Our colleague Stephan Müller recently participated in the Post-Quantum Cryptography (PQC) Workshop hosted by the KTH Royal Institute of Technology in Stockholm, Sweden. The conference brought together researchers, industry professionals, and cybersecurity experts to discuss the transition toward quantum-resistant cryptography and the practical challenges organizations face in preparing for the post-quantum era.
A presentation from Ericsson explored the global PQC landscape, including standardization efforts, government policy directions, and the migration journey for the telecom industry. In the presentation, they identified four key challenges include:
- performance constraints of quantum-safe algorithms
- size limitations in IoT environments
- long infrastructure lifecycles in telecom networks
- updates to public key infrastructure and roots of trust
The talk also described how future mobile standards such as 5G and 6G are integrating quantum-resistant algorithms.
Meanwhile, Advenica highlighted that algorithmic security alone is insufficient if implementations remain vulnerable to side-channel attacks by examining the maturity of implementations for recently standardized PQC algorithms and identifying areas requiring further defensive work. This presentation reinforced an important message: secure deployment depends heavily on implementation quality, not just algorithm selection.
OHB Sweden gave a talk that examined how satellite systems present unique challenges for cryptographic transition due to:
- extremely long system lifetimes
- limited ability to update deployed systems
- critical service dependencies such as communication and navigation
These constraints make long-term cryptographic trust and lifecycle-aware security planning essential.
The Swedish eHealth Agency presented work on a national network coordinating PQC transition in healthcare and medical technology. The initiative brings together public agencies, healthcare providers, industry, and research organizations to prepare a sector-specific roadmap.
During his presentation, Stephan Müller discussed practical challenges and mitigation strategies for deploying post-quantum algorithms.
His talk addressed the deployment of standardized algorithms such as ML-DSA, ML-KEM, and SLH-DSA and explored how organizations can replace classical cryptographic methods like RSA, ECC, and Diffie-Hellman. Key takeaways from Stephan’s presentation:
- Post-quantum signatures can often be implemented as drop-in replacements.
- Key agreement can also be replaced with appropriate data exchange protocols.
- Existing network protocols such as TLS, IPsec/IKE, and SSH are being updated to support PQC.
- Hybrid approaches combining classical and post-quantum algorithms are possible during the transition.
The workshop concluded with a panel on practical transition strategies for organizations. The discussion focused on:
- preparation steps such as data inventory and cryptographic inventory
- treating PQC transition as a management and governance issue
- building organizational awareness across technical and leadership levels
- the importance of standardization to ensure interoperability between systems
There were many other valuable talks and contributions at the workshop that are not covered in this blog post, but they all contributed to a highly informative and engaging program. The workshop provided valuable insights into both the technical developments and organizational considerations surrounding post-quantum cryptography and made it clear that participation in events like this helps us stay informed about evolving cybersecurity challenges and strengthens our ability to spread our knowledge and raise awareness.
We would like to extend our sincere appreciation to the workshop organizers for hosting a highly valuable and well-structured event. Special thanks to the General Chair, Carl-Mikael Zetterling from the KTH Royal Institute of Technology, and the Program Chairs, Elena Dubrova from the KTH Royal Institute of Technology and Thomas Johansson from Lund University, for their excellent organization and coordination of the workshop.
In addition to participating in the conference, Stephan Müller also conducted a valuable internal workshop for our employees in Sweden, covering a range of topics on post-quantum cryptography. The sessions included an overview of PQC background, migration strategies, practical implementation considerations, and potential side-channel vulnerabilities. This internal training helped our team to better understand the challenges and opportunities associated with transitioning to quantum-resistant cryptography.
