PQCSA Workshop

Opening Remarks

Matthieu Rivain, CryptoExperts

Advancement in Cryptographically Relevant Quantum Computers and Shor’s Algorithm for Cryptanalysis

Dahmun Goudarzi, Alice & Bob

For this conference we'll dive into the fascinating world of quantum computing and the evolution of quantum cryptanalysis with Dahmun from the pioneering startup Alice & Bob. Alice & Bob is one of the leading European players in the race to build universal quantum computers - machines capable of executing any type of algorithm with unprecedented power. During this session, Dahmun will introduce the fundamentals of quantum computing, the current evolution of building universal quantum computers, and current state of the art of for Shor's algorithm.

Coffee Break (30 min)

Status of PQC activities at the Commission

Bernardo Lopes Goncalves, European Commission

The activities of the Commission on PQC and cryptography in general are diversified, ranging from designing and pushing for ideas for different Work Programmes, supporting already ongoing activities, supporting and steering the work of the PQC workstream of the NIS cooperation group, analyzing trends and monitor quantum speed-ups, following the expert group on a Technology Roadmap for Encryption, and injecting input for new policies. Here we will present a quick "walk" through some of those different activities, also highlighting what we think has room for improvement.

The evolving EU policy digital landscape – some aspects in connection to privacy

Fabiana Da Pieve, European Commission

The EU policy initiatives in the field of digital technologies are numerous and with several implications on privacy. We will go through some of them and see how they address core functions specifically for secure data exchange and data processing. We will mention cross-sectoral impacts, and highlight some (of the many) important challenges that remain to be addressed in current policy frameworks for addressing risks related to different threats - quantum, AI - and surveillance.

Navigating the governance aspects of the PQC transition

Laima Jančiūtė, Independent researcher

The significance of encryption in exercising the rights to privacy and data protection as well as other civil liberties cannot be overstated. But this technology has even long transcended being a mere technological enabler of human rights: there are ongoing discussions about enshrining a distinct right to encrypt. And in response to the threat that the fast development of quantum computing poses to currently used cryptographic methods, the Spanish Quantum Strategy has formulated and advanced "a new digital right to post-quantum privacy". Due to the multifaceted reliance of the digital society on robust cryptography, numerous governments around the world have embraced the need to mitigate the quantum decryption threat by striving to accomplish the shift to quantum-resistant cryptography within a decade, with some countries having set even more ambitious timelines. But although PQC deployment has already been taking place and a trajectory of PQC becoming a cryptographic standard by default can be observed, at the same time, surveys consistently show the overall low rates of prioritisation of this transition in organisational risk management strategies. To overcome such resistance, a steady stream of governance measures and legal mandates are key. In the EU, which enjoys scientific excellence in the field of cryptography, there is a rich set of regulatory instruments (including the e-Privacy Directive and the GDPR) that are relevant to the PQC transition through their state-of-the-art security requirements and the principles of privacy-by-design and security-by-design. For some time, this process has been also driven by strong policy entrepreneurship stemming from some Member States and at the EU level the PQC policy course was formulated in 2024 when related funding intensified as well. The recent new legislative proposals have stressed increasing urgency of enacting the PQC migration. This talk will offer a deep dive into this landscape, highlighting the need for more streamlined governance approaches to better operationalise this transition, and will address some misconceptions that mislead, at times, PQC migration discussions.

Lunch Break (1h)

Architectural Framework for PQC Vulnerability Management & Quantum Threat Monitoring

Reyhane Attarian, Sopra Steria

The transition toward post-quantum cryptography (PQC) introduces new operational, architectural, and security-engineering challenges that extend beyond cryptographic replacement alone. While current research has primarily focused on migration strategies and quantum-resistant algorithms, less attention has been given to vulnerability management, telemetry engineering, and operational monitoring during the pre-CRQC transition period.
This workshop presentation introduces a systems-level framework for PQC vulnerability management and quantum-threat monitoring across classical and transitioning infrastructures. The proposed approach defines a structured detection and monitoring model that aligns observable indicators, telemetry sources, and SOC-oriented analysis workflows within enterprise environments undergoing PQC transition.
The presentation further examines how frontier AI systems may influence PQC migration by accelerating system analysis, dependency mapping, cryptographic inventory discovery, and operational assessment processes. At the same time, these capabilities may reshape organizational risk surfaces, operational timelines, and defensive requirements during large-scale migration efforts.
The resulting framework integrates PQC migration, vulnerability management, detection engineering, and security operations into a unified architectural model intended to support enterprise governance, risk management, and operational resilience throughout the post-quantum transition.

Migration to quantum-safe cryptography: perspective from a personal data protection authority

Matthieu Lequesne, French Data Protection Authority

Matthieu Lequesne is a cryptographer and works as a scientific expert at the technological department at the CNIL. This talk examines the post-quantum transition through the lens of personal data protection and explores how existing data protection mechanisms can be mobilised to accompany the shift toward quantum-safe cryptography.

Coffee Break (30 min)

PQC Migration at Google

Christiane Peters, Google

Google began experimenting with post-quantum cryptography (PQC) in 2016 and is now executing a company-wide rollout with 2029 as the target date. This talk examines the technical and operational hurdles of such an ambitious timeline, including critical dependencies and the realities of implementing PQC at scale. We will also discuss how shifting regulatory requirements and internal lessons are shaping our ongoing migration journey.

The road ahead to a fully post-quantum Internet

Bas Westerbaan, Cloudflare

In this talk we take measure of the current state of the PQC migration of the Internet, lessons learned so far, and the path ahead.

Research Directions and Emerging Challenges in PQC

Mélissa Rossi, CryptoExperts

This closing talk will be delivered by Mélissa Rossi, formerly a cryptography expert at ANSSI and currently at CryptoExperts. It will provide a concise overview of active research directions in post-quantum cryptography. The presentation will examine ongoing efforts around current standards, with a focus on tightening and refining security bounds. It will also address side-channel considerations, including leakage models and practical countermeasures. In addition, the talk will highlight the need for advanced functionalities tailored to specific application contexts. It will conclude by emphasizing the critical importance of dissemination and broad understanding of post-quantum challenges and solutions.

End of the workshop