Quantum-safe Digital Infrastructures: Technical Challenges and Solutions

As quantum computers become more powerful, existing cryptographic infrastructure faces an existential threat. RSA, elliptic curve cryptography, and Diffie-Hellman key exchange - the algorithms protecting most of today’s digital communications - are all broken by Shor’s algorithm on a sufficiently powerful quantum computer.

This course prepares technical professionals to lead the transition to quantum-safe digital systems. Where the governance course addresses policy and leadership, this course covers the technical depth: the cryptography, the infrastructure, and the migration engineering.

Suitable for IT professionals, security engineers, and infrastructure architects preparing organisations for the post-quantum era.

What you’ll learn

• How RSA and elliptic curve cryptography work conceptually and exactly why Shor’s algorithm breaks them - the mathematical structure that quantum period-finding exploits
• Why Grover’s algorithm weakens (but does not break) symmetric cryptography, and what key length increases this implies
• Post-quantum cryptography: the mathematical hard problems believed to be resistant to quantum attacks - lattice problems (Learning With Errors), hash functions, error-correcting codes, and isogenies
• NIST post-quantum standards: ML-KEM (CRYSTALS-Kyber) for key encapsulation, ML-DSA (CRYSTALS-Dilithium) and SLH-DSA (SPHINCS+) for digital signatures
• Why these algorithms are believed to be quantum-resistant and what their security assumptions rest on
• Public key infrastructure (PKI) and certificate management: how current trust hierarchies work and what post-quantum migration means for certificate lifetimes, chain lengths, and algorithm agility
• TLS and application-layer protocols: where cryptographic algorithms sit in network stacks and how post-quantum migration affects handshakes and performance
• SSH, VPNs, and other critical protocols: what migration means for each
• Hybrid security architectures: combining classical and post-quantum algorithms during the transition period to maintain security against both classical and quantum attackers simultaneously
• Cryptographic inventory and dependency mapping: how to identify every system that uses at-risk algorithms
• Phased migration strategies: how to plan a realistic, prioritised transition without disrupting services

Course structure

The course runs at four to five hours per week. It assumes cryptographic literacy and moves directly into technical depth.

The opening module covers the cryptographic threat precisely: which algorithms are broken by Shor’s, which are weakened by Grover’s, and which (symmetric, hash-based) remain quantum-resistant with appropriate key lengths.

The post-quantum algorithms module covers the mathematical ideas behind NIST’s selected algorithms: Learning With Errors as the lattice problem underlying ML-KEM and ML-DSA, hash functions as the foundation of SLH-DSA, and why these problems are believed hard for quantum computers. You do not need to implement these algorithms but you need to understand their security claims.

The infrastructure module covers PKI, certificate chains, and the operational complexity of managing cryptographic transitions at scale: certificate lifetimes, algorithm agility in X.509, and the challenges of migrating root CAs.

Hybrid architectures receive dedicated coverage: the dual-algorithm approach during the transition period and how to implement it in TLS.

The migration planning module covers cryptographic inventory, dependency mapping, prioritisation frameworks, and realistic timelines.

Who is this for?

• Security engineers and cryptographers planning or executing post-quantum migrations
• PKI administrators and infrastructure architects assessing quantum-safe readiness
• Software developers who implement cryptographic protocols and need to understand post-quantum replacements
• Technical leaders who need to evaluate vendor claims about quantum-safe products
• Network engineers planning TLS migration for critical infrastructure

Prerequisites

A solid understanding of classical cryptography is required: you should understand how RSA and elliptic curve key exchange work conceptually, what a certificate authority does, and how TLS handshakes use asymmetric cryptography. Experience with PKI management, TLS configuration, or network security engineering is valuable. No quantum mechanics or quantum computing background is needed - the quantum threat is explained from first principles.

Hands-on practice

Exercises include:

• Analysing cryptographic inventories for fictional organisations and identifying priority migration targets
• Evaluating the quantum-safety of specific TLS configurations and protocol choices
• Working through hybrid key encapsulation examples combining ECDH and ML-KEM
• Reviewing NIST post-quantum standard specifications to understand algorithm parameters and security levels
• Developing migration checklists for specific infrastructure components

The course does not include implementation programming but engages with technical specifications at a level of detail that practitioners can use directly.

Why take this course?

Post-quantum cryptography migration is one of the most significant infrastructure challenges of the next decade. NIST finalised its first post-quantum standards in 2024. Major technology vendors (Google, Apple, Cloudflare, Amazon) are shipping post-quantum support in their products now. Regulated industries are beginning to face quantum-safe requirements from government guidance.

Technical professionals who understand post-quantum cryptography deeply - not just at a vocabulary level - will lead these migrations. This course provides that understanding with the credibility of Delft University of Technology. The governance course covers the policy and leadership dimensions; together they form the most complete quantum-safe transition curriculum available online.