Post-Quantum Cryptography for Supply Chain, Industry 4.0, Data Spaces and Critical Infrastructure: Risks, Readiness, and Roadmaps
Quantum computing presents significant cybersecurity threats, particularly to critical infrastructure. Current cryptographic methods protecting digital identities, data, and communication are vulnerable. Transitioning to Post-Quantum Cryptography (PQC) is crucial for safeguarding supply chains, industrial systems (Industry 4.0), decentralized networks, and critical national infrastructure.
Spherity leads the way, delivering quantum-ready identity solutions and actively contributing to the EU’s “We Build” Large Scale Pilot, ensuring organizations are prepared for the quantum era.
Key Insights:
Critical infrastructure refers to the systems, facilities, and networks vital for the functioning of supply chains, industrial infrastructures, energy systems, society and the economy. These infrastructures are deemed critical because their disruption would jeopardize public safety, national security, and economic stability. Examples span power grids, telecommunications, transportation, finance, water supply, healthcare, and other essential services. Given their foundational role, protecting critical infrastructure from emerging threats is paramount. In the digital era, most critical infrastructure operations rely on networked control systems and encrypted communications for safety and reliability. However, the advent of quantum computing poses unprecedented risks to the cryptographic underpinnings of these systems. This paper examines the looming quantum threat and why a proactive transition to post-quantum cryptography is essential for safeguarding critical infrastructure. We also discuss how Zero Trust Architecture (ZTA) principles, which assume no implicit trust and mandate continuous verification, align with a quantum-secure approach to enterprise identity and encryption in critical systems. Adopting PQC within a ZTA framework — where every user, device, and transaction must be authenticated and authorized with strong (quantum-resistant) cryptography — will be key to maintaining trust in the face of quantum-enabled adversaries.
It is not only national infrastructures that are at risk. Even decentralized, global networks like cryptocurrencies can be viewed as critical infrastructure in a broader sense. For instance, Bitcoin underpins a worldwide financial ecosystem, and its security is fundamentally based on cryptography. Recognizing this, the Bitcoin community has started developing a roadmap for migrating to quantum-resistant algorithms. In other words, even where no single government is in charge, stakeholders are beginning to plan for a post-quantum future. We will later explore how Bitcoin and other blockchain platforms (like Ethereum and Europe’s EBSI network) are approaching the quantum threat, as these global or transnational systems must also be protected to ensure the continuity of digital trust.
Spherity is the largest German contributor to the European Commission’s “We Build” Large Scale Pilot (LSP) project. Within the consortium, we will leverage our expertise to address the requirements for Post-Quantum Cryptography. The Spherity team has comprehensive PQC capabilities. Hence, we will contribute to the Wallet and Architecture Working Groups, sharing our practical experience and technical knowledge to ensure robust, quantum-resistant identity and data security solutions.
Since our founding in 2017, Spherity has prioritized the integration of Post-Quantum Cryptography into decentralized identity solutions, as highlighted in our early research on quantum-secure identity and cryptographic agility. Our longstanding focus on PQC ensures robust, future-proof solutions for enterprises navigating the quantum threat landscape. Read more in our foundational article on Medium.
Quantum computers threaten to render today’s cryptography obsolete, enabling novel cyber-attack scenarios.
We describe three concrete scenarios in which quantum capabilities could be exploited against critical infrastructure:
Each of these scenarios highlights different facets of the quantum threat — mass data exposure, direct sabotage through broken encryption, and collapse of digital identity authenticity. The common theme is that time is of the essence: waiting until “Q-day” (the day a quantum computer breaks current crypto) is too late, as adversaries can exploit any lag in crypto agility. Critical systems have long upgrade cycles, so mitigations must begin now to be in place when needed.
Not all cryptographic primitives are equally threatened by quantum algorithms. Quantum computers dramatically weaken or break certain algorithms while only modestly affecting others. It is crucial for decision-makers to understand these differences to prioritize mitigations:
The different fates of these primitives drive the PQC migration strategy: we urgently need to deploy new quantum-resistant public-key algorithms for encryption/key exchange and signatures, while ensuring our symmetric ciphers and hashes are sufficiently strong (e.g. moving to AES-256, SHA-384/512) to withstand quantum attacks. This approach is reflected in standards bodies’ plans — for example, NIST’s PQC competition selected new asymmetric algorithms for standardization (like CRYSTALS-Kyber for encryption and Dilithium for signing), whereas it did not replace AES but simply reaffirms using longer keys.
Governments around the world have recognized the quantum threat to critical infrastructure and have begun major initiatives to drive the transition to PQC. Below we survey efforts in several leading jurisdictions (UK, EU, France, Germany, Switzerland, Netherlands), and then discuss two other key players — China and the United States — in post-quantum preparedness for essential systems:
United Kingdom: The UK’s National Cyber Security Centre (NCSC) has issued detailed guidance and a roadmap for migration to post-quantum cryptography. The NCSC urges organizations, especially in critical sectors like banking, telecom, energy, and government, to begin planning and implementing PQC now so that the transition is gradual and completed by the mid-2030s. The UK roadmap consists of three phases: (1) Until 2028: identify all cryptographic uses in systems and start building an implementation plan for PQC; (2) 2028-2031: prioritize and execute upgrades of the most critical systems to hybrid or quantum-safe solutions; (3) 2031-2035: complete the migration of all systems and products to PQC. This phased approach aligns with the view that smaller organizations can rely on vendors to supply PQC-ready solutions, but larger and critical infrastructure operators need significant lead time and investment. UK officials frame this as a matter of staying ahead of adversaries: “Migrating to PQC will help organisations stay ahead of this threat by deploying quantum-resistant algorithms before attackers have the chance to exploit vulnerabilities”. The UK initiative is explicitly motivated by protecting critical national infrastructure from future “quantum cybercrime” by hostile states. Failure to migrate in time, the NCSC warns, will leave laggards running “significant legacy estates” susceptible to attackers and regulatory penalties. In short, the UK has set 2035 as an upper deadline for quantum-proofing vital systems, with immediate action recommended to avoid a rushed, risky retrofit later.
