IN Brief:
- US defence systems must transition towards approved post-quantum cryptography under a department-wide strategy.
- The plan combines governance, inventory, algorithm development, commercial integration, and equipment deployment.
- Embedded hardware, tactical radios, weapons, satellites, and long-life platforms may require redesign well before the deadline.
The US defence department has established a post-quantum cryptography strategy that places the quantum-computing threat directly inside weapons, communications, networks, factories, and supplier planning.
Five principal lines of effort cover governance, cryptographic inventory and migration planning, development and analysis of resistant algorithms and protocols, integration of approved commercial solutions, and deployment of quantum-resistant devices.
Department systems are expected to support post-quantum cryptography by the end of 2030 or enter a phase-out route, with broad use of the new protections required by the end of 2031. Particular products may follow separate schedules or approved exceptions, but programme teams must begin migration work well before the final deadlines.
Commercial software projects can change cryptographic libraries within relatively short cycles, whereas aircraft, ships, satellites, missiles, radios, sensors, and command systems may spend years in development before remaining in service for several decades.
Post-quantum cryptography replaces vulnerable public-key algorithms with mathematical approaches designed to resist attacks from both conventional computers and future cryptographically relevant quantum machines. The user does not require a quantum computer, but the hardware and software must support the new calculations, keys, message sizes, and protocols.
Finding the cryptography
A defence platform may contain obvious cryptographic functions in radios and data links, alongside less visible dependencies in software updates, maintenance laptops, identity systems, embedded controllers, diagnostic tools, secure boot processes, certificates, remote support, and supplier test equipment.
Programme teams must identify those dependencies before planning replacement. Older platforms may not possess a complete inventory, particularly where equipment has been upgraded through several contractors and software baselines.
Manufacturing environments introduce another layer. Production test stations authenticate software, engineering systems exchange controlled data, suppliers sign firmware, and factories connect equipment to digital quality and configuration records. Weak algorithms within that chain can undermine trust in a product before it reaches a military user.
New cryptography may require more processing power, memory, bandwidth, or electrical energy than previous algorithms. Modern servers can often absorb the overhead, but embedded devices designed around limited processors and batteries may require new hardware.
A processor change can affect circuit-board layouts, power demand, thermal management, software, electromagnetic compatibility, environmental testing, and certification. Replacing one library may be straightforward; replacing a flight-qualified processing module can become a multi-year engineering programme.
Crypto agility inside equipment
No algorithm should be expected to remain suitable throughout the life of a military platform. Systems need architectures that allow cryptographic functions to change without forcing complete redesigns across every connected device.
Hardware-rooted protection can provide stronger control, as demonstrated by dedicated cybersecurity technology being developed for ESA satellite communications. Such devices can improve assurance and performance, although they introduce lifecycle responsibilities around trusted fabrication, key provisioning, firmware updates, configuration management, and secure disposal.
Interoperability will be difficult during transition because allied forces, suppliers, and different US services cannot replace equipment simultaneously. Networks may need to support legacy and post-quantum protocols together, creating gateways and hybrid arrangements that increase complexity and attack surface.
The strategy also addresses the “harvest now, decrypt later” threat, in which encrypted traffic is collected today for possible exploitation when more capable computing becomes available. Information with a long intelligence life therefore requires stronger protection before a practical quantum attack emerges.
Defence suppliers handling design data, strategic information, software, or operational concepts face the same exposure. Migration cannot stop at government-owned networks, since contractors, laboratories, depots, cloud services, test houses, and specialist manufacturers all participate in the information chain.
Commercial products will supply much of the enabling technology because the defence department cannot build every router, processor, cryptographic library, and security appliance independently. Approved algorithms still require careful implementation, as sound mathematics can be weakened by poor software, side-channel leakage, incorrect key management, or insecure updates.
Testing capacity could become a constraint as laboratories seek additional tools, facilities, and trained personnel. Programme offices must also determine when commercial assurance evidence is sufficient and when mission-specific evaluation is required.
Equipment expected to remain in production or service after 2030 needs migration decisions during current design reviews and supplier negotiations. Waiting until the deadline approaches would leave long-life platforms dependent on rushed redesigns, temporary waivers, or unsupported legacy equipment.
The most difficult industrial task will not be selecting a new algorithm. It will be locating cryptography across thousands of systems, replacing it without breaking interoperability, and building enough agility to repeat the process when standards change again.


