PQ-REACT achievements: Our halfway journey

PQ-REACT M18 achievements: Our halfway journey

We are welcoming you to our Quantum journey through the PQ-REACT project.

PQ-REACT aims to design, develop and validate a framework for a faster and smoother transition from classical to post-quantum cryptography. Our work will be delivered in thirty-six months, but significant progress has been made during the first half of the project’s duration.

“Algorithms are the campfires around which we tell our stories.” (unknown)

Let us unfold our halfway story.

Work Package 2: PQC Architectures, Tools, and Interfaces led by INDRA, has been monitoring the NIST Post-Quantum Cryptography standardisation process. Focusing on the Digital Signatures candidates, the primary target was to draw a clear view of the candidate and standardised algorithms properties: underlying PQC schema properties (LWE, Code Based, Multivariate, Hash-Based), security considerations, implementation difficulties, key sizes, performance impact, etc. Extracted by this, a first analysis of the migration paths has been executed, considering the different scenarios proposed in the project’s Use Cases. Each Use Case involves different security requirements and different boundary conditions, hence, different migration paths and different applicability considerations have been concluded.

Additionally, the impact of the PQC standardisation process in other international Standardization Organizations (IETF, ETSI, ITU and NIST’s National Cybersecurity Center of Excellence) and National Bodies (Germany’s BDI, Spain’s CCN, etc…) has been monitored, mainly focusing on the analysis performed by these bodies on the PQC candidates, and the provided PQC migration guidance. One of the conclusions from these alternative standardisation efforts is the remaining interest in some of the most conservative PQC candidates (e.g., FrodoKEM or McElice as alternative key establishment schemas). Beyond the sheer standardisation effort, another objective has been the availability of PQC Digital Signature implementations, both in SW libraries and Hardware Security Modules. Performing a first survey of libraries and HSMs supporting PQC algorithms, initially centred on the algorithms’ availability, the respective deliverable offers a clear picture of the PQC ecosystem (e.g., supported programming languages or HSM interfaces).

Work Package 3, Benchmarking PQC algorithms led by Fraunhofer FOKUS, implemented several quantum algorithms that can be used to break cryptosystems such as RSA or Elliptic curve cryptography (ECC). In this context, an efficient implementation of Shor’s algorithm was created. A tutorial for its usage can be found on the Qrisp homepage: Exploring Shor’s algorithm — documentation. Qrisp is a Python-based framework developed by FOKUS. It can be used to program gate-based quantum algorithms. In addition to that, quantum solvers for discrete optimisation problems, such as the short vector problem (SVP), were implemented using Qrisp. An example of such an algorithm is the Quantum approximate optimisation algorithm (QAOA): QAOA implementation and QAOAProblem — documentation. An efficient solver for SVPs can be used to attack lattice-based encryption systems. Such systems are described in the NIST report FIPS 203. To improve Qrisp, the development of a new compilation infrastructure was initiated. This is achieved using the JAX library, which was originally developed for machine learning. JAX generates an intermediate representation called jaxpr, which can be compiled for various architectures. Preparing Qrisp code for JAX, a Jasp module is developed to provide new JAX primitives for Qrisp. This enables the creation of an intermediate representation for Qrisp code called jaspr. The intermediate representation is the starting point for using advanced compilation tools such as the Catalyst framework. By this, larger circuits for gate-based algorithms can be compiled. The work done in the context of Qrisp was the basis for a series of papers and conference contributions.

Work Package 4, Pilot Demonstrators led by Telefonica, mainly focused on specifying and designing the execution of the three different pilots envisioned in the project to demonstrate the project’s transition capacities. This includes the specific requirements, algorithms in use, transition strategies to follow, and metrics and Key Performance Indicators (KPI) needed to obtain conclusions and recommendations.