European Union: The EU is taking a coordinated multi-national approach to PQC for public sector and critical services. In April 2024, the European Commission published a Recommendation calling on EU Member States to develop a Coordinated Implementation Roadmap for transitioning to post-quantum cryptography. This recommendation pushed for a harmonized strategy across Europe, with clear objectives, milestones, and timelines for integrating PQC into government systems and critical infrastructure. It specifically notes that transitions may involve hybrid cryptographic schemes (combining classical and post-quantum algorithms) to ensure continuity of security during the migration. The goal was to have a joint roadmap by 2026 and thereafter national transition plans aligned across the EU. A dedicated sub-group under the EU NIS Cooperation Group was formed to facilitate this, involving national cybersecurity agencies and ENISA (the European Union Agency for Cybersecurity). By mid-2025, this effort bore fruit: on June 23, 2025, the EU released the first high-level PQC transition roadmap, which provides clear timelines and steps for all Member States. The roadmap sets phased milestones in line with expert forecasts:
The EU roadmap emphasizes starting with hybrid solutions (combining classical and PQC algorithms) to ease the transition and calls for global alignment, noting the timeline syncs with NIST (US) and NCSC (UK) guidance. Political urgency was underscored by a late 2024 joint statement of 21 EU Member States, which declared: “We urge public administration, critical infrastructure providers, IT providers, as well as all of industry, to make the transition to post-quantum cryptography a top priority… organizations and governments should start the transition now.” This effort is co-led by France, Germany, and the Netherlands, signaling strong political will among Europe’s largest economies to ensure EU digital infrastructure is quantum-resilient in time. In addition to algorithm standardization (complementing NIST’s work with European perspectives), the EU is also investing in quantum-safe communications (e.g. the EuroQCI quantum key distribution initiative) as a parallel track. The main takeaway is that the EU sees PQC as a strategic necessity and is mobilizing member states to act in unison, to avoid weakest-link scenarios in the single market.
“As we don’t do not know at all what special purpose offensive quantum computing tools crypto shops in Beijing, Pyongyang, Moscow, or Fort Meade are building, we strongly recommend to significantly accelerate your PQC roadmap as much as possible.” — Dr. Carsten Stöcker, Spherity GbmH.
France: France has been proactive in PQC at both the policy and experimental level. ANSSI, the French national cybersecurity agency, closely followed the NIST PQC process and published recommendations as early as January 2022 (with a follow-up in 2023) on how to manage the transition. France also demonstrated political commitment through real-world tests: on November 30, 2022, the French government sent the first diplomatic telegram encrypted with a post-quantum algorithm (the FrodoKEM key encapsulation mechanism) from its embassy in Washington, D.C. to Paris. This landmark experiment, publicized by officials, showed that France’s diplomatic communications are beginning to trial quantum-safe encryption in practice. ANSSI’s position has been that while the timeline for quantum computers is uncertain, prudence dictates taking the threat into account “long before knowing if or when” such computers arrive. Concretely, ANSSI advocates a hybrid cryptography approach, where existing classical algorithms are used in tandem with PQC algorithms to hedge against quantum risk even in advance of full international standardization. France is also investing in research and collaboration: for example, the French-led RESQUE consortium (launched 2023) unites industry and academia to advance PQC deployment for secure networks. In terms of standards, ANSSI is preparing to issue the first security certifications (“Security Visas”) for products implementing hybrid post-quantum cryptography by 2024-25, to encourage vendors to integrate PQC. These efforts position France as a European leader in early adoption of PQC for government and critical industries, ensuring strategic communications and sensitive data remain secure against future threats.
Germany: Germany views quantum cybersecurity as a top national priority, with the BSI spearheading technical guidance and the federal government funding research and pilot implementations. The BSI has been warning for years about the quantum threat to public-key cryptography and actually began recommending interim post-quantum measures as early as 2020. Notably, the BSI identified specific candidate algorithms for use even before international standards were finalized: for example, it recommended the lattice-based FrodoKEM and the code-based Classic McEliece for hybrid key exchange, as well as stateful hash-based signatures (XMSS, LMS) for long-term digital signatures. These choices reflected a conservative approach aligned with German crypto research — in fact, XMSS was co-invented by German researchers and later standardized (RFC 8391) with BSI involvement. Germany’s strategy is not to wait until a “critical crunch,” because they estimate a time horizon of around 2030 for quantum computers capable of breaking current crypto. This working assumption underpins BSI’s call to begin migration now, since upgrading cryptographic infrastructure (particularly in sectors like energy, telecom, government services) can take a decade or more. The German government’s “Handlungskonzept” (action plan) for quantum technologies presented to the Bundestag in 2023 explicitly prioritizes quantum-safe cryptography for critical infrastructure by 2030. Meanwhile, practical progress is being made: BSI updated its official cryptographic technical guidelines in early 2025 (TR-02102-1, version 2025-01), raising the required security level to 120 bits and endorsing hybrid PQC approaches. For example, BSI’s guideline recommends using FrodoKEM or Classic McEliece (alongside NIST’s Kyber) for quantum-resistant encryption/key exchange, and deploying hash-based signature schemes like XMSS/LMS (alongside lattice signatures like Dilithium) for digital signing. In January 2025, the BSI even certified the world’s first quantum-safe smartcard — an identity/security chip by Infineon that implements a PQC algorithm — under Common Criteria EAL6+. The German Armed Forces (Bundeswehr) have also reportedly deployed post-quantum encryption algorithms to secure their 13,000 km fiber optic network, a pioneering move in the defense sector that also benefits the broader ecosystem by testing PQC in real infrastructure. All these steps — early standards, pilot deployments, updated guidelines, certifications — indicate that Germany is aligning policy, R&D, and industry to ensure critical infrastructure (energy grids, telecom networks, government IT, etc.) can transition to PQC before the quantum threat materializes in the 2030s.
