Picture a machine that doesn’t just crunch numbers but shatters the very foundations of our digital trust, cracking encryption algorithms that have guarded our secrets for decades in mere moments. This isn’t science fiction. It’s the horizon we’re hurtling toward.
Yet, as quantum breakthroughs accelerate, the real urgency isn’t in the labs of Google or IBM. It’s in the boardrooms of banks, hospitals and utilities worldwide, where leaders must confront a stark reality: the countdown to quantum risk has already begun.
Amaanie Hakim, vice president of innovation and IP at IDEMIA Secure Transactions, cuts through the hype with a sobering clarity. “The threat posed by advances in quantum technologies to the cryptography that currently protects our data and transactions is already here,” she asserts in a recent interview with Deeptech Times. Below is the edited Q&A based on the conversation.
Quantum computers may still be on the horizon, but why do you believe the countdown clock to quantum risk has already started ticking for businesses today?
In just a few years, quantum computers have emerged as what could be one of the most transformative technologies in the years to come. In the field of cryptography, the emergence of these technologies is reshuffling the deck.
The major advantage of quantum computers lies in their ability to perform certain calculations at an incomparable speed compared to that of current computers. This will be very useful in certain fields, but it also comes with a risk: in the medium or long term, malicious actors could use it to break the algorithms and security protocols we have trusted for decades.
The threat posed by advances in quantum technologies to the cryptography that currently protects our data and transactions is already here. Enterprises and security professionals cannot afford to ignore this challenge, particularly because many devices deployed today, such as connected cars, smart meters or other IoT equipment, will remain in use for 10 to 15 years. These long-life assets must therefore be designed to either resist quantum threats from the outset or be upgradeable to post-quantum standards. Finding a solution is a responsibility for all players in the security industry.
Providers of critical services must begin the migration to post-quantum cryptography now, as transitioning an entire ecosystem to new technologies is a time-consuming process. It’s not just the algorithms that need to be updated, but protocols and various devices must also be adapted. The sooner this migration will be completed, the sooner the long-term security of infrastructures will be ensured. Most importantly, proactive migration to quantum-safe solutions is a critical business imperative now, not a distant task.
Sensitive data in sectors like finance or healthcare is meant to last decades. What kind of danger can be lurking if organisations wait too long to adopt quantum-safe protections?
For sectors like finance and healthcare, where sensitive data must be protected for decades to ensure regulatory compliance and public trust, waiting to adopt quantum-safe protections creates a significant hidden risk.
One of the main dangers is what experts call “harvest now, decrypt later”: attackers can steal encrypted data today and simply store it until quantum computers are powerful enough to break the encryption, exposing information that will still be sensitive years from now. Such delays in adopting quantum-safe measures create a severe security debt that could undermine trust and resilience in the long run.
When the time comes to finally migrate, it will be a rushed, complex and potentially disruptive process that could compromise critical operations. Moreover, a breach due to quantum-enabled attacks could result in severe reputational damage, financial penalties, and a loss of consumer confidence, which are far more difficult to recover from than a planned, early transition.
For close to 10 years, our cryptography experts have been actively working on adapting security for the post quantum era. We delivered the first quantum-safe smart card in 2019 and announced the first quantum-safe 5G SIM technology just two years later in 2021. Beyond embedded security, we are putting our expertise and knowledge at the service of our customers and of the ecosystem to anticipate as much as possible. In 2024, we demonstrated the first quantum-resistant offline CBDC transaction, and in 2025, demonstrated the world’s first crypto-agility solution for an IoT solution. We work closely with our clients to secure their end-to-end implementations and ensure the security of their data and networks are future ready.
Businesses dread disruption when upgrading security. How does IDEMIA Secure Transactions’ certified Sphere Cryptographic Library remove the pain points from going quantum-safe?
Our certified Sphere Cryptographic Library, launched in July this year, is designed to minimise disruption by prioritising ease of integration of new post-quantum algorithms. Certified by the NIST Cryptographic Algorithm Validation Programme (CAVP), this modular library supports both classical and post-quantum cryptographic algorithms, enabling organisations to enhance their cybersecurity, while preparing for their transition to the post-quantum era.
