Moving Toward the Post-Quantum Era: Why a Cryptographic Inventory Is the First Step in Security Transformation
- Emily Chiu
- 3 hours ago
- 3 min read
The hidden risks of the post-quantum era
In today’s cybersecurity assessments, we’re used to checking for weak passwords, malware, and vulnerabilities. But there’s another overlooked risk that is quickly coming to the surface as quantum computing advances:
What encryption algorithms are currently used in your systems — and are they truly secure?
Many people believe that practical quantum computers are still far away. However, Pete Shadbolt, Co-founder and CTO of U.S. startup PsiQuantum, said at The Wall Street Journal’s CIO Network Summit in February 2025 that commercially valuable quantum computers could arrive as early as 2027.
When that time comes, will the algorithms used in your systems, APIs, and communication protocols still be safe?
Question 1: Do You Really Know What Encryption Your Systems Are Using?
Nowadays, most enterprise applications, servers, and even SaaS platforms are still running TLS 1.2 combined with RSA or ECC algorithms. These algorithms remain secure for now, but once quantum computers become fully operational, RSA and ECC will instantly become obsolete.
The critical question is — Do you really know where these algorithms are hiding within your systems? Is it in your API transmissions, your network communications, or perhaps embedded deep within your source code?
Question 2: The Countdown to Quantum Computing Has Already Begun
In June 2025, IBM unveiled its four-year roadmap for quantum computing, with the goal of developing the world's first large-scale, fault-tolerant quantum computer named Quantum Starling which is projected to run quantum circuits comprising 100 million quantum gates on 200 logical qubits.
To prepare for this quantum leap, NIST officially standardized Post-Quantum Cryptography (PQC) in 2024, urging governments and financial institutions worldwide to begin migration planning immediately. This marks a turning point:
Systems that do not support PQC will soon fail to meet regulatory and compliance requirements.
Organizations that haven’t started the transition might be at a risk of instant exposure once quantum computing becomes mainstream.
Why Do You Need a Cryptographic Inventory System?
The U.S. government, under the Biden administration, made it clear in its July 2024 “Report on Post-Quantum Cryptography” that “A comprehensive and ongoing cryptographic inventory is a key baseline for successful migration to PQC.1”
Simply relying on manual checks or human memory is not enough to get a complete picture of your encryption landscape.
For example, banks and financial institutions rely on a wide variety of systems — from trading platforms, risk management modules, online banking, third-party payment APIs, to internal systems across branches and headquarters. Each of these systems could be using different encryption algorithms.
Manual checks are time-consuming, error-prone, and likely to miss hidden algorithms buried in code, network packets, or files. For instance:
TLS configurations may vary across different servers
Client apps and third-party APIs may use different encryption protocols
Internal source code and third-party libraries may call different algorithms
In such a scenario, missing a single component could lead to serious security breaches, since manual inventories cannot provide complete visibility, making risk assessment unreliable.
PQScan – Chelpis Solution
As the first cybersecurity company focused on Post-Quantum Cryptography (PQC) in Taiwan, we have developed PQScan, a cryptographic inventory solution designed to address the pain points of manual algorithm checks.
PQScan performs a comprehensive scan with just one click, providing a complete security overview with the following features:
Scan IPs / URLs → Instantly detect the TLS algorithms used by servers and websites
Analyze network packets → Identify encryption protocols in transmission and verify their security
Inspect uploaded files → Analyze encryption in PDFs, DOCX files, certificate files and so on
Review source code → Detect algorithms used in APIs, apps, and source code to determine PQC support
Additionally, PQScan automatically generates clear, easy-to-read reports, allowing enterprises to quickly understand:
Which encryption algorithms are in use across their systems
Which algorithms are high-risk (obsolete or insecure)
Which systems already support post-quantum algorithms and which require upgrades
Most importantly, these reports serve as a foundation for cybersecurity audits, regulatory compliance, and PQC migration planning.
In the post-quantum era, the biggest risk isn’t “no encryption”, but thinking your system is secure when the algorithms are actually outdated. Conducting a cryptographic inventory is the first step toward PQC migration. PQScan empowers organizations to gain clear visibility into their current encryption posture and prepare for a secure, post-quantum future.
Comments