It always seems like we have more time. What was science fiction yesterday is production technology today.  Autonomous taxis, buses, trucks, railcars, farming equipment, and heavy machinery have emerged as viable solutions in the real-world modern economy. This increasing rate of acceleration requires early preparation for technologies that can have a seismic impact on our lives and our futures. While Quantum computing still feels like a distant future to most, the threats it presents are at hand.

Quantum computing, like AI (artificial intelligence), pushes the boundaries and is predicted to render classic encryption obsolete. In November 2024, a team of Chinese researchers from Shanghai University reported using the D-Wave Advantage system quantum computer to factor a 50-bit RSA integer, showcasing the potential of quantum machines to disrupt encryption practices that have been considered secure for decades.[1]

Using quantum computing to crack cryptographic algorithms has generally been considered a risk far out on the horizon, “that might be worth monitoring”. However, breakthroughs in the past year, like Google’s “Willow” 105-qubit chip, are changing that perspective, and IBM’s Quantum Roadmap helps illustrate why, claiming that “Beyond 2033, quantum-centric supercomputers will include thousands of qubits capable of running 1 billion gates, unlocking the full power of quantum computing.”[2]

Still, until recently, most predictions gave about 10 – 20 years before Q-Day, or Quantum Day, the day when a sufficiently powerful quantum computer can break many classical encryption algorithms. These views are now changing based on recent research, and experts reported at DEFCON33 that we may only have 5 years left, or around 2030, to be ready…

Organizations must begin preparing now by leveraging their governance structures that may exist for business continuity and taking a hybrid approach to post-quantum cryptography integration. Use these governance structures to plan and coordinate the integration of post-quantum cryptography into enterprise systems over time based on risk. If those governance structures are not in place, it is time to establish them.

 

A Consolidating Timeline and an Existing Threat

Mosca’s theorem[3] is often used to explain “when you need to care” or how soon an organization needs to act to mitigate risk exposure due to quantum computing.  If the sum of the time to migrate to post-quantum cryptography (y) and the time the data needs to be secure (x) is greater than the time to Q-day (z), then your data will be compromised before its usefulness expires (x+y>z). If it is now 2025, and you assume your customer data retention requirement is 7 years, and Q-day is in 5 years, then that data will be exposed if action is not taken to make it post-quantum ready by 2030.

 

Quantum

 

As frightening as this sounds, one might be tempted to think we still have 5 years or more to implement post-quantum cryptography since no one really knows when Q-day will arrive.  However, previously stolen or captured encrypted data is at risk of exposure by quantum computing at Q-day unless it is encrypted with post-quantum cryptographic algorithms at the time of capture. This is the concept of “Harvest-Now, Decrypt-Later” or “Store-Now, Decrypt-Later” attacks. In the first stage of the attacks, occurring now, the goal is simple. It is to gather as much classically encrypted confidential information as possible and store it until it can be decrypted using quantum computing at a later date. This essentially renders the existing encryption controls obsolete and brings the risk forward on the horizon from a management perspective.

These attacks are the existing threat, which dictates that our journeys must begin now. Organizations with data protection requirements longer than 5 years are already burning the candle at both ends. Since a post-quantum cryptography migration will take time to plan and conduct,[4] NIST Special Publication 1800-38, Migration to Post-Quantum Cryptography Quantum Readiness: Cryptographic Discovery, urges organizations to start preparing now with quantum-readiness roadmaps, cryptographic inventories, risk assessments, and vendor engagements. It was published in 2023.

 

Financial Sector Exposure

The global financial sector maintains custody of arguably the most sensitive and confidential data in the world. Data that, if exposed, can provide valuable insights into the activities, behaviors, strategies, and intentions of people, companies, and governments. Regulatory retention requirements force financial institutions to keep data sometimes for decades, which can include legally binding signatures, transaction records, and customer profiles.

