TRUST Seminar: Post Quantum Cryptography and AI (Online)
The Scottish Centre of Excellence in Digital Trust and DLT brings you the first of a series of seminars and conferences. In the first, we focus on Post Quantum Cryptography and AI.
Overall, public key cryptography provides the foundation of trust and security on the Internet. Unfortunately, Shor's algorithm breaks all of our existing public-key encryption methods, such as those used for key exchange and digital signatures. For this, NIST has defined that we need to migrate critical national infrastructure applications to a quantum-robust form by 2030, and for other applications by 2035. It is thus important for organisations to understand their migration strategy over the next few years. This event will present the state-of-the-art in the application of Post Quantum Cryptography and the integration of GenAI.
Agenda:
PANEL Discussion: The Quantum clock countdown to Y2Q
Quantum computers could allow malicious actors to break the security algorithms that currently protect most information and communication systems. This threat is both serious and urgent, with adversaries "harvest now, decrypt later" policy and state actors expected to achieve quantum computing capabilities within 5 years. In this session a panel of experts will introduce the potential scope and impact of these threats, compliance requirements, and the investment an preparation required for our near post-quantum future.
AI-Enabled Post-Quantum Cryptography Migration: Trust and Vulnerability Discovery in Crypto Wallets. Mark Tehrani, CyberSeQ.
Abstract: Artificial intelligence is reshaping software engineering, the job market, and even educational pathways. A key open question is whether we can trust AI in domains as critical as the migration to post-quantum cryptography (PQC). This talk explores the potential and limitations of AI-enabled PQC migration, examining its ability to identify cryptographic vulnerabilities and automate transition strategies. We will demonstrate how AI can assist in vulnerability discovery and migration planning, while also addressing the challenges of reliability, explainability, and risk in security-critical contexts.
AI-Powered Post Quantum Cryptography Risk Assessment (PQC-RA): Protecting Cryptographic Assets Against Quantum Risks, Mwarwan Abubakar, Acubed.IT
Abstract: The Post-Quantum Cryptography Risk Assessment (PQCRA) Tool is an AI-assisted framework that helps organisations identify, analyse, and prepare for cryptographic risks during the transition to post-quantum security. It automates the extraction and assessment of cryptographic assets from source code, PCAP files, and on-demand TLS/SSH live captures, producing a comprehensive Cryptographic Bill of Materials (CBOM). Using large language models (LLMs) for semantic analysis, PQCRA detects cryptographic libraries, algorithms, and key exchanges, highlights vulnerabilities and deprecated algorithms, and aligns findings with MITRE, CWE and NIST guidelines. A migration planner suggests post-quantum–ready and hybrid strategies. The tool’s dashboard guides users through indexing, CBOM generation, vulnerability scanning, and visualisation. Recent enhancements include support for both uploaded PCAP analysis and on-demand TLS/SSH live capture, enabling CBOM generation directly from active environments, a valuable feature for financial, government, and defence organisations. This innovation reduces manual effort in crypto-inventory and risk analysis, accelerating the journey toward quantum-safe security.
Evaluating PQC System and Networking Performance using the PQC-LEO Framework. Callum Turino.
Abstract: In addressing the quantum threat posed to public-key cryptography, significant progress continues to be made in the standardisation of PQC algorithms. NIST has now standardised several PQC schemes, with various alternative schemes still being reviewed. However, despite this progress, challenges remain in their practical deployment, particularly when considering their computational and networking performance requirements. This is particularly challenging in constrained environments such as IoT, where system resources and energy storage capacity are limited. To effectively assess the deployment requirements of PQC schemes across varying contexts, a robust evaluation framework is essential. To address this challenge, the PQC-LEO evaluation framework has been developed. The framework provides an automated method for assessing PQC and Hybrid-PQC algorithms across diverse system architectures and environments, utilising PQC implementation libraries standard throughout research. This presentation will outline its design and capabilities, and discuss the algorithmic performance results, highlighting their current implications for future research and PQC deployment.
Why Migrate, and Current and Future Standards for PQC?, Prof Bill Buchanan.
Abstract: Whilst NIST has standardised a number of methods for the migration towards quantum-robust methods, such as ML-KEM, ML-DSA and SLH-DSA, they are progressing a range of other alternative methods that will provide alternatives to the mainly lattice-based methods. This presentation will outline both current and future migrations for new standards.