Top News
Post-Quantum: How Cybersecurity can be Ensured in the Future
A recap of the joint deep dive session with our partner achelos at secIT by heise. Learn how post-quantum cryptography (PQC) protects companies from future threats posed by quantum computers. Gain insights into strategies, risks, migration, and practical solutions for sustainable cybersecurity.
Quantum computing is no longer a vision of the future—it is a real and growing threat to today’s IT security. This is exactly where post-quantum cryptography (PQC) comes in. In our presentation, “Post-Quantum: How Cybersecurity Can Be Ensured in the Future,” we explored key questions, challenges, and solution approaches related to PQC together with our partner achelos.
A Paradigm Shift in Cryptography
While traditional cryptographic methods are based on assumptions that are difficult for today’s computers to solve, they could be efficiently broken by future quantum computers. The answer to this is the development of so-called post-quantum cryptography, which—based on current knowledge—cannot be broken even by quantum computers.
Why PQC Is Relevant Now
A key risk highlighted in the presentation is the so-called “store now, decrypt later” attack: encrypted data is already being collected today with the explicit goal of decrypting it in the future using more powerful technologies.
Particularly critical: data that requires long-term protection is already at risk today.
The crucial question is therefore: “How long does data actually need to remain secure?”
The so-called Mosca Theorem provides important guidance here: if the required protection period for data is longer than the expected time until powerful quantum computers are available, urgent action is already required today.
Due to long lifecycles and dependencies, special attention must also be given to authentication and the transition of Public Key Infrastructures (PKI). With our solutions in the areas of PKI and Certificate Lifecycle Management (CLM), MTG is already actively supporting companies in gradually integrating PQC into existing infrastructures.
Preparing for PQC Migration
Transitioning to Post-Quantum Cryptography is not a one-time upgrade, but a strategic transformation process. It is important to distinguish between different cryptographic approaches:
- Classical Cryptography:
Based on established mathematical problems, runs on classical hardware, and is currently considered secure—but may be broken by quantum computers in the future. - Quantum Cryptography:
Uses quantum properties (e.g., for quantum key distribution) and enables new, theoretically secure methods based on quantum mechanics. - Post-Quantum Cryptography (PQC):
Relies on new mathematical approaches (e.g., lattice-based methods), can be implemented on classical hardware, and is currently considered resistant to quantum attacks.
Current quantum computers are still in an early stage of development and are not yet capable of practically breaking classical cryptography. However, in the long term, more powerful systems could threaten established methods. PQC therefore focuses on alternative mathematical problems (e.g., lattice-based approaches) that are currently considered quantum-resistant and continue to run on classical hardware.
Status of Various Quantum Computing Approaches (© achelos GmbH)
Challenges on the Path to PQC
The introduction of new cryptographic methods brings a number of practical challenges:
Market
New algorithms still need to establish themselves, standards are evolving, and products are not yet widely available.
Implementation of New Cryptographic Methods (© achelos GmbH)
Performance
Post-quantum methods differ significantly in their properties, for example:
- Key lengths
- Signature sizes
- Speed of key generation
- Signature generation and verification
Not every algorithm is suitable for every use case. In addition, actual performance strongly depends on implementation and hardware.
With our MTG PQC Size Calculator, you can compare encryption and signature algorithms.
Comparison of Signature Algorithms (© MTG AG)
Sustainability & Migration
A key approach is the use of hybrid methods, where classical and PQC algorithms are combined. These provide additional security but also introduce new complexity.
Further challenges include:
- Integration into existing systems
- Migration strategies and timelines
- Regulatory requirements and uncertainties
Practical Example: Connected Systems
Using the example of connected automotive systems, it becomes clear how far-reaching the impact is: cryptography must be considered across the entire chain—from the backend to the edge device.
Securing individual components alone is not sufficient; a holistic approach is required.
From Theory to Practice: Live Demo of the MTG ERS® Solution
A highlight of the presentation was the live demo of the MTG ERS® solution. Even today, our PQC portfolio can help protect systems against quantum computers. Existing MTG ERS® components were specifically enhanced with PQC algorithms for this purpose.
MTG ERS® components with PQC (© MTG AG)
In our live demo, we showed how PQC certificates can already be created, managed, and integrated into existing processes today.
This practical perspective makes it clear: PQC is not a future concept—it is already technically feasible today.
Conclusion: Set the Course Now
The transition to post-quantum cryptography is not a question of "if", but "when". Companies that start today will not only secure their data but also their future viability. The transformation will take time, making early action all the more important.
Our conclusion from the presentation: those who prepare now lay the foundation for sustainable and future-proof cybersecurity.
Interested in Learning More?
Would you like to learn more or gain your own initial experience with PQC?
Get in touch with us and start your PQC strategy today.
Try PQC yourself with our FREE PQC PKI and gain your first hands-on experience.