This data remains relevant over time, making it a ripe target for Harvest-Now, Decrypt Later attacks executed on data in flight (moving through a VPN or TLS connection), and data at rest (on servers, storage, or devices). With a long useful shelf-life and increasing interdependent value (when more data is exposed, a larger profile of organizations’, persons’, and governments’ life activities is known or made public), data exposure of multiple institutions in the sector would be devastating, exposing full transactional behavior of companies, governments, and citizens. An event such as this would completely undermine everyone’s trust in the global financial system.

The distributed, interconnected, and interdependent nature of the global financial system makes it challenging to ensure that there aren’t weak links in the system that are susceptible to Harvest-Now, Decrypt Later today, which may continue to be post Q-day. In response, industry bodies and global regulators have established frameworks, mapped next steps, and provided advice institutions should take for quantum readiness.

  • Global Financial Markets Association (GFMA) – As recently as October of 2025, the GFMA published Quantum Migration: Mapping the Emerging Landscape, which summarizes the emerging landscape and proposes a set of next steps as financial entities understand, prepare for, and ultimately transition to systems that are resistant to quantum attacks.[5]

 

While high-level supervisory frameworks have not specified quantum risk, their recommendations apply naturally to the issue and remediation plan.

 

  • Basel Committee on Banking Supervision – 2024 REVISED BASEL CORE PRINCIPLES FOR EFFECTIVE BANKING SUPERVISION
    Principle 25 – Operational Risk and Operational Resilience: The supervisor determines that banks have an adequate operational risk management framework and operational resilience approach that considers their risk profile, risk appetite, business environment, tolerance for disruption to their critical operations, and emerging risks. This includes prudent policies and processes to: (i) identify, assess, evaluate, monitor, report and control or mitigate operational risk on a timely basis; and (ii) identify and protect themselves from threats and potential failures, respond and adapt to, as well as recover and learn from, disruptive events to minimize their impact on delivering critical operations through disruption.[6]
  • Digital Operational Resilience Act (DORA)is a regulation introduced by the European Union to strengthen the digital resilience of financial entities. It entered into application on 17 Jan 2025 and ensures that banks, insurance companies, investment firms, and other financial entities can withstand, respond to, and recover from ICT (Information and Communication Technology) disruptions, such as cyberattacks or system failures. DORA brings harmonization to rules relating to operational resilience for the financial sector, applicable to 20 different types of financial entities and ICT third-party service providers.[7]

While explicit guidance has not yet emerged for organizations, we will consolidate the information provided by these organizations into practical steps for any organization to begin now with a plan that provides for the flexible integration of post-quantum cryptography into their environments, thereby meeting their obligations under DORA and the Basel Core Principles.

 

 

Solving With a Practical Risk-Based Approach

A technical point: Post-Quantum Cryptography algorithms are crafted to resist attacks from quantum and classical computers. PQC algorithms run on classical computers but are not compatible with classical encryption. Hybrid PQC systems combine classical and PQC algorithms, enabling compatibility with legacy systems and providing quantum-resistant protection.

For example, Microsoft has added PQC algorithm support to its core cryptographic library SymCrypt, enabling the use of NIST-recommended hybrid key exchange (ML-KEM) and PQC digital signatures (ML-DSA). Emphasizing the goal being “to ensure secure interoperability between PQC and traditional cryptographic algorithms during the transition phase,” Microsoft underlined and highlighted with bold that the industry’s direction is readiness, and PQC integration rather the system replacement.[8]

The simple fact is that all systems at all institutions cannot be updated to use Post-Quantum Cryptography at once. This means a risk-based hybrid approach to implementing PQC using Hybrid PQC must be adopted as the standard approach. By doing so, the financial sector can guarantee interoperability while increasing the security profile of its systems over time. Eventually, once hybrid PQC implementations are global, organization may proceed to PQC-only cryptography. But until everyone is at least hybrid-PQC, any members moving to PQC-only will be isolated from those who have not caught up. Therefore, hybrid PQC is the only pragmatic approach.

Focus on the applications that send, receive, and store the most valuable information with the greatest shelf-life, and prioritize them for implementation.

