Quantum-Ready Education: How academia should prepare the next generation for the post-quantum era

Quantum-Ready Education: How academia should prepare the next generation for the post-quantum era

Authors: Marcin Niemiec and Piotr Cholda, AGH University of Krakow The rapid progress in quantum computing is ushering in what’s often called the post-quantum era, a time when the power of quantum machines could fundamentally challenge the security assumptions behind today’s digital communication. While large-scale, fault-tolerant quantum computers are not yet a reality, the pace of research and investment makes one thing increasingly clear: their arrival does not have to be a distant possibility. The urgency of transitioning to post-quantum cryptography is further amplified by the “harvest now, decrypt later” threat model. In this scenario, adversaries collect encrypted data today with the expectation that it can be decrypted in the future, once quantum capabilities mature. This creates a pressing need to develop, standardise, and deploy quantum-resistant cryptographic solutions. In this landscape, academia has a pivotal role to play. Universities are not only at the forefront of research in quantum computing and post-quantum cryptography, but also responsible for preparing the next generation of professionals. These future engineers, researchers, and security experts will be tasked with designing and maintaining systems resilient to quantum threats. Ensuring they have the right knowledge and skills is essential for a smooth, secure transition into the post-quantum world.

The Skills Gap

Despite the growing awareness of quantum threats, a significant skills gap remains between what academia currently provides and what the evolving cybersecurity landscape demands. Many university curricula still focus heavily on classical cryptography and traditional computing paradigms, with limited integration of quantum-related topics. As a result, students often graduate without even a basic understanding of how quantum computing may impact security systems. Exposure to key areas such as post-quantum cryptography, quantum algorithms, and quantum key distribution is still far from standard in most programs. While these topics are sometimes available as advanced electives, they are rarely embedded in core courses. This creates a situation where only a small subset of students gain relevant knowledge, leaving the broader pool of graduates underprepared for the transition. At the same time, there is a growing need for practical security engineering skills in a quantum context. Understanding theoretical concepts is no longer sufficient: graduates must be able to implement and evaluate quantum-resistant algorithms in real-world systems. This includes dealing with performance tradeoffs, integration challenges, and potential vulnerabilities such as side-channel attacks. It is worth mentioning that addressing this gap also requires investment in educators. Many instructors were trained before quantum computing became a practical concern and may lack the background needed to confidently teach these emerging topics. Upskilling faculty through training programs, workshops, and collaboration with industry and research institutions is essential for meaningful curriculum reform. Meanwhile, industry demand for professionals with quantum and post-quantum expertise continues to grow. Organisations are beginning to assess their cryptographic infrastructure and prepare for future migration, but they face a limited talent pool. This mismatch between academic supply and industry demand highlights the urgency for universities to adapt, ensuring that graduates are not only aware of the coming changes, but also equipped to respond to them.

Curriculum Design

Addressing the emerging challenges of the post-quantum era requires a deliberate rethinking of how academic programs are structured. One of the most important steps is to introduce quantum-related concepts early in the educational journey. Introducing fundamental concepts of quantum computing and post-quantum cryptography at the undergraduate level allows students to gradually build awareness of upcoming technological shifts and better understand the context of more advanced topics later in their studies. This education should be consistently continued and deepened at the master’s level, where a more advanced and specialized approach is possible, covering both theoretical foundations and practical applications. Equally important is fostering interdisciplinary collaboration. The challenges posed by quantum technologies do not belong to a single field; rather, they sit at the intersection of computer science, mathematics, physics, and telecommunications. Designing curricula that encourage cross-disciplinary learning can help students develop a more holistic understanding. In this context, it is also important to engage academic staff specialised in each of these fields. This can be achieved through collaboration between faculties and institutes within a university. Universities should also consider creating specialised tracks or elective courses focused on quantum computing fundamentals and post-quantum cybersecurity. These offerings can provide deeper insight for students who wish to specialise, while still complementing broader degree programs. At the same time, post-quantum cryptography should not be confined to niche courses, it should be embedded in existing subjects such as cryptography, computer networks, and systems security. This ensures that all students gain at least a basic understanding of the topic. Finally, greater emphasis should be placed on hands-on learning and experimentation. Practical experience, such as implementing post-quantum algorithms, integrating them into network protocols and systems, and benchmarking their performance, allows students to move beyond theory and understand real-world constraints, even if these are group projects within existing courses. Such approaches not only strengthen technical competence but also better reflect the challenges graduates will face in practice.

