The countdown to Q-Day — what MNOs need to know now
Sponsored by
NOTE FROM THE EDITOR
Christian de Looper
November 3rd, 2025
Quantum computing is moving from theoretical promise to practical reality, and that shift has major implications for digital security. For mobile network operators (MNOs), the concern isn’t just about what’s possible right now, but what will be possible soon. Quantum computers use fundamentally different principles than classical machines, enabling them to solve certain mathematical problems dramatically faster. That includes problems at the heart of the encryption methods we rely on every day, such as RSA and elliptic-curve cryptography (ECC). When these systems can be broken, the foundation of current secure network authentication, data protection, and identity management begins to erode.
The countdown to Q-Day — what MNOs need to know now
Christian de Looper
November 3rd, 2025
Quantum computing is moving from theoretical promise to practical reality, and that shift has major implications for digital security. For mobile network operators (MNOs), the concern isn’t just about what’s possible right now, but what will be possible soon. Quantum computers use fundamentally different principles than classical machines, enabling them to solve certain mathematical problems dramatically faster. That includes problems at the heart of the encryption methods we rely on every day, such as RSA and elliptic-curve cryptography (ECC). When these systems can be broken, the foundation of current secure network authentication, data protection, and identity management begins to erode.
This moment, often referred to as “Q-Day,” represents the point when quantum computers can realistically crack these current encryption standards. While that day hasn’t arrived yet, it’s coming — and it could be soon. The global telecom ecosystem is already preparing for the transition to quantum-safe security. For MNOs, however, planning ahead is key.
What is Q-Day?
Q-Day refers to the point in time when quantum computers become powerful enough to break the cryptographic systems that secure nearly all digital communications today. The concern centers on public-key algorithms such as RSA and ECC, which rely on mathematical problems like factoring large prime numbers or solving discrete logarithms — problems that are almost impossible for classical computers to solve efficiently. Quantum computers, however, operate on entirely different principles. Using quantum bits, or qubits, they can perform parallel computations at a scale that allows them to solve these problems exponentially faster. Once that level of capability is reached, current forms of encryption will no longer be reliable.
For mobile network operators, this has far-reaching implications. Every SIM card, authentication server, and encrypted connection depends on cryptographic algorithms to verify identity, protect subscriber data, and secure communication between network components. If those algorithms are compromised, attackers could impersonate legitimate users, intercept or alter data, and disrupt the integrity of mobile networks. The risk extends well beyond consumer communications too, affecting enterprises, IoT deployments, and government systems that rely on the same cryptographic foundations.
The immediate risk: “Harvest now, decrypt later”
While Q-Day itself remains in the future, the threat it represents is already active. Adversaries today are capturing and archiving encrypted communications with the expectation that they can be decrypted once quantum computing matures — a tactic known as “harvest now, decrypt later.” It’s a long-game strategy that turns time into a weapon: even if current encryption holds for years, the information stolen today could be exposed the moment quantum decryption becomes viable.
For MNOs, that means sensitive subscriber data, enterprise traffic, and even signaling information traversing mobile networks may already be at risk. Information intercepted now could reveal network configurations, authentication keys, or confidential communications once decrypted in the future. Even metadata around who connected, how, and when, can become valuable intelligence when combined with decrypted content later.
Beyond consumers, a successful harvest-now campaign could expose corporate trade secrets, compromise national-security data, or reveal long-term behavioral patterns across connected devices. And, the scale of mobile networks makes them a particularly attractive target for adversaries aiming to build large repositories of encrypted material for future exploitation.
Compounding the problem is the longevity of data. Many mobile network functions and enterprise applications store encrypted records for years due to compliance, auditing, or operational requirements. This extended retention period effectively guarantees that some of the information being transmitted and stored today will still exist, and remain valuable, when quantum decryption becomes possible.
How the industry is planning ahead
The good news is that the telecom industry isn’t waiting for Q-Day to arrive. Across global standards bodies and operator alliances, work is already underway to prepare for a world where Q-Day has already happened.
For example, the GSMA’s Post-Quantum Telco Network Taskforce is leading the charge by defining how MNOs can protect networks and data from future quantum attacks. Its focus includes assessing where current encryption is most exposed, developing guidelines for quantum-safe key management, and helping operators integrate new algorithms into live networks without disrupting existing services.
