PQ-NEXT Core with Akis Kourtis, NCSR “Demokritos”

What drives PQ-NEXT from within? PQ-NEXT Core reveals the minds and teams behind the project. By showcasing their perspectives, insights, and ambitions, we uncover the vision and collaboration that shape PQ-NEXT’s vision.

Let’s start by getting to know Akis Kourtis, our project coordinator from the NCSRD Demokritos, a little better, and by introducing the team that will work on the project.

I am Akis Kourtis, project coordinator at NCSRD, with a background in cybersecurity, distributed systems, and secure communication infrastructures. My academic and professional work focuses on cryptographic systems, network security, and the coordination of large-scale European research projects. My expertise is directly relevant to PQ-NEXT because the project addresses the transition from classical to post-quantum cryptography, which requires both a deep understanding of cryptographic mechanisms and system-level integration capabilities. Along with me on the NCSRD team are Dr George Agapiou, project lead for financial and quality monitoring, Achileas Economopoulos, the Pilot Implementation Engineer, and Virginia Lampropoulou, our Junior Cybersecurity Engineer. At NCSRD, we contribute as part of a multidisciplinary team that combines expertise in cybersecurity engineering, software systems, and network architectures. The team is responsible for designing and implementing maintenance and crypto-agility tools to ensure cryptographic systems can evolve securely over time. We work closely with other consortium partners, including telecom providers, financial institutions, and research organisations, forming a coordinated ecosystem that addresses the problem from multiple technical and operational perspectives.

What motivated you to join this EU-wide consortium?

The main motivation is the scale and urgency of the transition to post-quantum security. Quantum computing will fundamentally break current public-key cryptographic systems, which are the foundation of secure communications today. This creates a systemic risk that affects governments, industries, and citizens. Addressing this challenge requires coordinated action at the European level, combining research, industry, and policy. PQ-NEXT offers exactly this type of collaboration, enabling us to contribute to a structured and large-scale effort. It is also an opportunity to strengthen European technological sovereignty in cybersecurity and to ensure that the transition to quantum-resistant systems is handled proactively rather than reactively.

“PQ-NEXT offers exactly this type of collaboration, enabling us to contribute to a structured and large-scale effort.”

What problem does your role in the project address in simple terms, and why is it critical for the project’s implementation?

My role focuses on the problem of how to migrate existing cryptographic systems to quantum-resistant solutions in a secure and efficient way. In simple terms, current systems rely on cryptographic algorithms that will become insecure once quantum computers can execute attacks such as Shor’s algorithm. At the same time, these systems are not designed to easily replace their cryptographic components, which creates a lack of crypto-agility. This is critical because even if new secure algorithms exist, organisations cannot adopt them quickly without proper tools and processes. If this issue is not addressed, large-scale infrastructure will remain exposed to future quantum threats, including scenarios such as “harvest now, decrypt later.”

“If this issue is not addressed, large-scale infrastructure will remain exposed to future quantum threats, including scenarios such as harvest now, decrypt later.”

What are the main activities, tasks, and objectives of your work?

The main focus of our work is ensuring the continuous security and adaptability of cryptographic systems. This includes developing maintenance tools that monitor cryptographic deployments, manage system updates, and handle secure key lifecycle operations. A key objective is to enable crypto-agility, meaning systems can switch or upgrade cryptographic algorithms without major disruptions. We also address large-scale deployment challenges, ensuring that updates can be applied efficiently across complex infrastructures. Another important aspect is compliance and auditing, where systems must remain aligned with evolving standards and regulatory requirements. Overall, the objective is to create an operational layer that supports the full lifecycle of cryptographic systems in a post-quantum environment.

How is your work connected to the other tasks and activities?