 

 

Governance, Coordination, Planning, and Communication

Lead with PQC readiness as a governance and risk management issue to be addressed with immediate urgency under the operational resilience business driver. Financial institutions are brokers of trust, and they will cease to operate if Q-day comes, their customers’ data is exposed, and system defenses are rendered useless.

In most mature organizations, the Business Continuity and Disaster Recovery (BCDR) team should already have the structures in place for the steps needed. They should know the vendors, the critical applications, where the confidential and sensitive data resides, and how these systems are recovered. Which means they also, in cooperation with product and system owners, and IT, have systems inventories, and hopefully cryptographic inventories because the keys are already being managed through their lifecycle anyway.

If it is not in place, we know where to begin in our planning process

Because the BCDR framework already defines vendors, partners, data flows, and critical systems, it provides the foundational structure to go from disaster recovery to disaster avoidance through cryptographic renaissance planning.

 

Hybrid PQC Approach

  • Ensures adaptability
  • Multiple defense layers
  • Gradual adoption of PQC without disruption

 

 

Practical Steps to Implement Hybrid PQC

Use BCDR teams to create a Hybrid PQC adoption road map.

  • Officially establish a project with funding to devote the resources required for the ensuing steps.
  • Start the discussion with your vendors and business partners to understand where they are on their journey. How are they protecting your and your customers’ data at rest, and in flight? Review your data sharing agreements and leverage digital subject access requests (DSARs) if required to gain insight into how this data is being protected.

 

Prioritize by Risk

  • Create a cryptographic inventory if one does not exist. If one does exist, use it to identify the systems using algorithms identified as vulnerable to quantum attack. Ensure the IT and Security teams are engaged in this process.
  • A robust review will include the production operating environments. Some vendors are now supporting hybrid post-quantum, and some protocols (OpenSSH 10.0) are already compliant. You may find some work has been completed through standard updates, though it is unlikely.
  • Review your internal code development pipeline. Is new code going out that will have to be updated?
  • Assess both internal and external solutions for gaps in current configurations that will require attention.
  • Systems with long-term data retention requirements, and those storing, receiving or sending confidential or protected data like financial transactions or digital signatures, should be prioritized. Vendor and partner connections supporting these systems must be likewise prioritized and tracked to completion.

 

PQC

(Source: National Institute of Standards and Technology)

 

Risk Registers and Threat Registers

  • Add risks associated with quantum computing as contributing factors to risk to the risk register, and corresponding threat register if one exists. Aligning the program’s risk management work with organizational objectives and regulatory guidance helps to ensure resources are aimed at the critical problems first.
  • If organizations do not yet have these tools in place, establish a risk management program as part of a larger IT Governance effort. For this issue, focus on the Risk Management and Problem Management areas of IT Service Management and Operations.

 

 

Follow the Hybrid Path

The quantum migration will not and cannot happen at a consistent rate throughout the technology stack. The encryption for data at rest, in transit, and in use evolves separately, and the layers are often managed by separate teams. A hybrid path considers that a system may employ PQC-based key management for data at rest, but the network layer is using Hybrid PQC TLS session with hybrid X.509 certificates, and the endpoints still have classical disk encryption for data at rest. While this allows for the gradual integration of PQC, there is a weakness until all systems no longer use classical encryption.

  • A hybrid approach means some systems and system components will be PQC compliant, and some will not, along the way. Further, different layers in the technical stack of systems will transition at different times. For example, a storage subsystem could use PQC for key management, the network layer (TLS) might use hybrid key exchange, and an endpoint or client could still depend on classical encryption. Plan on using hybrid PQC solutions at the network layer whenever possible to facilitate interoperability, assuming the system has the need to send or receive data.
  • Implement hybrid PQC solutions that combine classical and post-quantum algorithms to create a flexible, secure transition. This means using a mix of classical and PQC algorithms across the organization, and in some cases, both are employed where appropriate. For example, hybrid PQC TLS involves using hybrid X.509 certificates to support PQC algorithms as well as classical. Starting with network security protocols like this may provide the most extensive coverage across systems for the least effort.

