In the future, there will soon be a time when someone builds a quantum device powerful enough that it can be used to break the most widely used forms of encryption still in use today. Known as Q-Day, this event will have severe implications on any sector or industry storing sensitive data – from online banking to critical infrastructure.

Why is quantum computing such a concern?
Current encryption methods rely on the difficulty in breaking extremely complex mathematical equations. It’s the reason why symmetric algorithms like AES and asymmetric algorithms like RSA remain commonplace today – they are suitable for the classical computers we still use. With quantum computers, the situation will be a lot different.

Quantum computing will be able to use principles such as superstition and entanglement to help break traditional encryption methods, while Shor’s and Grover’s algorithms can be used by these devices to crack traditional symmetric and asymmetric encryption methods. As a result, there are significant concerns over ‘harvest now, decrypt later’ attacks, in which attackers are gathering sensitive, encrypted data now as they will be able to break the methods protecting them once these quantum devices are available.

Until we reach Q-Day, this threat is hypothetical, but it could happen, and more people need to be aware of this potential threat landscape.

What are organizations doing regarding PQC?
The first step had to be creating new algorithms that could withstand any quantum attacks. To this end, after a lengthy investigative period, the National Institute of Standards and Technology (NIST) finalized it’s first three post quantum cryptography (PQC) standards: CRYSTALS-Kyber, CRYSTALS-Dilithium and SPHINCS+. Announced in August 2024, these PQC algorithms – alongside HQC, which was selected as a back-up key encapsulation mechanism (KEM) in 2025 – are considered to be the best options when it comes to protecting data from quantum computers.

Now that these algorithms have been finalised, we are beginning to see national and regional migration strategies being rolled out. Following the release of the three PQC standards, NIST published a report in November 2024 detailing the priorities and considerations for PQC migration. This reiterated the previous migration deadline of 2035, and NIST’s desire to deprecate the current asymmetric algorithms used today within the next five years.

This year, the National Cyber Security Centre (NCSC) also published its proposed timelines for the United Kingdom. Initial plans for PQC migration will be expected from decision-makers within large organisations by 2028, and by 2031, the highest-priority activities should have been actioned. This means that by 2035, all systems, services and products should be PQC compliant. As people become increasingly aware of PQC, we expect to see new roadmaps announced very soon.

What is TCG’s current approach to PQC?
Presently, we are working on updating our specifications to prepare for the post quantum era. There remains some external dependencies and complexities within the specification chain we must consider, and like the rest of the industry, we are dependent on the aforementioned algorithms and parameter sets published by key agencies such as NIST. The standards developed by the Trusted Computing Group (TCG) form part of a broader community of standards that companies across the computing ecosystem must adhere to before PQC-ready products can be offered within the market place.

Industry migration to post quantum will take some time, but we have been actively preparing for PQC. Our post-quantum strategy leverages the collective insights of our members, and the foresight we have in this area has been demonstrated through the algorithmic agility we implemented during the transition to the TPM 2.0, with its initial publication in 2013.

This focus on cryptographic agility will be crucial going forward, and further information regarding our preparations for PQC will be detailed in due course.