Our work is tightly integrated with the rest of the project. We rely on the PQC algorithm catalogue to access validated quantum-resistant algorithms and hybrid schemes. We support the PQ-NEXT Migration Toolbox by providing monitoring capabilities, update mechanisms, and system-level insights that are necessary for planning and executing migrations. Our tools are also deployed and validated in the project’s pilot environments, including telecommunications, financial systems, critical infrastructure, and municipal services. This ensures that our solutions are continuously tested under real-world conditions and aligned with the requirements of different sectors.

“Our tools are also deployed and validated in the project’s pilot environments, including telecommunications, financial systems, critical infrastructure, and municipal services.”

Moving on, a personal note. What is the main outcome you personally hope this project will achieve?

The key outcome I expect is a complete and practical framework that enables organisations to transition to post-quantum cryptography in a structured and reliable way. This includes not only technical tools but also methodologies, guidelines, and best practices that reduce complexity and risk. The goal is to demonstrate that large-scale migration is feasible and can be achieved without disrupting existing operations. A successful result would provide organisations with clear, actionable solutions that they can adopt directly, ensuring long-term security against quantum threats.

Looking ahead, what excites you most about the post-quantum era?

What excites me most is the opportunity to redesign cybersecurity systems with adaptability and long-term resilience as core principles. The post-quantum transition is not just about replacing algorithms but about rethinking how cryptographic systems are designed, deployed, and maintained. It enables the development of more flexible architectures, hybrid cryptographic models, and integration with emerging technologies such as quantum computing itself. This shift creates a foundation for building systems that can evolve continuously, rather than becoming obsolete, which is essential in increasingly complex and interconnected digital environments.

“The post-quantum transition is not just about replacing algorithms but about rethinking how cryptographic systems are designed, deployed, and maintained.”

Harvest Now, Decrypt Later: What is it and why does it really matter?

When we send a message, make an online payment, store data in the cloud, or access a secure website, encryption works behind the scenes to protect our information. In today’s digital world, we often assume that if something is encrypted, it is safe. However, a growing concern in cybersecurity has introduced a new phrase: Harvest now, decrypt later. At the core of PQ-NEXT, this phrase is well established. But what does it mean, and how is it linked to the project?

“Harvest now, decrypt later” is a method in which attackers collect encrypted data today, even if they cannot decrypt it immediately, and store it for later decryption. But why? Because later, with the emergence of quantum computers, they could potentially decrypt all this stored information, impacting our lives. In simple terms, hackers may not need to break into data today. They can simply copy it, wait, and unlock it years from now.

Currently, most secure communications rely on cryptographic systems like RSA and Elliptic Curve Cryptography (ECC). These systems are considered secure because breaking them would require an enormous amount of computing power, more than classical computers can realistically handle.

However, researchers believe that large-scale quantum computers will be able to run algorithms such as Shor’s algorithm, which could efficiently break RSA and ECC encryption.

Although practical quantum computers capable of doing this do not yet exist, organisations are making progress. Experts don’t know exactly when quantum computers will reach that level, but many believe it is only a matter of time.

So, attackers may be thinking ahead. If sensitive information is still valuable in 5, 10, or 20 years, it makes sense to store it now and wait.

This is where the PQ-NEXT project steps in. Over the next 36 months, 17 partners from across the EU will work together to develop a comprehensive migration framework that analyses and models real-world scenarios to enable a smooth transition to post-quantum cryptographic standards. By delivering tailored migration pathways, PQ-NEXT aims to help organisations navigate the shift to quantum-resilient security with clarity, confidence, and coordination.

At its core, PQ-NEXT is structured into six work packages that support and guide the project’s ambitions and activities. WP2 develops the core migration modelling tools and the PQC algorithm catalogue, while WP3 advances quantum-cryptanalysis capabilities to validate the resilience of PQC systems. WP4 puts the framework to the test through large-scale real-world pilot demonstrators, and WP5 ensures that the entire migration process is legally compliant and aligned with the evolving regulatory landscape. Finally, WP6 drives the dissemination, communication, and exploitation strategy to maximise the project’s reach and impact across the European ecosystem.

Discover the PQ-NEXT world here!
Follow us on Linkedin!