Quantum countdown
Billions of new devices from smart thermostats to industrial sensors join the Internet of Things (IoT) in every day practices. They make our cities smarter and our healthcare more responsive as our lives are also more convenient in general. But silently a countdown has begun. The encryption that guards these devices and a digital lock we’ve trusted for decades is on the verge of being picked by a new kind of technology: the quantum computer.
Our recent systematic review, “Systematic Review on Securing IoT Systems with Post Quantum Cryptography Emerging Threats, Countermeasures, and Future Research Needs,” published in Discover Internet of Things, was not only an academic study. It was a race to map the vulnerabilities of our connected world and to find the next generation of shields before time runs out.
Emerging threat
Modern cryptography, the complex math that secures our online bank transfers and smart home cameras mainly relies on problems that are incredibly hard for classical computers to solve. However, quantum computers do not play by the same rules rather qubits (quantum bits) applied with exponentially faster in computations. Algorithms like Shor’s algorithm could break these “hard” problems in minutes and rendering much of today’s security obsolete. This isn’t just a data privacy issue for IoT; it leads to a massive application crisis. A compromised smart grid, medical device, or autonomous vehicle network could have catastrophic real-world consequences.
We began our work with a systematic approach that guided by the rigorous PRISMA 2020 framework where it is spanned nine major databases including IEEE Xplore, Scopus, ACM, MDPI, Springer, ScienceDirect, Wiley, Google Scholar, and Nature yielding over 5,151 studies from the last five years. After meticulously distilled this vast corpus down to 161 studies, foundation of our analysis established by allowing us to paint a detailed picture of emerging vulnerabilities, evaluate proposed countermeasures, and identify the most urgent actions needed to secure our connected future.
The search for a quantum-resistant shield
The core of our work was evaluating the proposed solutions: Post-Quantum Cryptography (PQC). These are new cryptographic systems built on mathematical problems believed to be hard even for quantum computers. But for IoT, security isn’t the only requirement. These devices are often tiny, with limited processing power and battery life. We can’t install a supercomputer’s security software on a temperature sensor.
We analyzed both in descriptive statistics and thematic aspects. We analyzed the major PQC families namely lattice-based, code-based, multivariate, and hash-based signatures through the lens of an IoT engineer. Our analysis revealed that lattice-based cryptography, particularly schemes such as Kyber for key exchange and Dilithium for digital signatures recently standardized by NIST, shows the most promise. It offers a strong balance of security and relative efficiency. However, even these require careful optimization to be truly “lightweight” for the most constrained IoT endpoints with regard to scalability, interoperability and implementation complexity
A transition roadmap: not just a temporary diagnosis
Identifying the problem and the potential solutions is only the first step. The path to implementation is riddled with challenges we cataloged in detail: the overhead of key management, the vulnerability to side-channel attacks, the sheer complexity of upgrading global IoT infrastructure, and the looming threat of “store-now-decrypt-later” attacks where data is harvested today to be broken later.
Therefore, a significant part of our paper is dedicated to a strategic roadmap with the provided a case study on smart grid. We propose a framework centered on hybrid cryptography a transitional approach where classical and PQC algorithms work together. This provides a transmission phase while the new systems are thoroughly tested and optimized. We also emphasize that future research must aggressively tackle lightweight PQC design, robust key management for distributed devices, and above all, global standardization to avoid a fragmented and weak security ecosystem.
Why this work matters now
This research was driven by a sense of urgency. The quantum threat may seem futuristic, but the IoT devices we deploy today have lifespans of 10-20 years. They will absolutely be operating in a world where quantum attacks are a reality. We must act now because quantum advancements are accelerating, while development, standardization, improvement, confidence‑building, and usability of PQC all take significant time. With NIST’s official release of its first finalized PQC standards in 2024, the transition must begin immediately.
Writing this review reinforced that securing the IoT is a monumental and interdisciplinary challenge. It requires cryptographers, hardware engineers, software developers, policymakers, and industry leaders to collaborate as never before. Our paper is a call to start that work in earnest. Through mapping the threats, evaluating the tools, and charting a path forward, we hope to provide a foundational roadmap for building a connected future that is not just smart but also secure for the decades to come.
You can explore our complete analysis, detailed findings, and the full proposed a strategic roadmap for implementation as a path to future-secured IoT application in the open-access paper:
https://link.springer.com/article/10.1007/s43926-025-00275-6
DOI
https://doi.org/10.1007/s43926-025-00275-6