Switzerland: Although not in the EU, Switzerland is a noteworthy player in quantum technologies and cryptography. The Swiss government launched a Swiss Quantum Initiative in 2022 with an initial CHF 80 million investment to boost research in quantum computing, communication, and post-quantum cryptography. Swiss academia (ETH Zurich, EPFL, University of Geneva, etc.) is world-renowned in cryptography, and Swiss researchers have contributed to PQC algorithm development and analysis. In terms of industry, Switzerland is home to several leading quantum security companies — for example, ID Quantique (Geneva) was a pioneer in quantum key distribution and remains a global leader in quantum-safe communication products. Swiss firms are also active in implementing PQC: in 2025, a Swiss-based company deployed PQC-based hardware security modules in sovereign data centers in Switzerland and France to offer quantum-resistant cloud encryption services. This indicates that private-sector demand for PQC solutions (for cloud and data sovereignty) is emerging in Switzerland. The Swiss National Cybersecurity Centre (NCSC) has been raising awareness of the quantum threat as well, though Switzerland tends to follow international standards (ISO, ITU) rather than create its own. One challenge for Switzerland is being outside the EU’s coordinated efforts — for instance, EU research funding on quantum can’t directly include Swiss entities — but Swiss experts often engage through international fora like ETSI and ISO. Overall, Switzerland’s approach marries strong fundamental research with niche industry adoption. The country’s emphasis on data security (it ranks #1 globally in innovation and has a strong privacy culture) suggests it will ensure its critical infrastructure — such as banking systems (a backbone of the Swiss economy), utilities, and government communications — adopt quantum-safe cryptography on a timeline comparable to its EU neighbors. We see Switzerland prioritizing public-private collaboration in this space, leveraging its innovative startups and university talent to integrate PQC into products and critical systems sooner rather than later.
Netherlands (an EU leader): The Netherlands stands out as another European country at the forefront of PQC readiness, particularly for critical infrastructure. The Dutch government, through agencies like the National Cyber Security Centre (NCSC-NL) and intelligence service (AIVD), has been notably proactive. The Netherlands was one of the first to publish guidelines for quantum-safe encryption in critical networks — as early as 2022, Dutch authorities recommended using post-quantum key exchange (e.g. a multi-lattice KEM, Classic McEliece, or FrodoKEM) in a hybrid mode for TLS to protect vital communications. They also developed a comprehensive “PQC Migration Handbook” (released in late 2023) with concrete steps and timelines for organizations to inventory their cryptographic assets, test PQC algorithms, and gradually deploy them. This handbook serves as a practical playbook for critical sectors (finance, energy, government) to achieve quantum resilience. The Netherlands’ active involvement goes beyond its borders: as mentioned, it co-leads (with France and Germany) the EU’s PQC roadmap working group, sharing its expertise and early experiences. Dutch researchers from institutes like CWI and TNO were deeply involved in the development and cryptanalysis of NIST’s finalist algorithms, and Dutch companies have experimented with both PQC and QKD (for example, the Port of Rotterdam tested a quantum key distribution link as a future means to secure port infrastructure communications). Politically, the Dutch government has recognized the quantum threat in its national security strategy, and the Netherlands was among the EU states urging immediate action. For critical infrastructure operators in the Netherlands, there is guidance to start planning now and complete transitions by around 2030 (in alignment with EU goals). This leadership by example — publishing action plans, engaging industry via consortiums (like the Dutch “Quantum Inspire” hub and others), and running pilots — makes the Netherlands a model that other mid-sized countries in the EU are beginning to follow.
China: China recognizes quantum technology as a strategic priority and has massively increased government investment in this field. Public spending by China’s government on quantum R&D is estimated at around USD 15 billion, which is more than double Europe’s aggregate and far exceeds U.S. federal investment. In fact, since 2022 China has been publishing more quantum-related research papers annually than any other country (including the United States), reflecting its commitment to leading in quantum advancements. Alongside quantum computing research, China is keenly aware of the cybersecurity stakes: Chinese policy calls for a “whole-of-nation” approach to achieve breakthroughs, given that whoever controls quantum technology could gain military and economic advantages in code-breaking, secure communications, and beyond. In February 2025, China launched an independent initiative to develop post-quantum cryptographic algorithms, signaling its intent to set its own standards in quantum-resistant encryption. Specifically, the state-backed Institute of Commercial Cryptography Standards (ICCS) issued a global call for proposals for next-generation encryption and signature schemes that can withstand quantum attacks. This effort diverges from the U.S.-led NIST PQC effort and encourages international participation under China’s leadership. Observers note that China’s push for its own PQC standards may stem from a desire to avoid potential backdoors in foreign algorithms and to establish technological sovereignty in cybersecurity. In summary, China is not only pouring funds into quantum research and building quantum communication networks, but also actively working on quantum-resistant encryption standards on a separate track. As a result, we may see dual standards emerge globally — one influenced by NIST and Western agencies, and another by China — with implications for interoperability and global cryptographic practices. For critical infrastructure, especially in China and allied nations, this could mean early adoption of Chinese-standard PQC algorithms in everything from military communications to financial services, driven by the substantial head start China is cultivating.
