top of page

Preparing for the Quantum Threat: DHL and PQShield Explore Post-Quantum Cryptography for Supply Chains

September 29, 2020

Quantum Threats to Global Supply Chains

Modern logistics networks — from raw material shipping to last-mile delivery — rely on a web of digital communications: fleet coordination platforms, inventory control APIs, customs documentation exchanges, and real-time tracking tools. All of this is protected using classical public-key encryption, primarily RSA and elliptic curve cryptography.

However, as early as 2019–2020, cybersecurity experts began raising alarms that quantum computers — once sufficiently advanced — could render these cryptographic methods obsolete. Shor’s algorithm, a quantum algorithm that can factor large primes exponentially faster than any classical method, poses an existential risk to RSA encryption.

Though practical quantum machines that can break RSA aren’t expected for another 5–10 years, the “harvest now, decrypt later” threat — in which attackers collect encrypted logistics data today to decrypt in the future — is a clear and present concern.


DHL’s Quiet Investment in Quantum-Safe Security

In September 2020, DHL Supply Chain — a division of Deutsche Post DHL Group — held preliminary strategy workshops with quantum security startups, including PQShield, to explore how its logistics IT backbone could transition to post-quantum cryptography (PQC).

PQShield, based in Oxford and founded by University of Oxford researchers, specializes in implementing quantum-resistant cryptographic algorithms on constrained devices like IoT sensors, handheld scanners, and edge nodes — exactly the types of devices widely used in warehousing and logistics.

According to insiders close to the discussions, DHL’s objectives included:

  • Mapping out systems and endpoints that would require PQC upgrades

  • Understanding how to integrate PQC with existing SAP, Oracle, and fleet management platforms

  • Exploring how NIST’s upcoming post-quantum standards could impact global customs, compliance, and client data protections

Though no formal pilot was announced, the fact that the world’s largest logistics provider was already laying the groundwork for PQC migration signaled how seriously the industry took the quantum threat.


NIST’s Role in Driving PQC Readiness

In the U.S., the National Institute of Standards and Technology (NIST) had been leading a global effort since 2016 to standardize post-quantum cryptographic algorithms. By September 2020, NIST was in Round 3 of its multi-year selection process, with finalists such as:

  • CRYSTALS-Kyber (key encapsulation)

  • CRYSTALS-Dilithium (digital signatures)

  • FALCON

  • Rainbow

These algorithms were being evaluated for security, performance, and suitability for constrained devices — criteria especially relevant to logistics operations, which often rely on low-power barcode scanners, RFID readers, and edge computing modules in warehouses.

DHL’s engagement with PQShield and similar vendors reflected the logistics industry’s interest in early adoption of whichever algorithms NIST would eventually certify.


Where Quantum-Safe Logistics Is Most Urgent

Logistics networks are complex, but certain nodes are especially vulnerable in a post-quantum world:

  • Customs APIs: Cross-border shipping depends on data exchanges between customs systems, often over SSL-encrypted connections. These are prime targets for long-term interception and decryption.

  • Asset tracking systems: Location and status data for high-value goods are encrypted at rest and in transit. Tampering with or decrypting this could enable theft or counterfeiting.

  • Contract and billing systems: Trade documentation, invoices, and ownership contracts are increasingly blockchain-based or digitally signed. These rely on cryptographic integrity that quantum computing could undermine.

By identifying these areas, companies like DHL aim to “crypto-agility”— the ability to swap in new encryption schemes without disrupting operations, which will be essential as the quantum era approaches.


Broader Industry and Government Initiatives

While DHL’s work with PQShield in 2020 was preliminary, other parts of the global logistics and supply chain community were also advancing post-quantum readiness:

  • Japan’s NICT (National Institute of Information and Communications Technology) conducted early testing of quantum-safe communication between logistics terminals and headquarters.

  • Singapore’s Government Technology Agency (GovTech) began PQC experimentation in smart city infrastructure, including transportation and customs.

  • The U.S. Department of Homeland Security (DHS) issued a post-quantum transition roadmap in August 2020, recommending supply chain critical systems begin assessment for quantum vulnerability.

These efforts signaled an emerging consensus: waiting for quantum hardware to mature is not a viable strategy. Instead, proactive planning must begin now — including inventorying current cryptographic dependencies and ensuring flexibility to integrate PQC.


Challenges in Retrofitting PQC

Despite growing interest, transitioning to quantum-resistant cryptography poses logistical and technical challenges:

  1. Hardware constraints: Devices like warehouse scanners or IoT tags often lack the computational power to run PQC algorithms unless optimized for specific instruction sets.

  2. Software integration: Logistics platforms — from warehouse management to route optimization — are deeply interconnected. Swapping out cryptographic libraries can introduce bugs or compatibility issues.

  3. Global coordination: International logistics chains involve numerous parties, from local delivery agents to customs authorities. Adopting PQC globally requires coordinated standards and timelines.

DHL’s early discussions were focused on long-term roadmapping, rather than immediate implementation, with a strong emphasis on interoperability and regulatory foresight.


PQShield: An Emerging Post-Quantum Leader

The involvement of PQShield in DHL’s early exploration was notable. Founded in 2018, PQShield had gained attention for:

  • Hardware-accelerated PQC libraries for ARM Cortex-M and RISC-V

  • Cloud integrations for TLS and secure messaging

  • Open-source contributions to the NIST process

  • Active testing with partners in banking, defense, and now logistics

By 2020, PQShield had secured seed funding and began collaborating with industry giants like Bosch and Qualcomm. Logistics was a new frontier, but the overlap between supply chain security and constrained device encryption made it a natural fit.


Conclusion: A Future-Proof Supply Chain Starts Now

DHL Supply Chain’s quantum-safe encryption exploration in September 2020 marked a quiet but critical milestone in global logistics cybersecurity. While the risk of quantum decryption might still be years away, the time to prepare is now, as transitioning cryptographic systems — especially across global logistics operations — can take half a decade or more.

As NIST’s post-quantum standards near finalization and more vendors bring practical PQC solutions to market, companies that begin building crypto-agility now will avoid a scramble later. With partners like PQShield leading the charge, logistics may yet be among the most quantum-resilient sectors in the coming decade.

bottom of page