3GPP is also working on ways to mitigate risk. The organization has begun incorporating post-quantum cryptography into its roadmap for upcoming 5G and 6G releases. Early testing focuses on integrating PQC algorithms into authentication, key exchange, and signaling procedures. These updates are essential to ensure that mobile networks remain secure from the access layer through to the core as quantum capabilities advance.
Industry collaboration is a critical part of this effort. The GSMA and 3GPP are bringing together MNOs, vendors, and researchers to test potential algorithms, evaluate performance impacts, and ensure interoperability across different systems. The goal is not just to find encryption that resists quantum attacks but to make sure it works efficiently in real-world networks where latency, power, and hardware constraints all matter.
Steps MNOs can take now
Preparing for Q-Day doesn’t have to wait. There are actual steps that MNOs can take today to safeguard data now, and in turn, in the future. Here are some of those steps.
- Assess and inventory cryptographic dependencies: Map out where vulnerable algorithms like RSA and ECC are used across network functions, APIs, and subscriber systems. A full inventory creates the foundation for any migration plan.
- Implement crypto agility: Design systems that can switch encryption methods without major rework. Hybrid approaches using both classical and post-quantum cryptography can provide protection during the transition period.
- Engage in standards and testing: Participate in GSMA and 3GPP working groups and test PQC algorithms in lab environments. Early experimentation helps reveal performance trade-offs before deployment.
- Collaborate with vendors and partners: Require clear quantum-safe roadmaps from suppliers. Ensuring device, SIM, and network alignment will make the broader shift to PQC smoother and more consistent.
Conclusion: Preparation is key
Q-Day may still be years away, but preparation can’t wait. The data being transmitted and stored across mobile networks today could be exposed in the future if action isn’t taken now. For MNOs, the shift to post-quantum cryptography could help define long-term trust in global communications. Those who start early, test quantum-safe solutions, and align with industry standards will be best positioned to protect their networks, customers, and reputation when the quantum era finally arrives.
Sponsored by
Quantum vs. post-quantum: two paths to future-proof network security
Christian de Looper
November 3rd, 2025
As we head towards a world where quantum computing is a reality, the security techniques that have underpinned data security thus far are under threat. Encryption methods that have protected global communications for decades could soon be undermined by quantum processors with far improved capabilities. To prepare, researchers and network operators are exploring not only how we’ll secure communications in the future, but also how we should secure them now in preparation for that future.
Two fundamentally different approaches are emerging to protect networks against quantum-era threats: quantum key distribution (QKD) and post-quantum cryptography (PQC). Future-proofing isn’t optional. Adversaries can capture sensitive traffic today and decrypt it later once quantum capabilities mature—a “harvest-now, decrypt-later” risk that matters for data with long confidentiality lifetimes. The question for operators isn’t which approach wins outright, but where each fits into the equation.
Here’s a look at the different approaches to future-proofing networks.
Quantum Key Distribution (QKD)
Quantum key distribution, or QKD, is a way to exchange encryption keys using the fundamental properties of quantum physics rather than relying on complex math. Instead of sending keys through purely digital means, QKD encodes them into quantum particles (usually photons) whose behavior changes when observed. This means that any attempt to intercept or measure those particles immediately reveals the presence of an eavesdropper.
In practice, QKD protocols such as BB84 or entanglement-based systems establish symmetric keys that both endpoints can trust as uncompromised. After verifying and correcting errors, the two sides end up with identical keys that can be used with conventional symmetric encryption algorithms like AES.
QKD’s strengths are clear at the high-assurance end of the spectrum. When properly implemented, it can provide mathematically provable secrecy for the key exchange itself. Satellite-based experiments have even demonstrated QKD across continents, showing how it might one day deliver ultra-secure keys between nations or global data centers.
Real-world pilots are already exploring this in critical environments such as energy grids and national defense networks. Utilities with existing dark fiber links between substations, for example, are testing QKD as a physics-enforced key source for their most sensitive control links.
However, QKD’s practical challenges remain significant. It requires specialized optical hardware, dedicated fiber or free-space links, and precise system calibration. It also still relies on classical authentication, typically digital signatures or pre-shared keys, to prevent man-in-the-middle attacks. For now, that means that QKD is best suited to highly specialized or valuable links, like in government and defense.
