Preparing for ‘Q-Day’: Why Quantum Risk Management Is a Must

Preparing for the post-quantum cryptography (PQC) era is going to take more than a simple migration plan.

That’s the advice of cryptography expert Jean-Philippe Aumasson, who co-authored the FIPS 205 stateless hash-based digital signature algorithm (SLH-DSA), a quantum-resistant encryption scheme. Aumasson, who is also co-founder and chief security officer of Taurus SA, will be speaking next week at Black Hat Asia 2026 in Singapore in a session titled “Post-Quantum Cryptography: A Realistic Guide to Manage the Transition.”

The session provides an expert’s view of quantum computing, which Aumasson emphasizes is not faster computers but ones ideally suited to crack modern encryption standards, and details the problems they will cause for systems using the RSA and Elliptic Curve Digital Signature Algorithm (ECDSA) encryption schemes.

As a result, everything from VPNs and public key infrastructure (PKI) to distributed ledgers could be at risk. The good news is that new PQC standards like SLH-DSA have been developed, and major technology providers like Google and Apple have already begun moving to quantum-safe schemes.

Related:Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests

The bad news, however, is that most organizations aren’t doing enough to prepare for “Q-Day,” Aumasson tells Dark Reading. Based his consulting experiences with Taurus, he says most organizations aren’t doing much for PQC and, at best, have some documentation on the impact of quantum computing attacks and an inventory of vulnerable systems.

“The point I’m making in this presentation is that migration of a moderately large organization is much harder than migrating a small open source product,” Aumasson says. “You have to accept that it’ll take years to be fully quantum-safe, if ever, so you need a continuous process of systems discovery and inventory, business impact assessment, remediation plans, supply chain management, and so on.”

The Case for Continuous Quantum Risk Management

Aumasson in his talk will offer a brief primer on how quantum computers put older encryption schemes at risk, and he’ll detail the systems and technologies that are currently vulnerable to attacks. He’ll also share options for quantum-safe technologies that organizations can migrate to today, while also giving his own prediction for the earliest possible arrival of Q-Day (Hint: it’ll be a while).

But while organizations may have many years to plan for PQC and migrate to newer encryption schemes, the risk management process needs to begin now and, more importantly, be continuous, Aumasson says.

Related:War Game Exercise Demonstrates How Social Media Manipulation Works

“Many organizations will become more ready without knowing it, just by updating their software versions,” he says. “For example, the TLS stack of the Go language now defaults to post-quantum connections, and the Cloudflare Tunnel VPN technology defaults to post-quantum.”

But close to PQC-ready isn’t fully ready, of course. Aumasson says some of the overlooked areas that could be affected by quantum computers include blockchain technology. There are also cases where a system appears to be quantum-safe but, in fact, is not, he says.

“The typical case is when data is encrypted using symmetric cryptography only like the AES-GCM cipher,” Aumasson says. “Such cryptography is, by definition, quantum-safe. However, the encryption key may depend on vulnerable public-key cryptography, either because it’s been generated through a vulnerable key agreement protocol, or because it’s protected using a vulnerable key wrapping scheme.”

These are the kinds of nitty-gritty details that enterprise security teams will have to account for, he says, and why a continuous risk management plan is crucial. New technologies and services will be rolled out that may be quantum-resistant, and cracks may appear in foundations that were thought to be secure.

Related:Threat Actors Get Crafty With Emojis to Escape Detection

Trust But Verify Quantum Readiness

In the absence of actual quantum computers to test PQC implementations, how will enterprises know if they are truly ready?

“When a vendor or software component writes in its documentation that it’s post-quantum, you should verify what that actually means and how effective it is,” Aumasson says. “It could be that only part of the system is post-quantum — for example, in a TLS connection it could be just the key exchange protocol but not the certificate chain — or could be that post-quantum crypto is supported but disabled by default.”

Aumasson recommends the following steps that he took in his own company: read the vendor’s documentation, ask the engineers if it’s enabled, go check the actual configuration files, and then establish a test connection to the system and inspect the logs: “Trust, but verify, as we say.”

Additionally, Aumasson says it’s important that security teams closely examine their internal systems. While these systems may have lower exposure to external threats and seem less urgent for migration, he says, they’ll likely take much longer to update.

“It’s, alas, not uncommon that companies run obsolete, vulnerable software or protocols,” Aumasson says. “For example, you’ll find countless unpatched servers in most organizations, as well as products or services using deprecated cryptography like TLS 1.1 or the hash function SHA-1.”

Overall, security teams shouldn’t panic. There are many PQC offerings already available that organizations can explore and begin to migrate to, but organizations — especially large enterprises — should start building a plan for continuous quantum risk management now.

“Will every company be ready when Q-Day happens? Probably not,” he says. “Does it mean that it’ll be a major cybersecurity risk? Probably not. It could be more of a reputation or compliance risk.”

But, Aumasson says, it’s best not to take that risk.

Don’t miss the latest Dark Reading Confidential podcast, Security Bosses Are All in on AI: Here’s Why, where Reddit CISO Frederick Lee and Omdia analyst Dave Gruber discuss AI and machine learning in the SOC, how successful deployments have (or haven’t) been, and what the future holds for AI security products. Listen now!