​Background

​The Scottish Digital Trust Centre of Excellence brings you the first of a series of seminars and conferences:

​Public key cryptography provides the foundation of trust and security on the Internet. But quantum computers with Shor's algorithm may break all of our existing public-key encryption methods, such as those used for key exchange and digital signatures.

​Although current cryptography is safe today, the transition to quantum safe algorithms will take many years. Already NIST has defined that we need to migrate critical national infrastructure applications to a quantum-robust by 2030. Organisations must accelerate their cryptography hygiene and implement migration strategy over the next few years.

​This event features world-renowned speakers including Daniel J. Bernstein. We will present the state-of-the-art in the application of Post Quantum Cryptography and the integration of GenAI – including keynotes from 2 world-leading experts and contribution from leading SMEs and researchers in the field.

​Programme (exact timings TBC)

​13:00 World-renowned speaker TBC

​Join us for the opening keynote from a leading voice in quantum technologies.

​14:00 Panel Discussion: The Quantum clock countdown to Y2Q

​Peter Ferry, CEO Digital Trust Centre of Excellence

​Amit Gupta, Founder and CEO ACubed.IT

​Mark (Madjid) Tehrani, Founder CyberSeQ

​In the late 90’s Y2k was a computer date bug which caused widespread fear that computers would crash and our systems would be unsafe – but massive global remediation efforts largely avoided catastrophic failures. The advent of Quantum computers is a similar event horizon  - threatening disruption and dangers as security algorithms that currently protect most information and communication systems are defeated. This threat is both serious and urgent, with adversaries' "harvest now, decrypt later" policy and quantum computing capabilities available in the near to medium term.

​In this session a panel of experts will introduce the potential scope and impact of these threats, compliance requirements, and the investment and preparation required for our near post-quantum future.

​14:30 Guest Talks

​AI-Enabled Post-Quantum Cryptography Migration: Trust and Vulnerability Discovery in Crypto Wallets

​Mark (Madjid) Tehrani, Founder CyberSeQ

​Artificial intelligence is reshaping software engineering, the job market, and even educational pathways. A key open question is whether we can trust AI in domains as critical as the migration to post-quantum cryptography (PQC).

​This talk explores the potential and limitations of AI-enabled PQC migration, examining its ability to identify cryptographic vulnerabilities and automate transition strategies. We will demonstrate how AI can assist in vulnerability discovery and migration planning, while also addressing the challenges of reliability, explainability, and risk in security-critical contexts.

​AI-Powered Post Quantum Cryptography Risk Assessment (PQC-RA):  Protecting Cryptographic Assets Against Quantum Risks

​Mwarwan Abubakar, Acubed.IT

​The Post-Quantum Cryptography Risk Assessment (PQCRA) Tool is an AI-assisted framework that helps organisations identify, analyse, and prepare for cryptographic risks during the transition to post-quantum security. It automates the extraction and assessment of cryptographic assets from source code, PCAP files, and on-demand TLS/SSH live captures, producing a comprehensive Cryptographic Bill of Materials (CBOM).  Using large language models (LLMs) for semantic analysis, PQCRA detects cryptographic libraries, algorithms, and key exchanges, highlights vulnerabilities and deprecated algorithms, and aligns findings with MITRE, CWE and NIST guidelines. A migration planner suggests post-quantum–ready and hybrid strategies.  The tool’s dashboard guides users through indexing, CBOM generation, vulnerability scanning, and visualisation. Recent enhancements include support for both uploaded PCAP analysis and on-demand TLS/SSH live capture, enabling CBOM generation directly from active environments, a valuable feature for financial, government, and defence organisations. This innovation reduces manual effort in crypto-inventory and risk analysis, accelerating the journey toward quantum-safe security.

​Evaluating PQC System and Networking Performance using the PQC-LEO Framework.

​Callum Turino, PhD Student in Post-Quantum Cryptography for Cellular Internet of Medical Things

​In addressing the quantum threat posed to public-key cryptography, significant progress continues to be made in the standardisation of PQC algorithms. NIST has now standardised several PQC schemes, with various alternative schemes still being reviewed. However, despite this progress, challenges remain in their practical deployment, particularly when considering their computational and networking performance requirements. This is particularly challenging in constrained environments such as IoT, where system resources and energy storage capacity are limited. To effectively assess the deployment requirements of PQC schemes across varying contexts, a robust evaluation framework is essential. To address this challenge, the PQC-LEO evaluation framework has been developed. The framework provides an automated method for assessing PQC and Hybrid-PQC algorithms across diverse system architectures and environments, utilising PQC implementation libraries standard throughout research. This presentation will outline its design and capabilities, and discuss the algorithmic performance results, highlighting their current implications for future research and PQC deployment.

​15:30 World-leader talk, Daniel J Bernstein. PQConnect: Automated post-quantum end-to-end tunnels

​Daniel J. Bernstein, World-renowned computer scientist, one of the most influential figures in modern cryptography and a pioneer in post-quantum security.

​PQConnect is a new post-quantum end-to-end tunneling protocol that automatically protects all packets between clients that have installed PQConnect and servers that have installed and configured PQConnect.

​Like VPNs, PQConnect does not require any changes to higher-level protocols and application software. PQConnect adds cryptographic protection to unencrypted applications, works in concert with existing pre-quantum applications to add post-quantum protection, and adds a second application-independent layer of defence to any applications that have begun to incorporate application-specific post-quantum protection.

​Unlike VPNs, PQConnect automatically creates end-to-end tunnels to any number of servers using automatic peer discovery, with no need for the client administrator to configure per-server information. Each server carries out a client-independent configuration step to publish an announcement that the server’s name accepts PQConnect connections. Any PQConnect client connecting to that name efficiently finds this announcement, automatically establishes a post-quantum point-to-point IP tunnel to the server, and routes traffic for that name through that tunnel.

​The foundation of security in PQConnect is the server’s long-term public key used to encrypt and authenticate all PQConnect packets. PQConnect makes a conservative choice of post-quantum KEM for this public key. PQConnect also uses a smaller post-quantum KEM for forward secrecy, and elliptic curves to ensure pre-quantum security even in the case of security failures in KEM design or KEM software. Security of the handshake component of PQConnect has been symbolically proven using Tamarin.

​This is joint work with Tanja Lange, Jonathan Levin, and Bo-Yin Yang.