Aksel CichockiQuantum Security Lab
QSL
Roadmap

Migration Readiness and System Evolution

Quantum security is not a destination — it is a continuously evolving capability. This roadmap emphasizes migration readiness, crypto-agility, and pragmatic system evolution over speculative technology adoption.

Why It Matters
Quantum security is a moving target. Migration readiness and crypto-agility matter more than picking the "right" algorithm today.
Who Should Care
Technical leaders planning multi-year infrastructure evolution and security architects evaluating emerging capabilities.
What To Do Now
Build crypto-agility into your architecture, inventory cryptographic assets, start migration planning. See Standards.
Exploratory

Quantum Key Distribution (Selective Use Cases)

Physics-Based Key Exchange — Where It Applies

Quantum Key Distribution (QKD) uses fundamental properties of quantum mechanics to detect eavesdropping during key exchange. While promising, QKD remains constrained by distance limitations, specialized hardware requirements, and high deployment costs. This research treats QKD as a selective complement to post-quantum cryptography — not a replacement.

  • Point-to-point fiber links — QKD is most practical for high-security, short-distance channels such as data center interconnects or government backbone links.
  • Hybrid QKD + PQC — where QKD is deployed, combining it with PQC algorithms provides defense-in-depth. Neither layer alone is sufficient as a general solution.
  • Satellite QKD — an emerging area of research for long-distance key distribution, but not yet commercially viable for most organizations.
  • Not a universal solution — QKD does not protect stored data, does not scale to arbitrary networks, and requires trusted relay nodes for distances beyond fiber range. PQC-based migration remains the primary recommended path.

This lab monitors QKD developments as a future capability layer, while prioritizing crypto-agility and PQC adoption as the actionable path for most organizations today.

Research Direction

Autonomous Crypto-Upgrade Agents

AI-Assisted Cryptographic Migration

The biggest challenge in quantum migration is not adopting new algorithms — it is finding and re-encrypting all the data protected by vulnerable ones. This lab explores how autonomous agents could assist with this process:

  • Cryptographic inventory scanning — agents that continuously scan infrastructure to identify cryptographic assets: keys, certificates, encrypted data stores, and algorithm usage patterns.
  • Vulnerability assessment — each cryptographic asset evaluated against current threat models and policy requirements, producing a prioritized migration queue.
  • Assisted re-encryption — agents that could execute re-encryption operations during maintenance windows, migrating data from vulnerable algorithms to quantum-resistant ones.
  • Rollback safety — migration operations that maintain rollback paths, reverting automatically if re-encryption produces unexpected results.

This is a research direction, not a shipped capability. The concept explores how autonomous agents could transform quantum migration from a massive manual project into a more continuous, automated process.

Research Direction

Quantum Risk Scoring

Toward Continuous Quantum Threat Intelligence

As quantum computing advances, the threat level changes. This research explores what a risk scoring system could look like — one that tracks quantum computing progress and helps organizations adjust security posture accordingly:

  • Quantum progress tracking — monitoring published research, hardware announcements, and benchmark results from quantum computing programs worldwide.
  • Data-specific risk scores — each data asset receiving a quantum risk score based on its encryption method, sensitivity level, secrecy shelf-life, and the current quantum threat timeline.
  • Adaptive policy triggers — risk scores crossing defined thresholds could trigger policy tightening: upgrading key sizes, enforcing hybrid encryption, or accelerating rotation schedules.
  • Executive visibility — dashboards showing an organization's quantum readiness posture, migration progress, and remaining risk exposure.

This direction envisions quantum security as an ongoing, intelligence-driven capability rather than a one-time migration project.

Migration Readiness Starts Now

The transition to quantum-resilient systems is a multi-year process. Organizations that begin planning today will be best positioned when the threat landscape shifts.

Contact Defense Checklist
References & Further Reading
  • NIST FIPS 203/204/205 — finalized post-quantum cryptographic standards (August 2024)
  • NSA CNSA 2.0 — target migration timelines for national security systems (guidance, not mandates for commercial use)
  • ETSI QSC — Quantum Safe Cryptography technical specifications and migration frameworks
  • NSA — Quantum Key Distribution and Quantum Cryptography (public position on QKD limitations)