NIST Quantum[9]

 

  • Clients and browsers are already integrating hybrid PQC standards. Chromium-based browsers, Chrome, Edge, Brave, and Opera, have adopted ML-KEM768 + X25519 hybrid key exchange under TLS 1.3. Once servers support hybrid TLS through OpenSSL with libOQS, or vendor libraries, quantum-resistant handshakes will be operational.
  • Until server platforms can natively support hybrid TLS, hybrid PQC can be implemented at the application level using OpenSSL integrated with the Open Quantum Safe (libOQS) library. Enabling webservers, APIs, or message brokers to support hybrid certificates and key exchanges even if the operating system doesn’t.
  • Another approach is to use application gateways that terminate hybrid TLS connections for internal classical systems. This is analogous to the legacy approach when organizations encrypted traffic at the perimeter, but not internally.
  • Focus on critical systems that store, receive, or send confidential and protected information, and require long-term data protection and regulatory compliance first.[10]
  • Adopt system upgrades to take advantage of PQC-related updates as early as possible.
  • While cloud and OS vendors are working to integrate PQC capabilities, today it depends on early adopters and custom deployments. At this moment, regardless of vendor category, implementing hybrid PQC requires open-source or specialized cryptographic stacks provided by the vendors to establish quantum-resistant sessions with your cloud edge, normally achieved through an application gateway.
  • Early operational readiness and industry commitment to the hybrid path have been signaled by browser vendors, major cloud providers, and OS cryptographic libraries, all focusing on the NIST-standardized ML-KEM and ML-DSA algorithms.

 

Pilot Testing

Focus on integration at the application layer.

Microsoft in their announcement of PQC capabilities availability for Windows Insiders and Linux, reminded readers, “important to note that TLS 1.3 will be a prerequisite for PQC, and we strongly advise customers to start transitioning from older TLS protocols if they have not already.”

Begin piloting and testing with application development today. Organizations can start by using OpenSSL with the Open Quantum Safe library (libOQS) provider to test implementing hybrid TLS. This will create builds that support hybrid key exchange based on NIST-standardized ML-KEM (FIPS 203) algorithm and hybrid X.509 certificates using ML-DSA  (FIPS 204) or SLH-DSA (FIPS 205) signatures.[11]

Implementing this at the application layer eliminates external dependencies, allowing teams to make measurable progress regardless of OS limitations or vendor roadmaps. Web servers, APIs, NGINX gateways, and message brokers can use ML-KEM key exchange and PQC signatures to establish hybrid X.509 sessions when built with Open Quantum Safe-enabled stacks.

Following this approach allows for:

  • Verification of interoperability between classical and PQC systems.
  • Validation of performance impacts, including latency and connection establishment times.
  • Certificate management workflow testing, including the hybrid trust-chain.

 

 

Transition Program and Cryptography Lifecycle Management

Start now and launch a specialized cross-department task force or sub-committee under the Business Continuity and Disaster Recovery program. Set adoption timelines for PQC across the organization by application criticality and data confidentiality level. Plan for and monitor for standards updates and vendor integrations in your existing solutions that will simplify the journey.

For example, Microsoft is “actively working to support PQC algorithms within Microsoft Active Directory Certificate Services (ADCS). This will enable customers to configure a Certification Authority (CA) to use a CA certificate based on PQC algorithms such as ML-DSA. Clients will be able to enroll for PQC end-entity certificates, and the Certificate Revocation Lists (CRLs) issued by the CA will be signed using PQC algorithms. Support will be extended across all relevant ADCS role services, including:

  • Certificate Enrollment Policy (CEP)
  • Certificate Enrollment Services (CES)
  • Network Device Enrollment Service (NDES)
  • Online Certificate Status Protocol (OCSP) responder.”[12]

Establish Cryptographic Lifecycle Management (CLM) if it is not already in place. The migration to post-Quantum is not a “one and done” situation. It raises awareness of a practice that should have been more rigorous and makes it a requirement. The objective of the practice is to manage and govern everything related to cryptography, not just keys, throughout its lifecycle. This includes all algorithms, certificates, protocols, and keys. Think of Key Lifecycle Management as a subset of cryptography lifecycle management. System and product lifecycle management are essential to secure and resilient operations, and cryptography, similar to identity, has emerged as a fundamental component of responsible system management.