Post-Quantum Cryptography (PQC)
Post-Quantum Cryptography replaces older public-key systems like RSA and ECC, which can be broken by quantum computers, with new methods designed to resist both today’s and tomorrow’s attacks. In August 2024, NIST finalized three main standards:
- ML-KEM: Based on CRYSTALS-Kyber, for secure key exchange
- ML-DSA: Based on CRYSTALS-Dilithium, for digital signatures
- SLH-DSA: A hash-based signature derived from SPHINCS+ for added safety
In March 2025, NIST also approved HQC (Hamming Quasi-Cyclic) as a backup option.
These algorithms can be integrated into existing internet protocols like TLS, IPsec, QUIC, and 5G networks, allowing organizations to strengthen security through software or firmware updates without replacing their hardware.
For carriers and cloud providers, PQC has practical benefits. It works on existing processors and network cards, fits into current key and certificate systems, and supports “algorithm agility,” the ability to switch to new standards as needed. Although the new keys and signatures are larger than today’s elliptic-curve ones, improvements in software and hardware acceleration are helping reduce the performance impact.
PQC is also proving essential in emerging domains like 6G non-terrestrial networks (NTNs), where space-based and terrestrial systems must exchange keys and authenticate securely across vast distances. Unlike QKD, PQC algorithms can run over conventional IPsec or TLS channels, making them ideal for securing satellite backhaul, cloud workloads, and mobile control planes.
There are still challenges. PQC security depends on mathematical assumptions rather than physical laws, so it must be continually tested and refined. The larger data sizes can slightly slow down network handshakes and use more bandwidth, especially on small devices. Implementations also need protection against side-channel attacks, just like traditional cryptography.
Even with these hurdles, cybersecurity agencies and NIST agree that organizations should start identifying where they use vulnerable algorithms, experiment with hybrid systems that mix classical and post-quantum methods, and plan to adopt PQC as vendor support and standards mature.
Hybrid Approaches
In practice, the most secure designs will combine the two. Operators might deploy PQC key exchange in their data plane traffic, while using QKD to inject high-assurance keys into specific inter–data center trunks or network control channels. Some early 6G and critical-infrastructure pilots are already experimenting with this layered model, combining QKD’s tamper detection with PQC’s scalability.
Benefits include stronger layered security, easier long-term upgrades, and greater reliability for critical systems. The main challenges lie in integration — managing encryption keys from different sources, optimizing performance for larger PQC keys and signatures, ensuring compatibility between vendors, and updating monitoring and verification tools. Crypto agility, however, is key. It will remain important to build networks that can switch algorithms, update trust systems, and combine different key sources without causing downtime or service issues.
Post-Quantum Cryptography (PQC) and Quantum Key Distribution (QKD) tackle different sides of the same challenge, and they’re more complementary than competitive. PQC will secure most digital connections, including consumer devices, enterprise systems, cloud platforms, and mobile networks, because it works with the infrastructure already in place. QKD, on the other hand, will protect the most sensitive environments, like government, defense, central banks, or select telecom backbones, where using fiber or satellite links with built-in tamper detection makes sense.
Over time, these technologies will settle into a shared framework. PQC will handle scalable authentication and key exchange across diverse networks, while QKD will inject ultra-secure symmetric keys into select parts of those networks. For actual data encryption, symmetric algorithms such as AES-GCM will remain the standard, regardless of how their keys are generated—whether from PQC, QKD, or both. Industry groups and standards organizations, including NIST, IETF, ETSI/ITU-T, and GSMA/3GPP, are already working toward compatible frameworks that make this coexistence practical, with flexible algorithms and strong key management as the foundation.
Conclusion
There won’t be a single technology that guarantees future-proof security. PQC provides scalable, immediate protection against quantum threats for most services, while QKD delivers the highest level of assurance for the few places that truly need it. For most organizations, the smart approach is to start with PQC, use hybrid systems when necessary, and reserve QKD for the most critical links.
The focus now should be on taking practical steps: catalog existing cryptography, begin testing hybrid systems, modernize PKI, and evaluate QKD where it offers clear benefits. With this approach, networks can stay agile, secure, and ready for the quantum era—without sacrificing speed, performance, or scale along the way.