United States: The United States has adopted a comprehensive, multi-pronged approach to the PQC transition, especially focused on securing federal systems and critical infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA) launched a Post-Quantum Cryptography Initiative in 2022 to unify efforts across government and industry for addressing the quantum threat. CISA’s initiative coordinates with interagency partners (like NIST, NSA) and private-sector critical infrastructure owners to ensure a smooth migration to quantum-safe cryptography. Key activities include assessing risks across the 55 National Critical Functions, guiding sectors to inventory vulnerable cryptography, and fostering the development of standards and tools for PQC deployment. On the standards front, NIST has been leading the charge since 2016 with its open PQC competition. In July 2022, NIST announced the first group of winning algorithms (e.g. CRYSTALS-Kyber, Dilithium), and by August 2024 NIST released the first three finalized PQC standards (one key-establishment scheme and two digital signature schemes). These were approved as FIPS for federal use, marking a major milestone in providing vetted quantum-resistant tools for industry. Following this, NIST continues to standardize additional algorithms (like a fourth signature scheme, SPHINCS+, in 2025). The U.S. government has also shown urgency at the highest levels: in May 2022, the White House issued National Security Memorandum-10, mandating federal agencies to identify vulnerable cryptography and begin planning for PQC; and in January 2025, a new Executive Order directed an acceleration of PQC adoption across federal agencies. This January 2025 Executive Order (signed by President Biden just before leaving office) explicitly emphasizes expediting the transition to quantum-safe algorithms, requiring agencies to implement quantum-resistant key exchange mechanisms in their networks and to prioritize procurement of PQC-capable products. In practical terms, the U.S. government set deadlines for agencies to inventory their cryptographic systems and have plans to switch to PQC by 2025-2026, and to actually deploy those solutions by 2030 or earlier. Concurrently, agencies like the NSA have updated their own cryptographic requirements (the NSA’s Commercial National Security Algorithm Suite 2.0, announced September 2022, calls for using quantum-resistant algorithms for national security systems by 2035, with a preference for certain interim solutions even sooner). Industry in the U.S. is also gearing up: big tech companies (IBM, Google, Microsoft, AWS) are testing PQC in their products and cloud services, and telecom providers and banks — many guided by CISA and NIST’s timeline — have begun pilot implementations. Overall, the U.S. response marries long-term research (to ensure strong algorithms) with near-term mandates (to begin deployment now), aiming to prevent a “crypto-apocalypse” by being quantum-ready ahead of adversaries. The emphasis is on crypto agility and public-private collaboration: ensuring that once standards are final, companies can rapidly integrate them, and that critical infrastructure sectors aren’t caught off-guard when quantum computers arrive.
Not all critical infrastructure is run by governments or traditional industries — some of it is decentralized and global in nature. Cryptocurrencies and blockchain networks (like Bitcoin and Ethereum) have become integral to the world’s financial services and digital asset management, and one could argue that they represent a form of global critical infrastructure. Their security, however, relies entirely on cryptography, and thus they face the same existential quantum threat. This section examines how the Bitcoin community and other blockchain initiatives are preparing for post-quantum cryptography, including perspectives on Ethereum and the European Blockchain Services Infrastructure (EBSI).
Bitcoin’s Post-Quantum Migration Proposal: Bitcoin uses the elliptic-curve digital signature algorithm (ECDSA) to secure transactions, which would be broken by a powerful quantum computer (allowing private keys to be derived from public keys). Recognizing this risk — and the fact that roughly 25% of all bitcoins in existence have addresses with publicly exposed keys, making them particularly vulnerable — developers in the Bitcoin community have begun to proactively chart a migration plan. In July 2025, a group of well-known Bitcoin developers (Jameson Lopp, et al.) proposed a Bitcoin Improvement Proposal (BIP) nicknamed “Post Quantum Migration and Legacy Signature Sunset.” This BIP outlines a roadmap for Bitcoin to gradually transition to quantum-resistant cryptography, treating it as an urgent but manageable upgrade rather than a distant theoretical issue. The core idea is to introduce quantum-resistant addresses and compel users to migrate their funds to these new address types through a series of soft forks and protocol changes. The proposal effectively turns quantum safety into an incentive: if a user does not move their BTC to a quantum-secure address in time, they risk losing access to their funds once the old cryptography is retired. The BIP breaks the transition into phases:
The motivation behind such an aggressive approach is that if a quantum breakthrough comes suddenly, any coins remaining under classical ECDSA could be immediately stolen by an attacker. The authors note that even if Bitcoin itself isn’t the first target of a quantum-enabled adversary, the mere knowledge that Bitcoin’s crypto can be broken would destroy public trust in the system. Thus, a defensive posture must be adopted well in advance. By enforcing an upgrade, Bitcoin’s protocol could eliminate most quantum risk before a large-scale quantum computer is operational. This proposal is significant because Bitcoin development is usually conservative and slow to change — a testament to how seriously the community is treating the quantum threat that respected developers are advocating a soft fork now. Of course, this BIP is in draft and would require broad consensus; the crypto community will have to debate the trade-offs (security vs. the principle of coins being spendable forever). But it provides a concrete blueprint: mandate quantum-resistant keys, give a multi-year window for migration, and then lock down the system to remove legacy weaknesses. Importantly, implementing this would involve introducing new cryptographic primitives to Bitcoin’s script system — likely a lattice-based or hash-based signature scheme (candidates could be Dilithium, FALCON, or SPHINCS+, etc.) to create the new address type. Technical challenges include keeping transactions containing post-quantum signatures reasonably small (some PQC signatures are a few kilobytes) and ensuring verification is efficient enough for blockchain usage. The BIP’s early discussion suggests that community coordination and education will be as critical as the code changes, given the historical difficulty of achieving consensus in Bitcoin for upgrades. Nonetheless, this marks the beginning of Bitcoin’s PQC roadmap — a path to safeguard a trillion-dollar network from the quantum apocalypse.