 

 

Managing Risks with Interoperability

Following the hybrid path to enable system interoperability while adopting PQC allows for risk when a system or endpoint only supports classical encryption. By design, if a hybrid PQC system negotiates a connection with a classical system, it will downgrade the connection to classical. Data transmitted in this way is not quantum-resistant. If the hybrid PQC system mandates a hybrid PQC cipher, the connection will fail.

 

Implications of Hybrid Fallback to Classical

Data transmitted in sessions which fall back to classical encryption are vulnerable to Harvest Now, Decrypt Later, attacks.

Without logging, connections falling back to classical encryption remain unknown, creating hidden vulnerabilities. Most web servers, application servers, application gateways, load balancers, and reverse proxies already log the cipher suite negotiation if configured to do so. Until now, these logs haven’t been treated as a security control or a measure of cipher implementation progress.

During the PQC adoption, organizations and their systems will be operating in mixed environments. Plan to meet with vendors, partners, customers, and service providers to coordinate remediation of classical encryption downgrades.

 

Risk Mitigation

Monitoring and logging encryption downgrades provide valuable insight into system state, risks to be addressed, and vendors, partners, customers, and service providers where discussions need to be had. Note the interconnects that are downgrading. If there are digital sharing agreements related to them, review the digital sharing agreements for language that will motivate the partner upgrade.

For a high-risk system, consider enforcing hybrid-PQC-only configurations that will not downgrade the connection to classical. This could be required once the sector has matured to nudge the slow adopters.

Talk with vendors and data processing partners now. Review their readiness timelines to ensure they meet your digital sharing agreement requirements.

The more institutions adopt hybrid PQC, the less we’ll see fallbacks to classical encryption. That said, we need to monitor progress and encourage adoption where required,

 

 

Common CISO and CTO Concerns to Be Addressed

Performance Overhead – There is the possibility that hybrid encryption adds steps that impact latency and throughput. These are not things that anyone trading or supporting trading environments wants to hear. To manage this, use NIST-standardized algorithms (ML-KEM and ML-DSA) that have proven practical performance at scale.

Uncertainty in Standards and Vendor Direction – Until recently, there was still uncertainty in the industry on what algorithms and approaches would become standard. We have observed the major vendors embracing NIST-standardized algorithms and the hybrid-PQC approach.

Cryptography Lifecycle Management must be resourced and funded, which will build and maintain an active cryptographic inventory providing input to risk registers and product lifecycle management plans. The goal of which is to ensure that all cryptographic dependencies are included in the migration and ongoing maintenance plans.

 

Supply Chain and Vendor Risk

Relatively recent cybersecurity incidents, including the CrowdStrike update issue in 2024, Progress Software’s MOVEit transfer breach, and the Solarwinds attac,k put a spotlight on the importance of extending your hybrid PQC migration efforts to vendors, partners, and software suppliers.  

Mitigate Vendor Risk:

  • Assess vendors’ cryptographic systems, security practices, and hybrid PQC adoption road maps. If they have none, seek out vendors who do.
  • Review contracts and include quantum readiness requirements at renewal.
  • Engage with vendors and suppliers for commitment, monitor for updates, and lobby for alignment with your hybrid PQC migration strategy.

 

Security Practices for Supply Chain:

  • Audit third-party solutions for PQC adoption. Leverage independent security reviews. Logging hybrid-PQC downgraded connections will give insights into your vendors’ behavior.
  • Follow Zero Trust Architecture principles, thereby limiting the impact of breaches in the supply chain.
  • Using your standard patch management practices, apply testing procedures for vendor-provided patches and updates.

