Security in the Quantum Era: From Cryptography to Trust — ICTK Introduces a Hardware Trust Foundation for the Quantum Era

• Even with PQC adoption, key exposure remains a critical issue - shifting security from cryptography to device trust
• Emergence of Cyber Converged Threats (QAAS) combining AI, APT, and supply chain attacks
• Expansion of cyber risks into physical domains with the rise of Physical AI

April 2, 2026 -- The rapid advancement of quantum computing and artificial intelligence (AI) is driving a fundamental shift in cybersecurity. Traditional public-key cryptographic systems, such as RSA and ECC, which have long served as the backbone of internet security, are facing diminishing long-term viability in the face of quantum threats. As a result, the global security industry is accelerating the adoption of Post-Quantum Cryptography (PQC).

However, it is becoming increasingly clear that PQC alone is not a silver bullet. No matter how robust an algorithm may be, security collapses the moment its underlying keys are exposed. In today’s environment, where threats are increasingly complex and multi-layered, key management itself has emerged as a primary vulnerability.

ICTK introduces the concept of “QAAS” (Quantum, AI, APT, and Supply Chain) as a framework to describe this convergence of next-generation threats. AI-driven attacks are rapidly increasing in both scale and speed, while Advanced Persistent Threats (APT) operate stealthily over extended periods. Simultaneously, supply chain attacks exploit trust relationships within systems, exposing the structural limitations of conventional security models.

With the addition of quantum computing, attacks are no longer limited to the present - they now extend across time. Threat actors are already adopting HNDL (Harvest Now, Decrypt Later) strategies, collecting encrypted data today with the intention of decrypting it in the future. In this context, emerging threat scenarios can also be described as “Trust Now, Forge Later” (TNFL), where attackers may leverage trusted information stolen today to generate forged identities or systems in the future.

As a result, cyberattacks are evolving into a full lifecycle - from theft and collection to decryption and eventual forgery. Security is no longer defined solely by the strength of cryptographic algorithms. The fundamental challenge has shifted to designing a reliable trust foundation upon which those algorithms operate.

This challenge becomes even more critical with the rise of Physical AI, where AI systems directly interact with and control physical environments. In domains such as autonomous vehicles, robotics, smart factories, and intelligent surveillance systems, cyberattacks can translate directly into physical failures and safety risks. Security boundaries are therefore expanding beyond IT into OT and cyber-physical systems (CPS), making device-level trust an essential requirement.

In this context, the international standard Physically Unclonable Function (PUF)-based security is gaining increasing attention. PUF leverages inherent physical variations generated during semiconductor manufacturing to create a unique and non-replicable identity for each chip, establishing a fundamental starting point for device trust.

Unlike conventional security architectures that store cryptographic keys in memory and attempt to protect them, PUF-based architectures do not store keys. Instead, keys are generated on demand within the chip, exist only at the moment of use, and leave no persistent footprint. This “keyless” approach fundamentally removes the attack surface associated with key storage. It is particularly relevant for large-scale environments such as IoT, automotive systems, telecommunications infrastructure, and data centers.

This technology establishes a hardware-based trust foundation, ensuring that system trust originates at the physical level. Building on this foundation, ICTK presents its “Quantum HRoT Architecture,” which integrates PQC, Zero Trust, and continuous attestation into a unified security model.

This architecture is built upon four key pillars:

• PUF-based device identity - establishing immutable, hardware-rooted identity
• PQC-based cryptographic protection - enabling quantum-resistant security
• Zero Trust access control - enforcing strict verification for every interaction
• Attestation-based continuous verification - ensuring ongoing system integrity

ICTK further expands this approach through its “PAZI” strategy (Post-Quantum, AI, Zero Trust, Strong Identity), designed to address the convergence of threats in the quantum and AI era. Within the PAZI framework, identity - specifically device identity - serves as the starting point. By leveraging PUF technology, each device is endowed with a physically non-replicable identity, forming the foundation of trust across the entire system. This structure extends beyond authentication to establish a continuous chain of trust, spanning from system boot to runtime operation, with ongoing verification of system integrity.

Ultimately, in an era defined by the convergence of quantum computing and AI, cybersecurity is no longer a competition between individual technologies. It is becoming a competition of architecture built upon identity and trust.

In particular, within Physical AI environments and large-scale device ecosystems, the integration of PUF-based device trust with PQC is set to define the next standard for security. Security in the quantum era is no longer about which cryptographic algorithm you use. It is about the trust foundation that underpins it. And that foundation is becoming increasingly clear: PUF-based hardware trust will define the new standard for security in the quantum era.