesitate to contact us.