 

Align Risk Priorities with Vendors and Partners – Leveraging lifecycle management and prioritizing system updates will help eliminate the risk of overlooked and less obvious legacy system components like old versions of MOVEit Transfer, or others that are core to operations. If the vendors priorities to adopt PQC, find another vendor and add the migration to the program and project plans.

 

Conclusion

Q-day is now a board-level sub-committee issue. As with self-driving cars, trains, and planes, it is a reality we have to plan to absorb operationally now. It will significantly test the resilience of our global infrastructure at the cryptographic layer. The institutions of the financial sector, keepers of the world’s ledgers and brokers of trust, must take up the gauntlet and lead this migration with governance, early adoption, and their forte, risk management.

As the major cloud, OS, and browser providers have indicated, hybrid PQC is the only pragmatic way forward. Through the use of both classical and PQC algorithms, organizations can provide a bridge for systems as they migrate, allowing them and their partners some flexibility in their transition. 

By establishing Cryptography Lifecycle Management (CLM), organizations can be assured that the changes are sustainable. Once established and integrated into IT Service Management (ITSM) processes along with applications, identities, etc., CLM brings the same level of oversight for cryptography as is applied to identity, for example. This underscores the importance of lifecycle management in ITSM.

Early adopters adding hybrid PQC TLS 1.3, monitoring for session downgrades, engaging vendors, and exercising CLM strengthen operational resilience and are taking the first steps to operationalize the quantum-resilient long-term confidentiality of data in flight.

Being quantum-ready aligns institutions’ operations with mandates from the Digital Operations Resilience Act (DORA), the guidance provided by the FFEIC Architecture, Infrastructure, and Operations Handbook, and expectations set by the Basel Core Principles for Effective Banking Supervision. The commonality is an emphasis on protective resilience, lifecycle management, and third-party coordination. Strategically aligning PQC efforts along these streams frames the PQC migration as a core component of regulatory compliance and operational resilience.

By taking leadership through a governed and data-informed, hybrid post-quantum cryptography approach, institutions of the financial sector will provide for the continued secure operations of their organizations, maintain customer trust, and meet their supervisory obligations as the world transitions into the quantum era.

 

 

Appendix: Guiding Principles for a Quantum-Resilient Financial Sector

  1. Align PQC Readiness with Supervisory Expectations
    – Ensure alignment with DORA, FFIEC guidance, and the Basel Core Principles on resilience and lifecycle management
  2. Embed PQC Migration into Governance and BCDR Structures
    – Elevate PQC readiness to the same level of oversight as operational resilience, business continuity, and vendor risk.
  3. Prioritize Long-Term Confidentiality
    – Harvest-Now, Decrypt-Later has started already. Protect data whose value lasts over time.
  4. Adopt Hybrid PQC as the Transition Path
  5. Integrate Cryptography Lifecycle Management (CLM)
    – Cryptography, more than ever, needs to be maintained as a system component with a managed lifecycle.
  6. Monitor for Classical Downgrades
    – Begin establishing the logging foundation to detect cipher downgrades.
  7. Engage Vendors and Partners Continuously
    – Start the conversation, and work on beginning to align or at least understand timelines.
  8. Adopt an Incremental, Risk-Informed Approach
    – Focus on the high-confidentiality, long-retention, and high-criticality systems and connections. Continue to expand outward as solutions mature.

 

Appendix: Acronyms and Key Terms

ACDS – Active Directory Certificate Services

BCDR – Business Continuity and Disaster Recovery

CA – Certificate Authority

CEP/CES – Certificate Enrollment Policy / Certificate Enrollment Services

CLM – Cryptography Lifecycle Management

CRL – Certificate Revocation List

DORA – Digital Operational Resilience Act

DSA – Data Sharing Agreement

DSAR – Digital Subject Access Request

ML-DSA – Dilithium-based NIST-standardized digital signature algorithm (FPIS 204)

GFMA – Global Financial Markets Association

ML-KEM – Kyber-based NIST-standardized key encapsulation mechanism (FIPS 203)

PKI – Public Key Infrastructure

SLH-DSA – Stateless Hash-Based Digital Signature Algorithm (FPIS205)

SymCrypt – Microsoft’s core cryptographic library used across Windows, Azure services, and Microsoft security products.

