Quantum computers are no longer a theoretical threat â they are a countdown timer ticking against the security of every encrypted communication on the planet. Post-Quantum Cryptography (PQC) develops algorithms resistant to quantum attacks, and telecom operators stand at the front line of this transition. From 5G networks to eSIM cards, every layer of the telecom stack requires upgrading before it is too late.
đ Read more: FTTH Greece 2026: Fiber Optic Coverage Map
Why Classical Cryptography Has an Expiration Date
Today's public-key algorithms â RSA, ECC, Diffie-Hellman â rely on mathematical problems like integer factorization and discrete logarithms. These are practically impossible to solve on classical computers. However, Shor's algorithm, running on a sufficiently powerful quantum computer, can break them in polynomial time.
As of 2026, no quantum computer can yet break production cryptography. But therein lies the real threat: the "harvest now, decrypt later" strategy. State and non-state actors are already collecting encrypted data â government communications, banking transactions, medical records â planning to decrypt it once they gain access to quantum hardware. Intelligence agencies worldwide have been stockpiling intercepted traffic for years, betting on future quantum capabilities. The clock is already ticking, even if the quantum computer that reads your data has not been built yet.
Mosca's Theorem
If the shelf life of your data (x) plus the time to migrate to PQC (y) exceeds the time until a cryptographically relevant quantum computer arrives (z), then you are already at risk. For telecom networks with data lifespans of 10â25 years and migration timelines of 5â10 years, the transition should have started yesterday.
The NIST PQC Standards: A New Era
In August 2024, NIST published the first three post-quantum standards after 8 years of evaluation. In March 2025, HQC was selected as the fifth algorithm. These standards form the foundation for the entire digital ecosystem's migration.
NIST Post-Quantum Cryptography Standards
| Standard | Algorithm | Type | Use Case | Status |
|---|---|---|---|---|
| FIPS 203 | CRYSTALS-Kyber (ML-KEM) | Lattice-based | Key Encapsulation | Final |
| FIPS 204 | CRYSTALS-Dilithium (ML-DSA) | Lattice-based | Digital Signature | Final |
| FIPS 205 | SPHINCS+ (SLH-DSA) | Hash-based | Digital Signature | Final |
| FIPS 206 | Falcon (FN-DSA) | Lattice-based | Digital Signature | Near Final |
| â | HQC | Code-based | Key Encapsulation | Selected 2025 |
The dominance of lattice-based algorithms is no coincidence. Lattice problems (Learning With Errors, Module-LWE) offer an excellent balance of security, key size (~1 KB for Kyber), and computational performance. For comparison, the McEliece algorithm (code-based) requires public keys of ~1 MB â practically unsuitable for mobile networks. It is worth noting that the isogeny-based approach (SIDH/SIKE) collapsed spectacularly in 2022 when a classical computer attack was discovered, reminding us that even PQC schemes require extensive cryptanalysis.
In total, there are 6 main PQC algorithm categories: lattice-based, code-based, hash-based, multivariate, isogeny-based, and symmetric key. Lattice-based algorithms dominate the NIST standards, hash-based ones (SPHINCS+) offer mathematical simplicity but larger signatures, while code-based (HQC, McEliece) build on decades of coding theory. Symmetric cryptography (AES-256) is already quantum-resistant â Grover's algorithm provides only a square root speedup, easily countered by doubling key sizes.
Telecommunications: The Most Critical Transition
Telecom networks are arguably the most complex PQC migration target, as cryptography permeates every stack layer:
đ Read more: Internet Speeds in Greece vs Europe 2026: Where Do We Stand?
In the 5G Core (SBI), service-based interfaces use TLS 1.3 for authentication between network functions. Migrating to PQC-enabled TLS (with ML-KEM for key exchange and ML-DSA for certificates) is the top priority. Backhaul links between base stations and the core network rely on IPsec with classical IKEv2 â another critical point requiring upgrade.