Ethereum and Other Blockchain Platforms: Ethereum, the second-largest blockchain platform, faces a similar cryptographic predicament. Ethereum currently secures accounts and validator signatures using elliptic-curve schemes (secp256k1 for accounts and BLS12-381 for validator consensus in Proof-of-Stake). Both of these would be vulnerable to a quantum attack (BLS, like any elliptic-curve-based signature, can be broken by Shor’s algorithm). The Ethereum community, much like Bitcoin’s, has been actively researching quantum-resistant alternatives, though the approach differs due to Ethereum’s smart contract flexibility and its faster evolution. The Ethereum Foundation has stated that while quantum computers are “probably decades away from being a genuine threat to modern cryptography,” Ethereum aims to be secure for centuries, which means making the protocol quantum-resistant as soon as possible. The challenge is significant: Ethereum’s consensus relies on BLS signatures for efficiency (aggregating thousands of validator votes), and known PQC alternatives for BLS are far less efficient. Two promising avenues are being explored — one based on STARKs (a form of hash-based proof with quantum security) and one based on lattice signatures — but both are still in prototype/research phase. In the meantime, Ethereum’s researchers and grant programs are working on interim solutions. In March 2025, it was announced that the EF is backing a project called ZKnox dedicated to post-quantum crypto for Ethereum. In a notable breakthrough, ZKnox managed to reduce the gas cost of verifying a PQC signature by 12× by optimizing low-level arithmetic for a lattice-based scheme (FALCON). This brought the verification cost down from 24 million gas to about 2 million gas, making it conceivable to use post-quantum signatures in Ethereum smart contracts without prohibitive expense. Such optimizations are crucial if Ethereum is to introduce PQC at scale, because expensive operations could bog down the network. The likely path is that Ethereum will first introduce quantum-safe algorithms on Layer 2 networks or as an opt-in feature, then gradually migrate core protocols. For example, we might see a roll-up or sidechain that requires PQC keys for its contracts, or optional PQC-based authentication for certain use cases, before a full switch at the mainnet level. The Ethereum community is also considering crypto-agility — the ability to upgrade cryptographic primitives via governance (EIPs) — so that when PQC algorithms mature or if one is broken, the network can adapt quickly. It’s worth noting that because Ethereum supports smart contracts, individual applications (like those handling particularly sensitive assets or records) could implement their own quantum-safe encryption/signature at the application layer even before the entire protocol changes. Projects in the broader crypto ecosystem (e.g. QRL — Quantum Resistant Ledger) have already launched blockchains that exclusively use PQC (QRL uses XMSS hash-based signatures for all transactions). Lessons from those may inform Ethereum’s transition. In summary, Ethereum’s roadmap for PQC is still in the research and test phase, but key players are actively preparing. The expectation is that within a few years (before 2030), Ethereum will have a tested set of quantum-resistant cryptographic options, and well before any predicted “Q-day” it will undergo a network upgrade to implement them. As Ethereum’s official roadmap puts it, many of the far-future upgrades (like full quantum resistance) “are still in the research phase and may be several years away,” but the project’s ethos of long-term adaptability means they are laying the groundwork now.
European Blockchain Services Infrastructure (EBSI): Beyond public cryptocurrencies, the EU has its own cross-border blockchain initiative — EBSI — which is intended to support digital public services (like verifying diplomas, company records, or IoT data across European countries). While not a cryptocurrency, EBSI is a distributed ledger and thus relies on cryptographic trust, making quantum safety a key consideration for its longevity. EBSI is built under the European Blockchain Partnership as a permissioned network (using frameworks like Hyperledger Besu and IBFT consensus) to facilitate EU-wide cross-border public services using blockchain technology. Given the EU’s strong stance on PQC, it is anticipated that EBSI will incorporate quantum-resistant cryptography as the network evolves. For instance, the digital signatures and credential schemas used in EBSI for verified documents could transition to PQC algorithms (perhaps using the same EU-recommended PQC signature schemes for government use). A blockchain like EBSI, governed by public entities, has the advantage that mandates can be issued to upgrade algorithms in a coordinated fashion. We expect that as European standards for PQC solidify (through ETSI, CEN-CENELEC, etc.), EBSI will be among the first infrastructures to implement them, ensuring that signatures on public documents remain secure for decades. From the perspective of solution providers like Spherity (which integrates with identity and credential systems), a PQC-enabled EBSI would be extremely valuable. It would allow European citizens and organizations to have quantum-safe digital identities and verifiable credentials anchored on a blockchain that can’t be undermined by quantum attacks. Spherity, which already pilots PQC in projects like Energy Data-X, would plan to integrate with EBSI’s trust services once EBSI supports PQC, leveraging it as a quantum-resistant backbone for verifying identities and data across borders. In essence, EBSI can be seen as critical infrastructure for Europe’s digital sovereignty, and making it quantum-safe is a priority that aligns with the EU’s roadmap. By doing so, the EU not only protects public services from future threats but also sets an example globally — showcasing how to retrofit a large-scale ledger with next-generation cryptography.
