name: pqc-implementation-hot-framework description: "Post-Quantum Cryptography (PQC) implementation framework using Human-Organisation-Technology (HOT) model for software systems. Covers socio-technological constraints, implementation planning, and organizational transition strategies for PQC migration. Use when: PQC implementation planning, post-quantum cryptography migration, quantum-resistant software deployment, HOT framework for crypto, PQC organizational challenges, quantum threat preparation, NIST PQC algorithm integration." metadata: arxiv_id: "2606.04669" published: "2026-06-04" authors: "SoK PQC Implementation Study" tags: [quantum, security, post-quantum-cryptography, systems-engineering, HOT-model, software-systems]
PQC-HOT Implementation Framework
Systematic framework for Post-Quantum Cryptography implementation based on State-of-Knowledge (SoK) analysis across Human, Organisation, and Technology (HOT) dimensions.
Core Insight
PQC implementation is NOT merely a cryptographic replacement — it is a socio-technological transformation requiring coordinated approaches across all HOT dimensions. Current knowledge is heavily imbalanced: technological solutions dominate while human and organisational considerations remain critically underexplored.
HOT Dimensions
Human Dimension
- Developer awareness and training gaps
- Usability of PQC APIs and libraries
- Cognitive load of migration decisions
- Security team skill development
Organisation Dimension
- Resource allocation for migration
- Compliance and regulatory alignment
- Risk management and prioritization
- Vendor and supply chain coordination
Technology Dimension
- Algorithm selection (NIST standards: CRYSTALS-Kyber, CRYSTALS-Dilithium, etc.)
- Performance benchmarking and overhead
- Integration with existing protocols (TLS, SSH, etc.)
- Hybrid classical-PQC transition strategies
PQC Implementation Challenges
Challenges are NOT isolated to individual dimensions — they emerge as interconnected socio-technological constraints spanning HOT contexts:
- Human-Tech: Developer confusion about algorithm choices → implementation errors
- Org-Tech: Budget constraints → delayed migration → increased quantum risk window
- Human-Org: Lack of training programs → insufficient security culture → compliance gaps
- All Three: Coordinated failure where no single dimension can be addressed in isolation
Implementation Workflow
- Assess current cryptographic inventory → identify all systems using vulnerable algorithms
- Evaluate HOT readiness → score each dimension (Human/Org/Tech) on 1-5 scale
- Identify dimension gaps → prioritize the weakest HOT dimension first
- Design coordinated intervention → ensure solutions address cross-dimensional constraints
- Implement in phases → pilot → measure → scale
- Monitor implementation outcomes → track HOT metrics, not just technical KPIs
Activation Keywords
- pqc implementation, post-quantum cryptography migration, quantum-resistant software
- HOT framework cryptography, PQC organizational challenges
- NIST PQC algorithm integration, quantum threat preparation
- cryptographic system migration, PQC deployment planning