In our latest webinar, Wultra’s special guest, Jiří Pavlů, a Mathematical Security Expert at Raiffeisen Bank’s Cryptology and Biometrics Competence Centre, joined Petr Dvořák, Wultra’s CEO and founder, for an insightful discussion about post-quantum authentication.
Speakers:
Jiří Pavlů is a Mathematical Security Expert at Raiffeisen Bank International, ensuring the bank's protection against emerging threats, including quantum computing.
Petr Dvořák is Wultra’s CEO and founder with 10+ years of experience in the secure authentication domain.
Petr: Let’s start with the basics. Quantum computers pose quite a threat. That being said, banks and fintech organizations are currently focused on other topics, such as AI capabilities and compliance with local directives, such as PSD3. Meanwhile, Gartner has already deemed post-quantum cryptography as one of the top 10 strategic technology trends for 2025, warning that traditional cryptography will become unsafe by 2029.
Quantum computing will render traditional cryptography unsafe by 2029. It’s worth starting the post-quantum cryptography transition now.
Source: Begin Transitioning to Post-Quantum Cryptography Now by Mark Horvath, published on September 30, 2024, all rights reserved.
Jiří: Indeed, the impact of changes in cryptography is quite vast. Consider any part of your infrastructure that requires a secure connection: digital banking, electronic contracts, payments, VPN connections, and more. Most companies worldwide rely on the same two or three algorithms to secure those channels. And these algorithms are actually vulnerable when it comes to quantum computer attacks. Quantum computers may not be capable of much yet—but what they are good at is exactly what we need to guard against. Because when Q-Day comes, all systems that depend on legacy cryptography for encryption or digital signatures will be compromised.
Petr: Banks will need to upgrade every piece of their software by 2030 to stay safe.
Jiří: Exactly. These changes cannot be done in a couple of years from now, as it’s going to be too late then. It’s easy to underestimate how long cryptographic algorithms stay with us once introduced in software. One historical example is SHA-1 which has been considered insecure for about 25 years now. Now, it can be broken using a regular home computer. Yet, you can still find it in software today.
Petr: When we look at the definition of the PQC, it is “a branch of cryptography that focuses on methods that remain secure against attacks by quantum computers.” But how can our audience visualize it? Is it similar to RSA in any way, just with longer keys?
Jiří: Funny you mention that—there were discussions in the past about making RSA quantum-resistant. But that would require much larger keys. Imagine that instead of your access card, you would need to carry something that is essentially an SSD drive—that’s how much space you’d need to store one RSA post-quantum key.
Fortunately, we now have better options—algorithms based on entirely different schemes, such as those that rely on mathematical structures known as lattices. So there’s really no connection between RSA and modern post-quantum cryptography.
Lattice-based cryptography uses more robust mathematical problems. Think of a vast field filled with rows and columns of lettuce plants. These plants are neatly arranged in a grid-like pattern. This structured grid represents a lattice, which is essentially a mathematical space made up of regularly spaced points. Now, there's a snail whose task is to find the closest lettuce leaf to a given point without starving along the way, which becomes increasingly challenging as you move from a 2D space to 3D or even higher dimensions, such as 250 dimensions. The vector path between the snail and the lettuce encodes the message.
Petr: Let’s talk about history for a moment. Peter Shor, an American theoretical computer scientist, devised Shor’s algorithm in 1994 already. Why didn’t we act on it back then?
Jiří: In the early 1990s, quantum computing was purely theoretical. Researchers were still figuring out if a quantum computer could even be built, let alone run complex algorithms. Shor’s algorithm was groundbreaking, but quantum computers were just a dream at the time. Still, it put quantum computing on the map and inspired a wave of research into quantum algorithms.
Petr: Now, however, we can assume that Q-Day is coming. Research in quantum computing is steady, and we can even speculate about a sudden research breakthrough similar to what happened with AI. Another important topic here is the “harvest now, decrypt later” attack scheme, which is actually a main business driver that motivates organizations to transition to post-quantum cryptography today. It means that encrypted data becomes less secure over time until it can be fully decrypted.
Jiří: Exactly. It helps to know what your potential attacker looks like—that’s a useful mental model. For many companies, and virtually all banks, “Harvest now, decrypt later” is a real-world security threat. Adversaries are already collecting encrypted communications and storing them, even if they can’t decrypt them yet. So if your data needs to stay secure for decades, it’s at risk—even before quantum computers become widely available.
Petr: NIST has already set a timeline for organizations to migrate to PQC by 2030. But as of 2025, many banks haven’t even budgeted for it. By next year, we recommend banks start inquiring their vendors. In 2027, they should already be running RFPs and replacing services that aren't PQC-ready. 2028 should be the year migration projects are in full swing—moving users from legacy systems to PQC systems. This way, you can deprecate legacy solutions in 2029 and be ready for full compliance in 2030.
In short—2026 is the latest you can start if you want to complete the transition in time.
Want to learn more about post-quantum cryptography? Watch our full webinar to explore the migration to PQ-resistant solutions, the history of secure algorithms, and much more.
.webp)