Sponsored by
How to build quantum-safe 5G and 6G networks
Christian de Looper
November 3rd, 2025
Quantum computing could bring with it major breakthroughs in medicine, research, and more. It also threatens the cryptographic bedrock of today’s internet and mobile systems. Algorithms like RSA and elliptic-curve cryptography (ECC) underpin TLS, VPNs, SIM authentication, and the key exchanges that secure 5G core and transport, but a quantum computer could break those systems, putting long-lived credentials, recorded traffic, and critical infrastructure at risk.
Building quantum-safe 5G and 6G is not as simple as swapping out one cipher for another. It means re-architecting much of the chain. But, there are new cryptography technologies emerging that could help safeguard entire networks against these upcoming threats.
Physical security with Quantum Key Distribution
QKD secures key exchange by encoding information in quantum states — typically single photons. That means any interception attempt disturbs the signal and reveals itself. Rather than protecting data traffic directly, QKD delivers shared, symmetric keys with built-in eavesdropping detection that can then be used by classical encryption systems.
Standards bodies are shaping how this gets deployed. ETSI’s Industry Specification Group for QKD (ISG-QKD) define the components of the system, like quantum transmitters and receivers, trusted nodes, key management layers, and interfaces that connect QKD equipment to the rest of the security stack. ITU-T complements this with its Y.3800-series frameworks for hybrid QKD/classical networks and interworking between QKD key managers and conventional crypto systems.
There are still some practical constraints though. QKD works best over dedicated dark fiber or managed photonic paths where loss, noise, and latency can be tightly controlled. Satellite links, for example, extend reach but add complexity. That’s why early deployments cluster in government, defense, and financial sectors. In mobile networks, things like inter–data center connections, telco cloud infrastructure, and so on, are natural first targets.
The big integration challenge is putting it all together. QKD’s keys must feed into existing key management systems (KMS), hardware security modules, and transport layers like IPsec, MACsec, or TLS without breaking automation or scalability. ETSI and ITU-T specifications are converging on APIs that let operators treat QKD as a tier of entropy—another source of keys that can be pooled, audited, and distributed.
Cryptographic core with Post-Quantum Algorithms
Much of the 5G ecosystem depends on public-key cryptography, which is exactly why PQC matters so much. Quantum attacks like Shor’s algorithm render RSA and ECC unsafe, so replacing those primitives is essential for long-term confidentiality and integrity.
After an eight-year global competition, NIST published the first set of quantum-resistant standards. CRYSTALS-Kyber, a key encapsulation mechanism, is standardized as FIPS 203 (ML-KEM). CRYSTALS-Dilithium, a lattice-based digital signature, is FIPS 204 (ML-DSA). FALCON, another lattice-based signature scheme optimized for compact signatures and efficient verification, is standardized as FIPS 206 (MLS-DSA). Additional schemes, including candidates optimized for constrained devices and specialized use cases, will follow in subsequent rounds.
Migration is as much an operational challenge as a cryptographic one. Operators and vendors are being urged to build crypto-agility, which is the ability to rotate keys and switch algorithms without overhauling entire systems. In mobile networks, that means bringing PQC into software-updatable components such as baseband firmware, eSIM and eUICC applets, control-plane functions (AMF, SMF, AUSF, UDM), and service meshes in the telco cloud. PQC can slot into 5G workflows at several points, by replacing ECIES-based SUCI protection for subscriber privacy, strengthening TLS and IPsec across transport and service-based interfaces, and updating certificate chains and signing services used for network functions and over-the-air updates.
Results have been encouraging. PQC often entails larger keys and signatures, expressed in kilobytes rather than tens of bytes. However, early benchmarks across base stations, cores, and edge clouds show these overheads are acceptable for 5G/6G workloads, especially when applied to things like control-plane interactions and session setup rather than per-packet data paths.
3GPP’s role
The biggest lift is mapping PQC into mobile’s moving parts without breaking mobility or latency guarantees. 3GPP’s security group, SA3, is conducting studies to embed quantum-resistant mechanisms into authentication, key management, and user-plane protection. Expect PQC to appear in 5G-Advanced specifications, then broaden in early 6G releases as devices, SIMs, and network functions gain native support.
