Within the scope of the study an analysis of a quantum-resistant key management infrastructure (KMI) is conducted. Key Management Infrastructure, in this context, encompasses cloud services, on-premises HSM clusters, and hybrid or edge solutions. Asymmetric algorithms underpinning modern protection protocols demonstrate vulnerability to quantum methods of Shor and Grover. The objective of this study is to perform a holistic reference architecture for KMI that enables a seamless and secure transition from classical to post-quantum solutions. The methodology includes a systematic analysis of existing KMI architectures, a detailed evaluation of algorithms standardized by NIST for post-quantum cryptography, as well as the modeling of a hybrid cryptographic scheme. As a result, a multi-layer architectural model is proposed, featuring a “Crypto-Agility Engine” for dynamic algorithm replacement, hybrid key encapsulation protocols and a phased migration strategy to post-quantum primitives. The model maintains backward compatibility with legacy systems, minimizes the load on mission-critical components such as fintech platforms and ensures an unchanged level of performance. The study conclusions confirm the practical feasibility of this approach for long-term protection of data confidentiality and integrity in the post-quantum era. This work is of interest to information security architects, software engineers and specialists engaged in the protection of critically important information across diverse infrastructures.

post-quantum cryptography, key management, crypto-agility, quantum threat, PQC, hybrid encryption, security architecture, cybersecurity, data protection, compliance

Gartner. (2024). Gartner forecasts worldwide public cloud end-user spending to surpass $675 billion in 2024. Retrieved from https://www.gartner.com/en/newsroom/press-releases/2024-05-20-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-surpass-675-billion-in-2024

APEC Digital Economy Steering Group. (2024). APEC Digital Economy Outlook. Retrieved from https://www.apec.org/groups/committee-on-trade-and-investment/digital-economy-steering-group#:~:text=The%20digital%20economy%20is%20sometimes,based%20on%20digitally%20enabled%20platforms

Ponemon Institute & Encryption Consulting. (2023). Global Encryption Trends Study 2023. Encryption Consulting. Retrieved from https://www.encryptionconsulting.com/wp-content/downloads/encryption-consulting-global-encryption-trends-2023.pdf#:~:text=%E2%80%93%20about%2063%25,leveraging%20the%20private%20cloud%20model

MarketsandMarkets. (2025). Hardware Security Modules Market Forecast 2025–2030. Retrieved from https://www.marketsandmarkets.com/Market-Reports/hardware-security-modules-market-162277475.html#:~:text=This%20growth%20is%20primarily%20driven,in%20shaping%20the%20market%20dynamics

Gerck, E. (2022). Algorithms for Quantum Computation: The Derivatives of Discontinuous Functions. Mathematics, 11(1), 1–8. https://doi.org/10.3390/math11010068.

Gambetta, J. M. (2023). The hardware and software for the era of quantum utility is here. IBM Research Blog. Retrieved from https://research.ibm.com/blog/quantum-roadmap-2033

Dziechciarz, D., & Niemiec, M. (2024). Efficiency analysis of NIST-standardized post-quantum cryptographic algorithms for digital signatures in various environments. Electronics, 14(1), 1–18. https://doi.org/10.3390/electronics14010070.

Hanna, Y., et al. (2025). A comprehensive and realistic performance evaluation of post-quantum security for consumer IoT devices. Internet of Things, 33. https://doi.org/10.1016/j.iot.2025.101650.

ENISA. (2021). Post-quantum cryptography: Current state and quantum mitigation. European Union Agency for Cybersecurity. Retrieved from https://www.enisa.europa.eu/sites/default/files/publications/ENISA%20Report%20-%20Post-Quantum%20Cryptography%20Current%20state%20and%20quantum%20mitigation-V2.pdf

Moore, T. L., et al. (2023). Encryption methods and key management services for secure cloud computing: A review. In Midwest Instruction and Computing Symposium (MICS-2023), University of Northern Iowa, Cedar Falls, IA, USA, 1–17. Retrieved from https://www.researchgate.net/profile/Akalanka-Mailewa/publication/369777264_Encryption_Methods_and_Key_Management_Services_for_Secure_Cloud_Computing_A_Review/links/642c54c020f25554da0baa40/Encryption-Methods-and-Key-Management-Services-for-Secure-Cloud-Computing-A-Review.pdf

Bene, F., & Kiss, A. (2023). Post-quantum security overview of the public key infrastructure. System Theory, Control and Computing Journal, 3(2), 27–35. https://doi.org/10.52846/stccj.2023.3.2.55.

Asif, R. (2021). Post-quantum cryptosystems for Internet-of-Things: A survey on lattice-based algorithms. IoT, 2(1), 71–91. https://doi.org/10.3390/iot2010005.

Abbasi, M., et al. (2025). A practical performance benchmark of post-quantum cryptography across heterogeneous computing environments. Cryptography, 9(2), 1–27. https://doi.org/10.3390/cryptography9020032.

Google Cloud. (2024). Announcing quantum-safe digital signatures in Cloud KMS. Google Cloud Blog. Retrieved from https://cloud.google.com/blog/products/identity-security/announcing-quantum-safe-digital-signatures-in-cloud-kms

NTT Data. (2022). Key management issues in cloud and the introduction of post-quantum cryptography. Retrieved from https://www.nttdata.com/global/en/insights/focus/2024/key-management-issues-in-cloud-and-the-introduction-of-post-quantum-cryptography#:~:text=Key%20management%20issues%20in%20cloud,and%20points%20to%20conside

Thales Group. (2024). Quantum-resilient encryption and HSMs. Thales Security Blog. Retrieved from https://cpl.thalesgroup.com/blog/encryption/post-quantum-cryptography-algorithms#:~:text=With%20crypto%20agility%20implemented%20across,Thales%20is%20also%20accelerating%20practical

Cisco. (2024). Quantum-safe trust anchors. Cisco Security Blog. Retrieved from https://blogs.cisco.com/security/quantum-cryptography-whats-coming-next