The State of Post-Quantum Cryptography 2026
A comprehensive overview of where the industry stands in the quantum transition — standards, algorithms, threats, and what organizations must do now.
NIST Post-Quantum Standards Timeline
The road from standardization to mandatory compliance.
FIPS 203, 204, 205 Finalized
NIST publishes ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205) as the first post-quantum cryptographic standards.
FIPS 206 (FN-DSA) Draft
NIST releases the draft standard for FN-DSA (Falcon), a lattice-based digital signature algorithm optimized for compact signatures.
RSA/ECDSA Deprecation Deadline
NIST mandates that RSA and ECDSA must no longer be used for digital signatures in federal systems.
CNSA 2.0 Full Compliance
NSA requires full compliance with the CNSA 2.0 suite for all National Security Systems, including ML-KEM-1024 and ML-DSA-87.
Algorithm Landscape
Of the 58+ commonly used cryptographic algorithms, the majority are vulnerable to quantum attack.
| Classification | Count | Examples | Details |
|---|---|---|---|
| Quantum Unsafe | 23 | RSA, ECDSA, ECDH, DH, DSA, EdDSA (classical) | |
| Quantum Safe | 15 | ML-KEM, ML-DSA, SLH-DSA, FN-DSA, XMSS, LMS | |
| Conditional | 21 | AES-256, SHA-384+, ChaCha20-Poly1305, HMAC-SHA-256 |
Industry Readiness Benchmarks
Average HNDL (Harvest Now, Decrypt Later) readiness scores by industry, based on cryptographic posture assessments.
Scores reflect the percentage of cryptographic assets that are quantum-safe or on a verified migration path. Higher is better.
The HNDL Threat
Harvest Now, Decrypt Later is not a theoretical risk — it is happening today.
How HNDL Works
Nation-state adversaries and sophisticated attackers are intercepting and storing encrypted communications today. While they cannot decrypt this data now, they are banking on future quantum computers to break the encryption.
Any data encrypted with RSA, ECDH, or other quantum-unsafe algorithms that needs to remain confidential for 5+ years is at risk right now — not when quantum computers arrive.
This is why NIST, NSA, and CISA have all issued urgent guidance: the migration to post-quantum cryptography must begin immediately.
Mosca's Inequality
If X + Y > Z, your data is already at risk.
PQC Migration Roadmap
A four-phase approach to achieving post-quantum cryptographic readiness.
Foundation
Months 1-3
Cryptographic inventory, CBOM generation, HNDL risk scoring, and executive briefing.
Planning
Months 4-9
Prioritized migration roadmap, crypto-agility architecture, vendor coordination, and budget planning.
Implementation
Months 10-36
Algorithm migration, hybrid key exchange deployment, regression testing, and compliance validation.
Sustainment
Ongoing
Continuous monitoring, algorithm agility updates, new standard adoption, and recurring assessments.
Assess Your Quantum Risk Today
Get your organization's HNDL risk score, cryptographic inventory, and prioritized migration roadmap — starting with a free assessment.