Most importantly, the library’s modular architecture enables seamless integration into both off-the-shelf and customised solutions, while clients benefit from out expert support and consulting services for smooth deployment and long-term maintenance.
IMAGE: IDEMIA
Can you share a concrete example of how an enterprise in APAC could integrate IDEMIA Secure Transactions’ modules into its existing systems without a major overhaul?
We’ve already demonstrated this with our post-quantum-ready and crypto-agile eSIM technology in partnership with Telefónica. By embedding a quantum-safe cryptographic library directly into the eSIM, we showed how the security of long-lifecycle devices, such as smart meters, can be remotely upgraded.
This means security protocols can be transitioned from classical to post-quantum cryptography entirely over the air, without the need for costly physical replacements. It’s a concrete example of how enterprises can integrate our modules into existing systems with minimal disruption while staying ahead of future threats, in APAC and beyond.
IDEMIA Secure Transactions talks about moving from embedded cryptography to white-box cryptography. What does that evolution look like in practice and why should organisations care now?
White-box cryptography is a strategic shift to protect keys in an increasingly complex digital landscape. Embedded cryptography traditionally secures keys in a tamper-resistant hardware element, a highly secure approach.
However, with the proliferation of software-only applications, and as we do not always have access to such a secure hardware element, a new method is needed. White-box cryptography protects the key by obscuring it within the software code itself, making it difficult for an attacker to extract, even in an insecure software environment. It is not about moving away from embedded cryptography; it is about having alternative options.
Our IDEMIA Sphere cybersecurity offer supports both solutions, demonstrating this evolution in practice. Organisations should care now because this flexibility allows them to deploy robust security across a wider range of platforms, from secure hardware to open software environments, ensuring that their sensitive data is protected no matter where it resides.
Hybrid protocols are often described as the stepping stone to post-quantum security. How do you see them working in real-world deployments over the next few years?
Hybrid protocols are not just a stepping stone; they are a pragmatic approach for a secure and smooth transition. We see them working in real-world deployments by combining a traditional cryptographic algorithm with a new, quantum-safe algorithm.
This provides a “belt and suspenders” approach, ensuring that security is maintained against both today’s known threats and future quantum attacks. For example, we demonstrated a post-quantum-ready eSIM using a hybrid approach for a smart meter application.
This approach ensures that we are deploying solutions that are robust and forward-looking while remaining fully secure in the current landscape. Most governmental agencies already recommend hybrid protocols because they combine the proven security of current algorithms with the resilience of quantum-safe alternatives. This balanced approach explains why we expect hybrid models to be widely adopted across critical applications in the coming years.
Too often, companies wait for regulators to act before upgrading. What’s the strategic advantage for those who move early on quantum-safe infrastructure?
For organisations that move early on quantum-safe infrastructure, the strategic advantage goes far beyond simple compliance. It’s an opportunity to build a more resilient and trustworthy digital ecosystem.
By acting now, a company can plan a phased, cost-effective migration, avoiding the disruption and panic of a last-minute scramble. Most importantly, it demonstrates a forward-thinking approach to risk management, which builds stronger trust with customers and partners.
A company that takes the lead and invests in quantum-safe infrastructure becomes a market leader, not a follower, leveraging its security posture as a unique competitive advantage in the quantum era.
What makes IDEMIA Secure Transactions uniquely positioned to help organisations not just meet compliance but actually turn security into a competitive advantage in the quantum era?
What uniquely positions us is our decades of leadership in cryptography, our end-to-end expertise and our proactive approach to innovation. We don’t just react to standards; we actively contribute to them, working with bodies like NIST and ETSI to shape the future of cybersecurity.
Our long-term commitment is evidenced by our R&D work since 2016 and our key collaborations, such as that with Telefónica on post-quantum eSIM technology. We go beyond providing a product and instead offer our expertise to help clients map their risks and create a pragmatic transition plan. Our ability to deliver and demonstrate real-world, future-proof solutions, whether in the physical or digital world, is what allows us to truly turn security into a competitive advantage for our clients.
