Post-Quantum Cryptography Takes Center Stage in Supply Chain Security Trials
April 25, 2018
Quantum Threat to Classical Cryptography Looms
As quantum computing inches toward practicality, one of the biggest risks it presents is its ability to break conventional encryption systems. RSA, ECC, and DSA—widely used in logistics and global trade systems—are all vulnerable to Shor’s algorithm, a quantum method that can factor large integers exponentially faster than classical algorithms.
While functional quantum computers capable of running Shor’s algorithm at scale may still be years away, forward secrecy in the logistics industry is a pressing concern. Any data encrypted today but stored and intercepted could be decrypted by adversaries in the future once quantum capability matures.
April 2018 saw growing urgency from global freight carriers, logistics software firms, and government trade agencies to begin adopting post-quantum cryptography (PQC)—algorithms designed to be resistant to quantum attacks.
Maersk Begins PQC Readiness Review for Trade Documentation
The Danish shipping giant A.P. Moller–Maersk, which suffered a massive cyberattack in 2017 from the NotPetya virus, began internal reviews in April 2018 of quantum-resilient encryption standards for its blockchain-powered trade documentation system, TradeLens, co-developed with IBM.
TradeLens allows real-time sharing of bills of lading, customs records, and container tracking data between shippers, ports, and regulators. While built on Hyperledger and designed for immutability, its current encryption still used elliptic curve cryptography.
Maersk’s cybersecurity and IT operations teams engaged with IBM Research to test early PQC algorithms such as:
NTRUEncrypt
Kyber
FrodoKEM
These quantum-resistant algorithms are based on lattice-based and code-based cryptography rather than number-theory methods vulnerable to Shor’s algorithm.
The internal evaluation, though preliminary, was part of a wider plan to ensure that data integrity and confidentiality would hold even as quantum capabilities advance.
U.S. Department of Homeland Security Flags Freight and Port Systems
In the United States, the Department of Homeland Security (DHS) published an alert in April 2018 through its National Risk Management Center (NRMC), warning critical infrastructure providers—including freight rail operators, customs IT systems, and port authorities—of the "store now, decrypt later" (SNDL) risk posed by quantum technology.
The notice highlighted:
The vulnerability of SCADA systems in ports and logistics warehouses
Risks to freight-tracking IoT networks transmitting unencrypted or lightly protected data
The potential for nation-state actors to intercept encrypted logistics manifests today, intending to decrypt them in the future using quantum tools
DHS encouraged private-sector stakeholders to begin roadmapping PQC migration paths in alignment with NIST’s post-quantum cryptography standardization process, which launched a formal call for algorithms in 2017.
Singapore’s PSA International and the Quantum-Safe Future
In Asia, PSA International, one of the world’s largest port operators based in Singapore, partnered with Singapore’s Quantum Engineering Programme (QEP) in April 2018 to investigate quantum-safe encryption for use in automated yard cranes, freight routing sensors, and container authentication systems.
The pilot focused on:
Authenticating container seals using physically unclonable functions (PUFs)
Encrypting IoT data from autonomous port vehicles with lattice-based schemes
Ensuring digital signatures on customs and shipment approvals remained valid in a post-quantum world
Singapore’s government committed over S$25 million in early-stage quantum engineering initiatives to ensure the country’s critical trade infrastructure remained future-proof.
Quantum Key Distribution (QKD) Enters the Discussion
While most post-quantum cryptography relies on software-level algorithmic defenses, some countries explored quantum key distribution (QKD)—a technique that uses quantum mechanics to distribute encryption keys that are immune to eavesdropping.
In April 2018:
China’s QuantumCTek announced a collaboration with customs and freight agencies in Anhui Province to explore QKD for inter-city shipping manifests.
BT and Toshiba continued trials in the UK to integrate QKD into fiber-based logistics communications between distribution centers.
Though expensive and requiring specialized infrastructure, QKD’s appeal lies in unconditional security—if a key is intercepted, the laws of quantum physics guarantee detection.
Still, many experts believe algorithmic post-quantum cryptography will see broader adoption in logistics, given its compatibility with existing internet and cloud architectures.
Software Providers Take Initiative: SAP and Oracle Begin Evaluations
Recognizing the impending shift, enterprise software vendors with strong logistics portfolios began evaluating PQC in April 2018:
SAP, whose supply chain modules are used by thousands of logistics operators, launched an internal task force to explore integrating PQC libraries into future releases of SAP S/4HANA.
Oracle, with its Transportation Management (OTM) system widely deployed in multinational freight companies, announced participation in a NIST consortium studying how cloud-based enterprise platforms could deploy lattice-based cryptography without significant performance loss.
Both companies focused on hybrid deployment models, where classical and post-quantum encryption schemes run in parallel to ensure interoperability during the transition phase.
Global Standards Landscape Emerges
April 2018 also witnessed growing momentum from standards bodies and industry groups:
The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) issued discussion drafts on PQC transition readiness for supply chain systems.
The NIST PQC Standardization Conference, held that same month, highlighted candidate algorithms suitable for logistics, including BIKE, NewHope, and Classic McEliece.
The European Telecommunications Standards Institute (ETSI) hosted a roundtable with shipping companies, IoT vendors, and security experts focused on quantum-safe maritime communication standards.
These efforts underscored that PQC would need to be a collaborative global effort, especially in industries like logistics, which operate across borders, customs zones, and cloud networks.
Logistics Sector Starts the Long March Toward Post-Quantum Readiness
Quantum-safe logistics will not happen overnight. The sheer number of connected devices, embedded legacy systems, and global compliance requirements means the transition to PQC will likely take a decade.
However, April 2018 marked a key inflection point: logistics firms began preparing not for "if" quantum attacks occur, but for "when."
Risk assessments, pilot encryption upgrades, and standards participation became critical activities for any company relying on global data flow—including 3PLs, maritime operators, customs brokerage platforms, and freight forwarders.
Conclusion: A Race Against Time to Secure the Supply Chain
The quantum revolution’s impact on logistics is not just about optimization or speed—it’s about survivability in a future where traditional cryptography could become obsolete overnight.
In April 2018, logistics leaders took meaningful first steps toward defending their digital supply chains. By embracing post-quantum cryptography, conducting cross-sector trials, and engaging with national security standards, they signaled a new era of resilient, quantum-aware infrastructure.
As global freight continues its transformation toward automation and interconnectivity, ensuring that the data driving those networks remains secure is not just a cybersecurity imperative—it’s a foundation for the future of trade itself.