The First Pilot, Advancing Smart Grid Security with Post-Quantum Cryptography, works on integrating PQC to enhance security in Smart Grid deployments. The pilot is centred on digital signatures in Smart Grid deployments, specifically for securing the firmware (FW) update process of meters. Currently, this process is protected using Elliptic Curve Digital Signatures (ECDSA), which are well-suited for environments with limited processing capacity, bandwidth, and secure storage due to their efficiency in terms of CPU usage and smaller key sizes but need to be changed to address the risk of Quantum Computers being able to break the security of classic cryptography. The pilot will evaluate these transition challenges due to the limitations of Smart Grid environments and the characteristics of PQC algorithms, such as larger key and signature sizes and higher CPU consumption. The Second Pilot, Quantum-Safe in 5G networks, aims to enhance the security of 5G and future networks in response to the growing threats posed by quantum computing. It focuses on integrating Quantum Key Distribution (QKD) and PQC into existing 5G infrastructure to secure communications between access nodes (i.e., 5G antennas) and the network 5G Core. This connectivity should be protected as specified by standards and good security practices. The technology used to provide the security is IPsec protocol. Internet Key Exchange (IKE) is one of the protocols used by IPsec, and it is vulnerable to quantum attacks because of the use of certificates and key exchange algorithms based on Elliptic Curve Cryptography (ECC). The pilot evaluates the performance of QKD and PQC and compares it to current cryptographic methods.

The third pilot, Quantum Resistant Distributed Ledger for E2E Network Services, evaluates how to enable secure and efficient end-to-end (E2E) network slicing for tailored connectivity services across multiple administrative network domains to ensure seamless service delivery despite the quantum threats. One of the key enablers needed is the use of Distributed Ledger Technologies (DLTs), and the pilot evaluates how to address those threats on this technology, developing Quantum-Resistant Ledgers (QRLs) that integrate PQC with DLT.

Work Package 5, Open call management and improvement of the pilots led by Sploro, aimed to attract and evaluate applicants and independent evaluators through separate open calls. The necessary documentation, including guidelines, a technical annex, and a structured application form, was developed to ensure transparency, fairness, and alignment with project objectives. The application form was managed on the Sploro platform for streamlined submissions. Weekly statistical updates were provided to the consortium, enabling data-driven decision-making. After the submission deadline, eligibility checks were conducted, evaluators were selected based on predefined criteria, and applications were assessed according to project goals. Two evaluators were assigned to each application: one with a technical background and the other with a business-oriented perspective. Following evaluations, scores were normalised, candidates aligned with project goals were pre-selected, and legal validation was carried out to ensure compliance. Finally, five finalists were selected and invited to sign sub-grantee agreements for the next project phase.

Work Package 6, Technology, legal analysis and implementation led by Scuola Superiore Sant’Anna, focuses on the legal analysis of the transition to post-quantum cryptography (PQC). Initially, discussions with partners identified key legal issues related to cryptography and the risks deriving from quantum computing capabilities. An awareness webinar was held in November 2023, “Legality attentive personal data secondary uses in the digital and post-quantum cryptography”, jointly with two other projects (PQ-REACT, BRIEF and LeADS joint Webinar), about the importance of the protection of data in the project and as an application field of the project itself.

In the first year, two tasks began. For Task 6.1 (Analysis of the main legal issues impacting PQC), an identification of the key sectors whereby cryptographic solutions are either explicitly or implicitly addressed by legislators was implemented and then a collection of the pertinent legal provisions in synthetic sheets was made. A preliminary mapping of the relevant legal provisions was required to unveil legal gaps, uncertainties and constraints in line with the legal analysis pursued. It was observed to be a frequent resort to technical standards. This observation has generated the opportunity to investigate the normative nature of technical standards and the relationship between them and the existing legal provisions and frameworks. Task 6.2 (Specific insights in data protection and digital health) expanded Task 6.1, focusing on data protection and health applications.

The project’s legal team has published an article in a law journal and an article in an engineering review with other PQ-REACT partners. The first release of a living report due under D6.1, containing a provisional analysis of the main legal issues impacting PQC conducted while papers have been accepted to ITASEC 2025. One is authored by Federica Casarosa and Giovanni Comandé, “Reporting potential vulnerabilities: a plea for coordination,” and deals with cybersecurity issues.

Also, a “Proportional Approach to Cybersecurity Challenges in the Financial Sector: Ideas from Post-Quantum Cryptography Legal Analysis”, authored by Maria Gagliardi and Chiara D’Elia which is more focused on some first results of the project. Both were presented in a technical panel on February 4th. PhD students were also involved in sharing ideas and conducting research activities.

