March 2025 Heatmap: Current State of PQC Standards and Adoption
March 18, 2025Heatmap
| Standard | Overall Range | Pure PQC encrypt | Hybrid PQ encrypt | Pure PQ sig | Hybrid PQ sig |
|---|---|---|---|---|---|
| SSH | 2 to 8 | 2 | 8 | 2 | 2 |
| TLS 1.2¹ | 0 to 0 | 0 | 0 | 0 | 0 |
| TLS 1.3² | 3 to 8 | 6 | 8 | 6 | 3 |
| X.509³ | 3 to 6 | 6 | 3 | 6 | 3 |
| S/MIME | 3 to 4 | 4 | 3 | 4 | 3 |
| OpenPGP | 4 to 4 | 4 | 4 | 4 | 4 |
| IKE/IPSec | 2 to 4 | 4 | 4 | 3 | 2 |
| DNSSec⁴ | 1 to 1 | 1 | 1 | 1 | 1 |
| Transport Issues in Standards | Status |
|---|---|
| TCP Initial Congestion Window | 3 |
| IKE first packet | 3 |
| QUIC amplification protection | 2 |
¹ DTLS 1.2, FIDO inherit from TLS 1.2
² DTLS 1.3, MACSEC, FIDO/FIDO 2 inherit from TLS 1.3
³ UEFI inherits from X.509
⁴ DNSSec has no currently chartered working group, but PQC in DNSSec is an IETF research topic.
Key
| 0 | Consensus Against Inclusion |
|---|---|
| 1 | Blocked / Stalled |
| 2 | In Progress / Chartered |
| 3 | Active Proposals / Drafts |
| 4 | Progress to Finalization |
| 5 | Finalized / Approved |
| 6 | Integration Progress |
| 7 | Integrated in Libraries |
| 8 | Some Adoption |
| 9 | Broad Adoption |
| - | Unknown / NA |