Quantum security is shifting from a specialist concern to a strategic priority. Recent reports, including assessments from leading institutions, warn that by 2035 quantum computers could decrypt much of today’s encrypted information. And yet, data shows a striking gap: while many organizations plan to adopt quantum-safe encryption, only a small fraction have an actual transition strategy.

To understand what this means in practical terms and why this topic deserves attention now, we spoke with Professor Nicola Andriolli of the University of Pisa, expert in optical classical/quantum communications and network security.

Below is a short interview that unpacks the fundamentals, the new NIST standards, and what organizations should be doing today to stay secure in a quantum future.

Understanding the Context

Let’s start from the basics. What is a quantum computer, and what makes it different from the machines we use today?

“A classical computer works in a very intuitive way: it processes information as bits that can be either 0 or 1. A quantum computer uses qubits, which can be 0, 1, or both at the same time. This property (called superposition) allows a quantum computer to explore many possibilities simultaneously. For some classes of problems, this creates a computational speed-up that classical machines simply cannot match.”

Why does this matter for traditional cryptography?

“Because some of the encryption used today relies on mathematical problems that are extremely hard for classical computers but much easier for a quantum one. A well-known example is Shor’s algorithm, which a quantum computer can use to break the mathematical foundations of many public-key systems. For now, quantum computers are still in an early stage, but that doesn’t mean we are safe. The real danger is the ‘harvest now, decrypt later’ strategy: attackers can intercept encrypted data today and decrypt it in the future, once quantum computers become more powerful.”

Which algorithms do we rely on today, and why will they become vulnerable?

“Today, most secure communications rely on asymmetric algorithms within the framework of Public Key Infrastructure (PKI). These algorithms are based on mathematical problems that are easy to check but extremely hard to solve with classical computers, such as factoring very large numbers or computing discrete logarithms. Quantum computers, however, can solve these problems efficiently, which means that the cryptographic keys protecting our data could be broken. In other words, the foundations of today’s PKI, which secure emails, financial transactions, and online services, will become vulnerable once sufficiently powerful quantum machines are available.”

Standards and Solutions

What options do we have today to protect data from quantum threats?

“There are two main strategies emerging. The first is Quantum Key Distribution (QKD), which uses the principles of quantum physics to securely exchange encryption keys over dedicated fiber links. Any attempt to intercept the keys changes their quantum state, immediately revealing the attack. The second is Post-Quantum Cryptography (PQC), a set of new software-based algorithms designed to resist quantum attacks. Unlike QKD, PQC does not require special quantum hardware and can run on today’s infrastructure. Each approach has strengths and limitations: QKD provides security based on physics but is harder to deploy broadly, while PQC is easier to integrate but relies on mathematical assumptions. Combining the two offers the most robust protection.”

NIST recently selected new post-quantum algorithms. How do these new systems work?

“They are designed around mathematical problems that, based on current knowledge, are resistant to quantum attacks. Many rely on lattice-based structures, geometrically complex problems for which we have no known efficient solutions, not even with quantum computers. Absolute certainty doesn’t exist, but these are considered the most reliable paths forward. Kyber is designed for key exchange; Dilithium for digital signatures; SPHINCS+ uses only hash functions, making it robust but slower and more resource-intensive. Kyber and Dilithium are lattice-based, while SPHINCS+ follows a hash-based approach. All aim to withstand future quantum attacks.”

Which approach do you consider the most effective against quantum threats?

“Actually, both QKD and PQC have their advantages, and the most secure approach is often a hybrid solution that combines them. PQC algorithms provide protection based on mathematical complexity and can be deployed on existing infrastructure, while QKD offers security guaranteed by the laws of quantum physics, though it requires specialized networks. By integrating both, organizations can benefit from multilayer protection: PQC secures the data itself, and QKD secures the keys, reducing the risk that a single vulnerability compromises the entire system.”

Where are we in the transition?

“For environments such as federal agencies, the transition has already started. NIST recommends beginning the migration now because the data being protected today might still be sensitive in 10 or 20 years. In Europe and in public administrations the adoption is progressing, but unevenly.”

And on the industrial side?

“There are already commercial QKD solutions and regional initiatives, such as the project in Regione Lombardia linking hospitals, military sites, and financial institutions. The transition requires updating hardware, software, and protocols — and the complexity is both technical and strategic. In any case, high-sensitivity sectors are moving first.

Impacts and Scenarios

Which sectors should prepare first?

“Those where confidentiality must last decades: government, defense, finance, and healthcare. Institutional and military communications in particular.”

How should industrial players approach this shift?

“Adopt PQC today and evaluate QKD where feasible, ideally in hybrid forms. Waiting for the threat to fully materialize is not an option.”

What role do Italy and Europe play in standardization?

“Italy contributes through universities and spin-offs. Europe is active, but NIST still leads formal standardization efforts.”

What would you recommend to a CTO preparing for the quantum era?

“Start using post-quantum algorithms now. The risk is not future, it’s present. We must protect today the data that must remain secret for decades. We can’t wait any longer. Securing communications is already a challenge of today. We don’t know how much time we realistically have. When the quantum threat reaches full capability, it may be too late. Those who lag behind risk retroactive data breaches, loss of trust, competitiveness, and security.”

Quantum-safe security is already part of our roadmap at SMA-RTY. To learn more, explore our work on SDQ-5G and upcoming solutions for quantum-resilient communication.