TLS – Transport Layer Security

 

Works Cited

“Digital Operational Resilience Act (DORA).” European Insurance and Occupational Pensions Authority (EIOPA), 17 Jan. 2025, https://www.eiopa.europa.eu/digital-operational-resilience-act-dora_en

Gurley, Bradley. “For the First Time Ever, Researchers Crack RSA and AES Data Encryption.” The Brighter Side, 5 Mar. 2024, https://www.thebrighterside.news/post/for-the-first-time-ever-researchers-crack-rsa-and-aes-data-encryption/

Heath, Malcolm. “Preparing for the Quantum Leap with Hybrid Certificates.” Security Boulevard, 2 July 2024, https://securityboulevard.com/2024/07/preparing-for-the-quantum-leap-with-hybrid-certificates/

IBM. IBM Quantum Roadmap 2030, 2023, https://www.ibm.com/roadmaps/quantum/2030/

International Monetary Fund. “Operational Resilience and Cyber Risk in the Financial Sector.” IMF eLibrary, 1 Sept. 2024, https://www.elibrary.imf.org/view/journals/007/2024/037/article-A001-en.xml?ArticleTabs=fulltext

Microsoft. “Post-Quantum Cryptography Comes to Windows Insiders and Linux.” Microsoft Security Blog, 14 Aug. 2024, https://techcommunity.microsoft.com/blog/microsoft-security-blog/post-quantum-cryptography-comes-to-windows-insiders-and-linux/4413803

National Institute of Standards and Technology (NIST). Migration to Post-Quantum Cryptography: Cryptographic Discovery (Preliminary Draft, NIST SP 1800-38B), 18 Dec. 2023, https://www.nccoe.nist.gov/sites/default/files/2023-12/pqc-migration-nist-sp-1800-38b-preliminary-draft.pdf

National Institute of Standards and Technology (NIST). “NIST Releases First 3 Finalized Post-Quantum Encryption Standards.” NIST, 15 Aug. 2024, https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards

Quantum Xchange. “White House PQC Roundtable: Hybrid Encryption.” QuantumXC Blog, 19 Oct. 2023, https://quantumxc.com/blog/white-house-pqc-roundtable-hybrid-encryption/

SafeCipher. “Mosca’s Theorem Overview.” SafeCipher, 14 Nov. 2022, https://safecipher.co.uk/moscas-theorem-overview/

SIFMA / Global Financial Markets Association (GFMA). Quantum Migration: Mapping the Emerging Landscape, Oct. 2025, https://www.sifma.org/wp-content/uploads/2025/10/Quantum-Migration-October-2025-GFMA.pdf

The Quantum Insider. “Microsoft Brings Post-Quantum Cryptography to Windows and Linux in Early Access Rollout.” The Quantum Insider, 21 May 2025, https://thequantuminsider.com/2025/05/21/microsoft-brings-post-quantum-cryptography-to-windows-and-linux-in-early-access-rollout/

[1] For the first time ever researchers crack RSA and AES data encryption

[2] Quantum Roadmap

[3] Michelle Mosca, professor of University of Waterloo, Canada

[4] Migration to Post-Quantum Cryptography Quantum Readiness: Cryptographic Discovery

[5] Quantum Migration: Mapping the Emerging Landscape

[6] 2024 REVISED BASEL CORE PRINCIPLES FOR EFFECTIVE BANKING SUPERVISION

[7] Digital Operational Resilience Act (DORA)

[8] Microsoft Brings Post-Quantum Cryptography to Windows and Linux in Early Access Rollout

[9] Preparing for the Quantum Leap with Hybrid Certificates

[10] Quantum Exchange – Part1: When (and When Not) to Use Hybrid Encryption

[11] NIST Releases First 3 Finalized Post-Quantum Encryption Standards

[12] Post-Quantum Cryptography Comes to Windows Insiders and Linux