At the SIM/eSIM level, cryptographic keys used for subscriber authentication are based on symmetric cryptography (AES-based), which is already resistant to quantum attacks â Grover's algorithm provides only a square root speedup, countered by doubling key sizes (AES-256). This is a bright spot: the 3GPP authentication stack is quantum-safe by design.
Signaling protocols (SS7, Diameter, SBI) and RCS messaging protocols represent additional migration domains. The IETF is developing Messaging Layer Security (MLS) with PQC integration, addressing RCS needs as well.
Who Is Already Moving
The transition to post-quantum cryptography is not theoretical â it has begun on the world's largest platforms. The urgency is driven by a simple calculation: if deployment takes years, and quantum computers may arrive within a decade, the window for preparation is already closing.
Signal â PQXDH (2023)
Signal adopted the PQXDH protocol, introducing post-quantum key agreement to the most widely used E2E encrypted messenger. A hybrid approach combining X25519 + Kyber.
Apple iMessage â PQ3 (2024)
Apple's PQ3 protocol introduces hybrid post-quantum encryption with ongoing rekeying. Every message uses fresh PQ keys, eliminating future vulnerabilities.
Chrome & Cloudflare â X25519MLKEM768
Chrome and Cloudflare use hybrid key exchange in TLS, combining X25519 with ML-KEM 768. Millions of HTTPS connections are already post-quantum protected.
The Hybrid Approach: Security on Two Levels
No serious organization transitions directly to pure PQC. Hybrid cryptography combines classical algorithms (X25519, ECDSA) with PQC algorithms (ML-KEM, ML-DSA) running in parallel. If either algorithm proves vulnerable â the classical one to quantum attack, or the PQC one to classical cryptanalysis â the other provides security. This defense-in-depth strategy is what Google, Apple, and Signal all follow.
đ Read more: Public WiFi Dangers: How to Stay Protected
A complementary tool is physical layer security, such as optical chaos cryptography in fiber networks. While it does not replace PQC algorithms, it creates an additional protection layer at the transport infrastructure level. Together with hybrid PQC, it forms a multi-layered defense architecture that does not rely on any single mathematical assumption remaining unbroken.
The European Roadmap
In June 2025, the EU published the Coordinated Implementation Roadmap for PQC transition. The roadmap sets specific timelines for critical infrastructure, including telecommunications. For European operators â including those in Greece â this means:
First, cryptographic asset inventory: every point using public-key cryptography must be catalogued. Second, a migration plan starting with the most critical points (TLS in 5G core, VPN tunnels). Third, interoperability testing with vendor equipment supporting the new standards. The Open Quantum Safe (OQS) project provides an open-source C library (liboqs) for implementation testing.
Challenges and Reality
The transition is not painless. PQC keys and signatures are significantly larger than classical ones â while ML-KEM keeps this manageable at ~1 KB, the overhead adds up in networks handling millions of handshakes per second. Throughput decreases, especially on constrained devices like IoT sensors running on NB-IoT or LTE-M. The TLS handshake size increases measurably with hybrid key exchange, adding latency at a scale that matters for real-time applications like VoLTE and video calling.
The biggest challenge, however, is organizational: many operators do not even have a complete cryptographic inventory. They do not know how many network points use RSA or ECC, how many certificates need replacing, or which vendors offer PQC-ready firmware. Greece, as an EU member, follows the European roadmap, but national implementation requires coordination between EETT (the national regulator), operators, and equipment vendors.
There is also the question of migration cost. Replacing certificates, upgrading HSMs (Hardware Security Modules), testing compatibility with existing systems, and training personnel represent a significant investment. Google estimates its own transition will take 5-10 years. For smaller European operators, the timeline may be even longer without clear government support and funding.
The post-quantum era is not arriving at some point in the future â preparation must happen now. Every month of delay increases the volume of data that can be harvested today and decrypted tomorrow. For Greek telecommunications, integrating PQC into 5G networks is not a luxury â it is a national security imperative.