The path forward seems to be a hybrid one. For example, use PQC at scale for device-to-network and function-to-function communications, where software updates can drive adoption quickly. And, reserve QKD for strategic backbones between core data centers, metro aggregation points, and inter-operator interconnects. A dynamic key management layer can then select the best source, whether it be classical entropy, PQC, or QKD.
The end goal is algorithm agility at network scale. That means abstracting crypto choices behind policy and orchestration, so a roaming user can move from a PQC-only cell to a hybrid backbone without renegotiation hiccups.
Governance, compliance, and ecosystem readiness
Vendors are already signaling where this is headed. Major RAN and core suppliers are embedding PQC into key-management stacks, certificate authorities, and firmware-update pipelines. Expect product roadmaps to advertise quantum-readiness profiles aligned with NIST algorithms and ETSI/ITU-T integration models, complete with operator-tunable policies for hybrid modes.
Devices and IoT endpoints are the long tail. Modems, SIMs/eSIMs, and embedded modules must support updated key-exchange protocols and larger PQC artifacts, often within tight power and memory budgets. Transitional designs will blend classical and PQC keys to maintain interoperability while the installed base turns over. For ultra-constrained sensors, upcoming lightweight PQC schemes and gateway-assisted termination will play an important role.
The good news is that regulators and industry groups are both moving forward. NIST’s FIPS standards provide the cryptographic baseline; ENISA, GSMA, and national authorities like the FCC are developing guidance on migration plans, certification, and supply-chain assurances.
Of course, it’s important to keep operational readiness front-of mind. “Harvest-now, decrypt-later” risks make data-classification and key-lifetime policies urgent, as today’s collected data could be decrypted down the line. Post-deployment, telemetry from cryptographic services, anomaly detection in key usage, and more, will be essential to ensure that “quantum-safe” stays safe as algorithms evolve, implementations mature, and attackers adapt.
Conclusions
Quantum-safe networking isn’t a single upgrade — it’s a layered transition. QKD will protect the most sensitive corridors where links can be tightly controlled, while PQC will fortify the scalable backbone spanning radios, cores, and clouds.
Thankfully, standards are aligning. NIST’s PQC algorithms, ETSI/ITU-T’s QKD frameworks, and 3GPP’s work on embedding PQC into mobile security are converging on an interoperable, hybrid approach. Next comes validating, at carrier scale, that these systems deliver their promised security without compromising performance or mobility.
Sponsored by
HED: Testing for the quantum era -- why validation is key to securing mobile networks
Christian de Looper
November 3rd, 2025
Telecom is entering a quantum-safety transition. The risks associated with quantum computing aren’t hypothetical anymore. Advances in quantum computing threaten today’s public-key cryptography, and “harvest now, decrypt later” tactics mean data intercepted today could be exposed in the future. The result? Operators and vendors are moving to quantum-safe security based on post-quantum cryptography (PQC), quantum key distribution (QKD), and hybrid approaches that combine classical and quantum safeguards.
But deployment isn’t quite enough. There’s one major step that comes after deployment — validation. Robust testing, monitoring, and cross-industry validation all help ensure mobile networks can deliver quantum-safe technologies.
Quantum-safe validation
The quantum threat landscape is well understood. Many widely used public-key schemes, like RSA and elliptic curve cryptography, are theoretically vulnerable to future quantum attacks. Even if large-scale quantum computers don’t arrive for years, adversaries can already capture encrypted traffic and store it for eventual decryption. That puts long-lived secrets in scope today, from subscriber data to critical control-plane signaling.
The good news is that standards for mitigating risks are maturing. NIST-selected PQC algorithms have already moved through the standardization process, and QKD specifications from groups such as ETSI and ITU-T are taking shape. Translating these into live, carrier-grade deployments, however, exposes new challenges — latency and jitter across service-based 5G cores, interoperability among multi-vendor network functions, and the need for crypto agility over long equipment lifecycles.
That is why validation matters so much. Testing goes beyond proving a cipher is mathematically sound. It verifies resilience under real traffic patterns, confirms interoperability across vendors and layers, and ensures scalability across nationwide footprints. In other words, validation closes the implementation gap between theoretical security and operational assurance.