As industries respond to the call for PQC, innovative companies are already implementing quantum-safe cryptography in real-world applications. Spherity, a German enterprise focused on decentralized identity and digital trust, serves as a case study of early adoption. Spherity provides software wallets and credential management for organizations (e.g. in supply chain, pharmaceutical, and energy sectors) that issue and verify digital credentials (W3C Verifiable Credentials) and identities for machines, people, and products. Recognizing the longevity requirement of digital identities and signatures, Spherity has begun integrating post-quantum cryptographic primitives for both signing and encryption in its solutions.
Specifically, Spherity uses W3C Verifiable Credentials secured with Linked Data Proofs (digital signatures on semantic data) as a cornerstone of its European Business Wallet (EUBW) identity solution. To “quantum-proof” these credentials, Spherity has implemented support for post-quantum signature algorithms in place of traditional RSA or ECDSA. For instance, a credential issued to a power plant or an IoT sensor can be signed with a PQC algorithm (such as a lattice-based signature or a hash-based signature) and later verified by the receiver even if the attacker has a quantum computer. Under the hood, Spherity aligns with BSI’s recommendations on algorithm choice: the BSI has advised using well-vetted hash-based signatures (like XMSS or LMS) for applications requiring long-term security. Spherity’s implementation follows these guidelines, ensuring that the digital identities it manages will remain trustworthy in a post-quantum future. In practice, this means the proofs attached to credentials (which demonstrate authenticity and integrity) are longer in size and rely on stronger math, but they can be generated and checked today with acceptable performance. The company reports that PQC signatures are already feasible in their decentralized identity workflows — for example, issuing a verifiable credential with a Dilithium signature or an XMSS signature is perfectly usable, though the signature size (a few kilobytes) is larger than an ECDSA signature (tens of bytes). These trade-offs are deemed manageable for enterprise use, given the critical importance of forward security in identity attestations.
On the encryption front, Spherity’s solutions often need to encrypt sensitive data (such as audit logs or confidential attributes in a credential). Here too, the company is incorporating quantum-resistant encryption/KEM schemes. Following BSI’s lead, Spherity employs algorithms like Classic McEliece and FrodoKEM for establishing shared keys to encrypt data. Classic McEliece (an algorithm based on error-correcting codes) is notable for its longevity and strong security track record (untouched by quantum or classical attacks for decades), making it a conservative choice for securing data exchanges. FrodoKEM (a lattice-based KEM) was also recommended by BSI for early adoption; although it wasn’t ultimately standardized by NIST due to efficiency concerns, it is still considered secure and is valued in the German approach for diversity. By integrating these KEMs, Spherity enables an enterprise to encrypt, for example, an identity token or a document in a way that cannot be decrypted by an eavesdropper with a future quantum computer. In technical terms, Spherity’s wallet can perform a hybrid key exchange: combining ECDH (for now) with FrodoKEM, for instance, so that even if ECDH is broken later, the FrodoKEM secret remains, ensuring confidentiality.
Crucially, Spherity’s adoption of PQC is happening today, not in some distant roadmap. This demonstrates that PQC algorithms (even those still in draft standards) are reaching a level of maturity for practical use. Spherity has had to overcome some challenges common to early PQC implementers: the larger key sizes and signatures can impact performance, so optimizations were needed to handle them in a user-friendly way. The company leveraged ongoing improvements in libraries and hardware support for PQC. For example, hash-based signatures like XMSS are computationally efficient (using fast hash functions) but require state management (since each key can only sign a limited number of times). Spherity engineered its system to manage such state safely for its enterprise customers, or to use multi-tree variants (HSS, XMSSMT) that allow more signing operations. In doing so, Spherity provides a quantum-safe root of trust for identities: an organization using its wallet can issue credentials to employees or devices that will remain valid and secure even in the quantum era.
Furthermore, Spherity’s involvement in initiatives like energy data-X (a German project building a cross-sector data space for the energy industry) illustrates the deployment of PQC in an industrial context. In the Energy Data-X consortium, Spherity leads the “Identity & Trust” workstream. Part of strengthening trust is ensuring that all identity credentials and communications in this energy data space are resistant to advanced threats. Thus, Spherity is effectively piloting PQC within a living lab of the energy sector. By embedding quantum-resistant identity verification into the Energy Data-X data infrastructure (which connects energy assets, smart meters, grid operators, etc.), Spherity helps future-proof this ecosystem. The governance structure of such data spaces — often involving a consortium of partners and a central set of rules — actually makes it easier to roll out new cryptographic standards. All participants can agree to use a certain PQC algorithm for credentials or data sharing, and because the data space is relatively contained (in terms of membership), compatibility can be enforced. This is a model example of how R&D ecosystems can serve as early adopters of PQC: by trialing the tech in a collaborative environment, ironing out implementation kinks, and then scaling up. Spherity’s real-world experience suggests that while PQC integration may introduce overhead, it is quite compatible with modern decentralized identity frameworks and can be layered beneath existing standards (like W3C Verifiable Credentials) without breaking them.