Work Package 7, Dissemination, Communication and Exploitation led by AUSTRALO, with the Hellenic Mediterranean University as the Exploitation leader and Telefonica as Standardisation leader, has played a pivotal role in amplifying the project’s progress. All PQ-REACT partners have invested a lot of effort in the first 18 months to ensure that the exciting work carried out by the scientific partners is well-promoted, all the PQ-REACT stakeholders are aware of what is happening in the project, and all the potential candidates to our Open calls were scouted and informed. In addition, a significant part of WP7’s job was to make the results open to everyone interested, in line with the open science principles. To achieve this critical objective, our technical partners worked on 13 scientific publications and participated in 21 between events, workshops and conferences. With an online community composed of more than 1100 followers, WP7 was able to reach a wide range of stakeholders, not just to promote the advancements of the project but also to promote the first Open Call, launched by WP5 in August 2024. Now that OC#1 is closed and the winners selected, the WP7 effort is dedicated to promoting them and their work with a series of social media posts and interviews.

Collaboration is key.

In April 2024, PQ-REACT and QUBIP Horizon EU projects joined forces, establishing the SPQR (Secure Post-Quantum eRa) cluster. Together, we organised the first workshop on Quantum-Secure Networks and Systems – QSNS2024 – which took place on June 26, 2024, in Paris, France. Our colleagues from Fraunhofer presented their paper “Resilience of Lattice-Based Cryptosystems to Quantum Attacks”, which was published soon as conference proceedings. But our collaboration is continuing! The second edition of QSNS joint workshops is already confirmed! In addition to this, a joint event will be organised this summer.

Beyond Dissemination and Communication.

During the first 18 months of the PQ-REACT project, significant progress has been made regarding assessing and advancing the project’s Key Exploitable Results (KERs). To guide the exploitation and impact assessment activities effectively, PQ-REACT adopted a structured methodological framework designed to systematically assess, develop, and implement exploitation strategies for each KER (where applicable) while ensuring alignment with market needs and research continuity. The framework consists of 4 (four) distinct key phases, each addressing a different aspect of the exploitation process, namely: i) Identification of KERs, ii) Intellectual Property Rights (IPR) Analysis, iii) Identification and Analysis of Exploitation Pathways, and iv) Business Models and Market Analysis. This work led to the development of D7.3 (M18 interim report), driven by extensive research, analysis, and collaboration with the consortium partners responsible for the KERs. The insights collected from this process will lay the foundation for future refinement of the exploitation strategies depicted in the final version of the deliverable D7.3 (M36). More information regarding the exploitation activities and preliminary findings can be found in D7.3 (M18 interim report).

What is next?

Looking ahead, PQ-REACT partners will begin deploying specific scenarios, applications, and tools to assess key metrics, paving the way for upcoming measurement campaigns. Collaboration with the first phase of Open Call winners will help identify technological synergies and explore pilot implementations. Building on this momentum, preparations for Open Call 2 are underway. By refining guidelines based on lessons learned from Open Call 1, we aim to ensure consistency, efficiency, and alignment with the evolving needs of the project, continuing to support its broader objectives.
The next steps involve a continued focus on the standardisation of Falcon, particularly addressing the challenges in its implementation, especially in low-resource environments. As part of the ongoing NIST standardisation efforts, the “Additional Digital Signature Schemes” concourse is progressing into its second round, with 14 candidates selected from the initial round. This will drive the exploration of alternative digital signature schemes based on different underlying frameworks. Further work will center on the availability and performance of PQC algorithms, both in hardware and software, while addressing security concerns like side-channel risks and optimising performance with new hardware.
And, of course, we will continue to spread the word about our quantum journey through our dissemination and communication activities!




This project has received funding from the European Union’s Horizon Europe research and innovation programme under grant agreement N° 101119547. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or European Union’s Horizon Europe research and innovation programme. Neither the European Union nor the granting authority can be held responsible for them.

  • Privacy Policy
  • Terms Of Use

©pqreact. All rights reserved

FOLLOW US!