SoK: Post-Quantum Cryptography (PQC) Implementation in Software Systems
arXiv SecurityArchived Jun 04, 2026✓ Full text saved
arXiv:2606.04669v1 Announce Type: new Abstract: The transition to Post-Quantum Cryptography (PQC) is essential to protect software systems from emerging quantum-enabled threats. Although standardised PQC algorithms are now available, developers and organisations continue to face significant challenges in integrating them into real-world software systems. While existing studies primarily focus on cryptographic performance and algorithmic security, it provides limited understanding of the broader
Full text archived locally
✦ AI Summary· Claude Sonnet
Computer Science > Cryptography and Security
[Submitted on 3 Jun 2026]
SoK: Post-Quantum Cryptography (PQC) Implementation in Software Systems
R.D.N. Shakya, C.P. Wijesiriwardana, S.M. Vidanagamachchi, Nalin A.G. Arachchilage
The transition to Post-Quantum Cryptography (PQC) is essential to protect software systems from emerging quantum-enabled threats. Although standardised PQC algorithms are now available, developers and organisations continue to face significant challenges in integrating them into real-world software systems. While existing studies primarily focus on cryptographic performance and algorithmic security, it provides limited understanding of the broader socio-technological factors that influence successful PQC implementation. This SoK investigates PQC implementation approaches and challenges through the Human, Organisation, and Technology (HOT) dimensions. By systematically synthesising existing approaches across these dimensions, we reveal a notable imbalance in the current body of knowledge, where technological solutions dominate, while human and organisational considerations remain underexplored. Our analysis further shows that PQC implementation challenges are not isolated to individual dimensions; rather, they emerge as interconnected socio-technological constraints that span HOT contexts, collectively shaping implementation outcomes. These findings indicate that PQC implementation extends beyond cryptographic replacement and represents a broader socio-technological transformation requiring coordinated approaches across all HOT dimensions. To address this gap, we propose the PQC-HOT model, a conceptual framework that explains how interactions among HOT dimensions collectively influence PQC implementation in software. The model synthesises the implementation interventions and challenges identified in the SoK into an integrated structure that supports systematic decision-making, planning, and organisational transition strategies. Based on these insights, we outline future research directions and design implications for scalable and sustainable PQC implementation in software systems.
Subjects: Cryptography and Security (cs.CR); Software Engineering (cs.SE)
Cite as: arXiv:2606.04669 [cs.CR]
(or arXiv:2606.04669v1 [cs.CR] for this version)
https://doi.org/10.48550/arXiv.2606.04669
Focus to learn more
Submission history
From: Dinithi Nadee Shakya Rathnaikage [view email]
[v1] Wed, 3 Jun 2026 09:48:29 UTC (3,709 KB)
Access Paper:
HTML (experimental)
view license
Current browse context:
cs.CR
< prev | next >
new | recent | 2026-06
Change to browse by:
cs
cs.SE
References & Citations
NASA ADS
Google Scholar
Semantic Scholar
Export BibTeX Citation
Bookmark
Bibliographic Tools
Bibliographic and Citation Tools
Bibliographic Explorer Toggle
Bibliographic Explorer (What is the Explorer?)
Connected Papers Toggle
Connected Papers (What is Connected Papers?)
Litmaps Toggle
Litmaps (What is Litmaps?)
scite.ai Toggle
scite Smart Citations (What are Smart Citations?)
Code, Data, Media
Demos
Related Papers
About arXivLabs
Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)