ITS blog: news in post-quantum cryptography - October 2025
2 min
Join us to see what's been happening in the field of post-quantum cryptography in October and what's worth mentioning.
First major milestone: more than 50% of human internet traffic uses post-quantum encryption
In the last week of October 2025 Cloudflare announced the achievement of a major milestone: the majority of human traffic protected by Cloudflare is already protected by post-quantum cryptography. This significantly reduces the possibility of harvest-now, decrypt-later attacks - at least for newly encrypted communications.
A leap in quantum algorithm optimization and societal priorities
June 2025 brought a major optimization of quantum algorithms (Gidney) that dramatically accelerated predictions of the expected Q-day, the day when quantum computers will break traditional cryptography. This trend and legislative pressures are forcing European states and organisations to significantly accelerate preparations for the massive migration of entire critical infrastructures to post-quantum protection.
Major European research projects, experiences and lessons-learned
Several major European projects are underway under the auspices of ENISA, CEPS or EUQCI, which publish independent studies on real-life experiences of migration to PQC. The focus is mainly on interoperability, the combination of PQC and QKD (quantum secure key distribution) and proven lessons-learned from pilot projects in government and critical networks.
A significant part of the EU's activities is therefore directed towards the validation of hybrid methods, open sharing of experience and auditable implementations - the experience from the pilots clearly shows that a good inventory of cryptographic resources and the development of "crypto agility" are key to successful migration.
Official reports and analyses recommend that Member States prioritise and fund their own roadmaps, with an emphasis on transparent governance, detailed management of cryptographic assets, and responding as quickly as possible to new insights about algorithms and hardware support.
European Conference: December 2025, The Hague
It is certainly worth mentioning the upcoming December European conference on migration at the PQC in December (organised by ANSSI, BSI, MinBZK, CWI, TNO) will offer an expert platform for sharing concrete experiences, interoperability in the European context and lessons-learned from Member States' pilot projects. The expectation is that the conference will provide crucial insights into the needed changes in processes, key asset management, auditing and cooperation in the EU.
Hybrid architectures as a path to secure migration
Multinational recommendations and cross-cutting reports clearly highlight hybrid architectures as currently the most practical route for protection in an era where multiple cryptographic generations are running in parallel - while the need to respond quickly to new insights from research and practice remains.
Conclusion
The European post-quantum ecosystem is based on real experiences from pilot implementations, expert analysis and coherent sharing of lessons-learned. The coming months will decide how fast we can adapt hybrid and full post-quantum approaches to all critical infrastructure layers, and whether we can keep pace with the global challenges that the quantum era brings.
What else to read
See more news from the world of IT and ITS