Validating QKD, PQC, and hybrid architectures
QKD link validation starts at the physics layer. Operators need to verify photon transmission integrity, achievable key generation rates, and error correction performance across real fiber paths. That means testing over variable distances and under environmental stress. Quality metrics like error rates, detector performance, and synchronization accuracy can help determine whether keys arrive with sufficient throughput and reliability for higher-layer key management systems.
PQC algorithm testing is equally practical. Benchmarking against today’s TLS and IPsec baselines helps quantify performance overhead under carrier conditions. Operators should measure handshake sizes, CPU cycles, and memory footprints on constrained network elements. Because algorithms will evolve, it’s also important to validate crypto agility.
Many network operators are headed towards hybrid models. PQC protects against quantum attacks without new optical hardware, while QKD can add information-theoretic key exchange to critical links. In practice, that calls for testing how keys are provisioned, rotated, and consumed across crypto stacks; how traffic seamlessly fails over between quantum-secure and classical channels; and how management planes behave when the quantum channel degrades.
The optical layer
Quantum security begins in the optical domain. QKD rides on single-photon states and time-critical detection events, making the integrity of the optical layer highly important. Validating these links means characterizing attenuation across fibers and components, managing dispersion that can smear timing windows, and ensuring tight synchronization between endpoints. Photon detection accuracy, dark count rates, and timing jitter determine the usable key rate and ultimately the viability of a QKD service.
Real-world networks experience power drift, connector contamination, bends, and temperature fluctuations, all of which can erode quantum signal quality. This is where continuous monitoring, tied to automated alerting and rerouting policies, helps prevent silent key-rate deterioration that might not show up in classical telemetry.
Coexistence will remain one of the bigger integration challenges though. Operators increasingly seek to multiplex quantum and classical signals on shared fiber via wavelength-division multiplexing. That requires validating isolation, filtering, and launch powers to limit Raman scattering and other cross-channel noise. It also means proving QKD survivability through routine operations.
Digital twins: Simulating quantum-safe networks
Digital twins offer a low-risk way to rehearse the transition to quantum-safe networks. By building virtual replicas of networks, with realistic traffic profiles, device capabilities, and optical link characteristics, operators and vendors can trial PQC and QKD deployments before touching live infrastructure.
There are plenty of benefits to this:
- Predicting performance bottlenecks across control/user planes and optical segments, including the impact of PQC handshakes and QKD key availability on throughput and latency.
- Simulating quantum attacks or failures, such as increased error rates, detector faults, or fiber degradations, without risking service.
- Accelerating algorithm and architecture validation, from crypto-agile rollouts to hybrid key management workflows.
In practice, a digital twin can help an operator test hybrid security at a much larger scale. This could include modeling where QKD provides the most benefit on backbone and fronthaul links, validating fallback policies when quantum key rates drop, and stress-testing PQC configurations across multi-vendor 5G core functions. Vendors can also use the same environment to tune firmware and software stacks for PQC performance and to prove interoperability ahead of field trials.
The need for multi-vendor, neutral test labs
The ecosystem is fragmented by design. QKD systems vary by protocol, hardware implementation, and key management interfaces. PQC differs by algorithm, parameters, and software stacks. Network functions from different vendors implement cryptography in their own ways. Without neutral test labs, integration becomes much more of an experiment.
Neutral environments provide a common ground to validate interoperability and compliance too. They make it possible to certify that QKD modules talk to diverse key management systems, that PQC suites interoperate across devices and clouds, and that hybrid failover works predictably across optical and IP layers. Industry alliances play a big role here. Groups such as ETSI and GSMA are promoting test frameworks, profiles, and best practices so vendors and operators can converge on consistent implementations.
Shared testbeds could let participants pool equipment, fiber, and tooling to accelerate validation, while avoiding duplicating effort. And, as lessons roll back into specifications and open test suites, the whole industry will move faster.
Conclusion
Quantum-safe security isn’t plug-and-play — it demands a culture of validation. This includes testing QKD links in optical networks, benchmarking PQC under carrier-grade performance constraints, and proving that hybrid architectures fail over smoothly when conditions change. It also calls for continuous monitoring and collaborative, multi-vendor test environments so that standards translate into reliable operations.
The quantum era will be secure only if telecom prioritizes testing as much as innovation, by investing early in test frameworks, digital twins, and neutral labs. Doing so will future-proof mobile networks against quantum threats while preserving the performance and interoperability that subscribers depend on.