Looking ahead, Spherity and its peers are also eyeing integration with government-led infrastructures like EBSI (discussed earlier). A quantum-safe EBSI network, once available, could serve as a high-assurance backbone for verifying public credentials and transactions across Europe. Spherity anticipates leveraging such infrastructure by anchoring its credentials or revocation registries on EBSI, confident that the underlying ledger and its cryptographic proofs are quantum-resistant. The combination of private-sector innovation (like Spherity’s wallets) with public-sector platforms (like EBSI or national PKI systems upgraded to PQC) will create a robust ecosystem of trust that can withstand even the most powerful quantum adversaries. In other words, as soon as the building blocks (be it a PQC-enabled blockchain or a certified PQC hardware module) become available, companies like Spherity are poised to plug them into their solutions — they have already done the legwork to be crypto-agile and quantum-ready.
In summary, Spherity’s work demonstrates that enterprises do not have to wait to start using post-quantum cryptography. By following reputable recommendations (BSI, NIST) and incorporating PQC in a hybrid manner (using it alongside classical crypto for now), one can achieve quantum-resilient signing and encryption for critical applications such as identity management. Yes, the PQC proofs and keys are larger, and one must manage new complexity (like hash-based signature states or key caching to reduce latency), but these are surmountable issues. Spherity and a handful of forward-looking firms are proving out PQC in production, helping pave the way for broader industry adoption. Their efforts also feed back into standards: as they encounter performance issues or integration hurdles, they contribute to discussions in standards groups (like W3C, ISO, etc.) to improve PQC support. This kind of private sector initiative will be vital, alongside government mandates, to achieving a smooth transition.
While the progress is encouraging, it is important to acknowledge the limitations and challenges that currently come with PQC deployment, especially for enterprises and critical infrastructure operators:
In summary, the current limitations of PQC revolve mostly around practicality and trust: making the new algorithms as efficient and user-friendly as possible, and building confidence in their security and integration. These are typical obstacles for any new technology and can be overcome with focused effort. Importantly, none of these barriers is so prohibitive as to justify inaction — on the contrary, the smart strategy is to begin integrating PQC in low-risk ways (testing in labs, adding hybrid crypto in non-critical pathways) now so that the kinks are worked out by the time the organization needs to fully rely on it. Every month lost in denial is potentially a month gained by adversaries planning their quantum-enabled attacks.
The era of quantum computing is approaching faster than many anticipated, and it will have profound implications for cybersecurity. For owners and operators of critical infrastructure, the message from experts and governments is clear: start the transition to post-quantum cryptography immediately. The cost of procrastination could be catastrophic — not only in monetary terms but in human safety and national security. On the other hand, proactive migration offers a manageable path to sustained resilience.
Policymakers should treat PQC deployment in critical sectors as a strategic priority on par with other national security imperatives. This means setting clear timelines and benchmarks (as the UK has done with its 2028/2035 roadmap and as the EU is coordinating) and possibly enshrining them in regulations or directives. Governments can lead by example — upgrading their own communications and services — and by providing incentives or funding for infrastructure operators to adopt PQC. Policymakers must also invest in public awareness and education, so that boards and executives understand that “crypto risk” is not an esoteric problem but a fundamental threat to continuity of operations. Support for research and development should continue: funding testbeds, competitions, and partnerships (like Germany’s support for Energy Data-X and quantum research programs) accelerates innovation and lowers the entry barriers for industry. International cooperation is also vital; policymakers ought to collaborate on global standards and share best practices, as cyber threats do not stop at borders. The recent joint statement by EU member states urging that PQC transition be made a “top priority” across public and private sectors is a great example of the unified stance needed.
Enterprises and Critical Infrastructure Operators (energy utilities, transport operators, healthcare networks, financial systems, etc.) need to translate the looming quantum threat into concrete action plans. A recommended first step is to perform a cryptographic inventory: identify all places where your systems use cryptography — from VPN appliances and SCADA links to employee access badges and firmware update mechanisms. Many organizations have more legacy crypto embedded than they realize. Next, develop a migration roadmap for these assets, prioritizing those that protect long-lived sensitive data or are critical for safety. Where possible, adopt a crypto-agile approach — ensure software and devices can be updated to new algorithms without complete replacement. Start trial deployments of PQC in less critical environments to gain experience. For instance, an enterprise might enable a post-quantum TLS option between certain backend servers, or test quantum-safe VPN software for remote sites. Engage with vendors: ask your technology suppliers about their PQC support plans, request hybrid cryptography options in upcoming products, or join industry consortia working on standards (many sectors have working groups under organizations like IEEE, IEC, or sector-specific bodies examining PQC impacts). Importantly, don’t wait for the perfect solution — use hybrid measures now. As one motto puts it, “migrate now to be secure later”. Even if quantum-capable adversaries are years away, the data you protect and the systems you operate have confidentiality and integrity requirements that extend decades into the future. Enterprises should also incorporate PQC into their Zero Trust strategies — for example, ensure that identity and access management systems begin using quantum-resistant algorithms for authentication tokens and that network segmentation gateways use quantum-safe encryption. Zero Trust Architecture emphasizes “never trust, always verify”; in the quantum era, that verification must itself rely on quantum-safe keys, or else trust collapses. By integrating PQC and ZTA, organizations build a layered defense where even if one component is later found weak, the overall system remains secure.