The Case of AGH University

AGH University of Krakow illustrates how universities can move from abstract discussions about quantum risk to concrete, structured educational offerings. As part of the second-cycle Cybersecurity programme, AGH has introduced a compulsory master-level course dedicated specifically to post-quantum cryptography, positioned as a core subject directly linked to ongoing research projects, international collaboration and standardisation activities. This ensures that every graduate of the programme encounters quantum-related security challenges not as a niche curiosity, but as an integral element of their professional formation. The course is carefully designed to address both conceptual understanding and practical engineering skills. Positioned as an advanced module, it assumes prior completion of fundamental courses in classical cryptography, allowing students to approach post-quantum methods with a solid theoretical and practical background. On the theoretical side, students explore why new cryptographic methods are needed in the face of quantum algorithms, study the mathematical foundations of post-quantum schemes, and gain an overview of the main algorithmic families (including hash, module-, code- and isogeny-based) being developed and standardised worldwide. On the practical side, they implement selected post-quantum algorithms, analyse their security properties, and carry out basic cryptanalysis tasks, learning to interpret trade-offs between performance, security level, and deployment complexity. A distinctive feature of the AGH approach is the emphasis on hands-on, project-based learning. Beyond lectures and problem-solving classes, students work in project groups to select, implement, and integrate a post-quantum algorithm into a chosen application. They must define design assumptions, justify their choices, evaluate the achieved security (including from a cryptanalytic perspective), and publicly present and defend the results, mirroring real-world processes of technology selection, risk assessment, and stakeholder communication. This project format also develops teamwork, communication, and critical assessment skills that are essential for future security professionals. The course is explicitly anchored in current research activities of the faculty, including international projects and publications on post-quantum cryptography and quantum-based security solutions. Topics discussed in class are not limited to textbook constructions: they are informed by contemporary work on quantum attacks against public-key systems, the challenges of deploying quantum-resistant schemes at scale, and experimental implementations in networked environments. This tight coupling between teaching and research exposes students to cutting-edge developments and helps them understand how academic results translate into practical standards and products. From a pedagogical perspective, AGH leverages innovative teaching methods such as problem-based and project-based learning, case studies, and peer assessment, some of which were developed in dedicated educational innovation projects at the Faculty of Computer Science, Electronics and Telecommunications AGH. This modern didactic toolkit supports active learning and encourages students to independently explore emerging literature and standardisation documents related to post-quantum cryptography. As a result, graduates do not simply memorise individual algorithms; they learn how to navigate a rapidly evolving field, critically evaluate new proposals, and continuously update their knowledge. Importantly, the course also addresses the broader social and professional competencies required in the post-quantum era. Learning outcomes explicitly include the ability to explain the need for new cryptographic methods, to communicate the risks associated with continued reliance on classical schemes in the face of quantum progress, and to situate these issues within the wider context of cybersecurity trends and their impact on the economy and society. In this way, AGH prepares its students not only to implement quantum-resistant algorithms, but also to act as informed advocates and decision-makers who can guide organisations through the transition to post-quantum security.

Conclusion

Taken together, these elements show how a university can systematically embed post-quantum cryptography into its curriculum: as a mandatory, research-informed, practice-oriented component of a cybersecurity programme, supported by modern teaching methods and aligned with clearly defined learning outcomes. AGH’s experience demonstrates that closing the skills gap is not an abstract aspiration, but a concrete, achievable goal—provided that institutions commit to rethinking course content, pedagogy, and the integration of research and education. Academia can play a key role in shaping a secure post-quantum future.