Industry Associations and Standards Bodies have a coordinating role to play. Many critical infrastructure industries are highly interdependent — for instance, the electric grid relies on standards so that equipment from different manufacturers interoperates. These associations should issue guidance and technical reference architectures for quantum-safe implementations relevant to their domain. They can organize interoperability plug-fests for PQC implementations to ensure, say, a substation RTU from Vendor A can establish a PQC-secured link with a control center from Vendor B. Industry groups can also collectively lobby for resources or favorable regulations to support the transition (such as funding for upgrading legacy systems). One practical suggestion is for associations to curate knowledge repositories: sample code, recommended algorithms, vendor lists, and migration checklists specifically tailored for their sector. For example, an association of hospital systems might publish a roadmap for upgrading medical devices and health record systems with PQC, sharing lessons from early adopters to benefit all members. By banding together, industry players can avoid duplication of effort and ensure that no one is left dangerously behind due to lack of information.
A particularly promising avenue is leveraging R&D ecosystems and data space initiatives (like the aforementioned Energy Data-X in Germany) as early adopters and demonstrators of PQC. These projects often have the advantage of an “innovation mandate” and more flexible governance that allows rapid implementation of new technologies. For instance, Energy Data-X — a government-funded consortium creating a secure data sharing infrastructure for the energy sector — can require all participants to use quantum-safe credentials and encryption from the outset. Because it is a greenfield design, they can bake in PQC without worrying about legacy compatibility, and because it’s a collaborative effort, they can coordinate algorithm choices and configuration across multiple organizations. The lessons learned (on performance, integration with energy protocols, etc.) can then inform the broader rollout to the national energy grid. We recommend that data space and pilot projects in sectors like energy, finance, transportation, and telecommunications formally include PQC implementation in their scope. These environments are ideal for ironing out technical issues in a controlled setting. Moreover, successful demonstrations in such pilots will build confidence among stakeholders and can be used to justify scaling up (e.g., if Energy Data-X shows that using PQC for smart meter data exchange works well, regulators could mandate quantum-safe algorithms in the entire smart grid rollout by a certain date). By getting PQC solutions “battle-tested” in microcosms, we reduce the risk when applying them macro-scale.
Given what we know, a plausible timeline for the German energy sector (as an example) could be as follows: By 2025, complete pilot implementations of PQC in projects like energy data-X and begin upgrading cryptography in new equipment specifications (so any new power grid equipment procured from 2025 onward supports PQC or is crypto-agile). By 2026-2027, finalize industry standards for quantum-safe communication in the energy domain (perhaps through DKE/VDE in Germany or CEN/CENELEC in Europe) and start retrofitting critical linkages (e.g. control center to substation communications, inter-utility data exchanges) with hybrid encryption. By 2028-2030, require that any critical control system or sensor in the energy sector using public networks or handling long-lived sensitive data must employ PQC — effectively phasing out pure-classical crypto for high-risk connections. And by 2030-2032, achieve a state where even if a large-scale quantum computer appeared overnight, the core operations of the energy grid would remain secure (i.e., all key generation, digital signatures for control commands, VPN tunnels for grid operations, etc., are quantum-resistant). This timeline aligns with the early 2030s risk horizon and with EU-wide objectives, and it mirrors the UK’s call for all critical systems to be PQC-migrated by 2035 (with the energy sector being a priority, given its foundational nature). In fact, Germany’s BSI has hypothesized Q-day in the early 2030s, so aiming for around 2030 is prudent. Each year of delay beyond that would exponentially increase risk.
Finally, it is worth emphasizing why starting now is so important. The process of transitioning cryptography at scale is painstaking — it requires asset inventories, procurement changes, software updates, possibly legislative changes, and certainly lots of testing to avoid outages. As the World Economic Forum noted, critical infrastructure protection often suffers from ambiguity over who finances upgrades. The quantum threat flips the script: it imposes a hard deadline by which doing nothing ceases to be an option. Leaders in government and industry must therefore collaborate to allocate funding and align priorities. The cost of implementing PQC (in technology and training) should be weighed against the incalculable cost of a successful quantum-enabled attack on power grids, healthcare systems, or transportation — which could be orders of magnitude higher and measured not just in dollars but in lives and societal disruption.
By getting ahead of the threat, we also unlock positive opportunities: Quantum-safe encryption and identity systems will be a foundation for the future digital economy (including things like 6G communications, autonomous vehicle networks, and AI infrastructures). Organizations that move early can position themselves as trusted leaders in security, potentially gaining an edge in whatever partnerships or data-sharing ecosystems form in the coming years. For example, a smart city initiative might only want participants who are quantum-secure to avoid weakest-link problems — those who have already transitioned will immediately qualify.
In conclusion, the transition to post-quantum cryptography for critical infrastructure is not a question of if or whether, but when and how. The “when” should be right now — with urgency, and the “how” should be with careful planning, collaboration, and the aid of initiatives already paving the way. The technology is ready or rapidly maturing; the onus is on us to implement it in time. As a coalition of European cyber authorities aptly stated, organizations “should start the transition now” to ensure our digital infrastructure remains safe in the quantum age. By taking action today — embracing PQC, fostering crypto agility, and embedding zero-trust principles — we can guarantee that our most critical services and industries will continue to run securely tomorrow, no matter what technological breakthroughs emerge.
Ready to upgrade your digital enterprise identity and prepare for the PQC era? Contact us.
