From policy to practice: a sector-agnostic operational framework for post-quantum cryptography transition

Basit Öğe Kaydı
dc.authorid0009-0008-5058-1081
dc.authorid0000-0003-2865-6370
dc.contributor.authorBirgin, Beraten_US
dc.contributor.authorÇeliktaş, Barışen_US
dc.date.accessioned2026-03-27T08:46:53Z
dc.date.available2026-03-27T08:46:53Z
dc.date.issued2026-03-02
dc.departmentIşık Üniversitesi, Lisansüstü Eğitim Enstitüsü, Siber Güvenlik Yüksek Lisans Programıen_US
dc.departmentIşık University, School of Graduate Studies, Master’s Program in Cybersecurityen_US
dc.departmentIşık Üniversitesi, Mühendislik ve Doğa Bilimleri Fakültesi, Bilgisayar Mühendisliği Bölümüen_US
dc.departmentIşık University, Faculty of Engineering and Natural Sciences, Department of Computer Engineeringen_US
dc.description.abstractThe pace of quantum computing development necessitates not only the adoption of post-quantum cryptographic algorithms, but also the establishment of an executable and auditable institutional transition process. Although guidance documents published by the National Institute of Standards and Technology (NIST) and roadmaps proposed by the Post-Quantum Cryptography Coalition (PQCC) articulate strategic objectives, they largely remain procedural constructs lacking a concrete operational execution model. This paper presents an industry-neutral operational framework that translates policy-level post-quantum cryptography (PQC) guidance into deterministic, proof-producing process flows encompassing cryptographic asset discovery, classification, risk modeling, algorithm selection, deployment, monitoring, and governance enforcement. Central to the framework is a deterministic Quantum Risk Scoring (QRS) function, calibrated using the Analytical Hierarchy Process (AHP), which enables reproducible asset prioritization and policy-driven enforcement decisions. Framework executability is further strengthened through cryptography-aware continuous integration/continuous deployment (CI/CD) validation gates and downgrade protection mechanisms, ensuring the generation of verifiable and immutable audit artifacts. A scenario-based operational validation, implemented using open-source toolchains, demonstrates the framework’s operability, auditability, and governance alignment without relying on empirical cryptographic performance benchmarks, confirming that PQC transition can be operationalized as a verifiable lifecycle process bridging policy guidance with enforceable technical actions. Rather than introducing new cryptographic primitives, this work formalizes PQC transition as an operational systems-engineering problem centered on governance-enforced execution and lifecycle verifiability.en_US
dc.description.versionPublisher's Versionen_US
dc.identifier.citationBirgin, B. & Çeliktaş, B. (2026). From policy to practice: a sector-agnostic operational framework for post-quantum cryptography transition. IEEE Access, 34, 33534-33551. doi:https://doi.org/10.1109/ACCESS.2026.3669437en_US
dc.identifier.doi10.1109/ACCESS.2026.3669437
dc.identifier.endpage33551
dc.identifier.issn2169-3536
dc.identifier.scopus2-s2.0-105032153600
dc.identifier.scopusqualityQ1
dc.identifier.startpage33534
dc.identifier.urihttps://hdl.handle.net/11729/7185
dc.identifier.urihttps://doi.org/10.1109/ACCESS.2026.3669437
dc.identifier.volume14
dc.identifier.wosWOS:001708162800019
dc.identifier.wosqualityQ2
dc.indekslendigikaynakScopusen_US
dc.indekslendigikaynakWeb of Scienceen_US
dc.indekslendigikaynakScience Citation Index Expanded (SCI-EXPANDED)en_US
dc.institutionauthorBirgin, Beraten_US
dc.institutionauthorÇeliktaş, Barışen_US
dc.institutionauthorid0009-0008-5058-1081
dc.institutionauthorid0000-0003-2865-6370
dc.language.isoenen_US
dc.peerreviewedYesen_US
dc.publicationstatusPublisheden_US
dc.publisherInstitute of Electrical and Electronics Engineers Inc.en_US
dc.relation.ispartofIEEE Accessen_US
dc.relation.publicationcategoryMakale - Uluslararası Hakemli Dergi - Öğrencien_US
dc.relation.publicationcategoryMakale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanıen_US
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.subjectAnalytic hierarchy process (AHP)en_US
dc.subjectCryptographic transition frameworken_US
dc.subjectGovernance feedback loopen_US
dc.subjectPost-quantum cryptography (PQC)en_US
dc.subjectQuantum risk scoring (QRS)en_US
dc.subjectScenario-based validationen_US
dc.subjectAnalytic hierarchy processen_US
dc.subjectBenchmarkingen_US
dc.subjectLife cycleen_US
dc.subjectPublic key cryptographyen_US
dc.subjectPublic policyen_US
dc.subjectQuantum computersen_US
dc.subjectQuantum cryptographyen_US
dc.subjectQuantum theoryen_US
dc.subjectAnalytic hierarchyen_US
dc.subjectCryptoGraphicsen_US
dc.subjectFeedback loopsen_US
dc.subjectHierarchy processen_US
dc.subjectPost quantum cryptographyen_US
dc.subjectPost-quantum cryptographyen_US
dc.subjectQuantum risk scoringen_US
dc.subjectRisk scoringen_US
dc.subjectScenario-baseden_US
dc.subjectHierarchical systemsen_US
dc.titleFrom policy to practice: a sector-agnostic operational framework for post-quantum cryptography transitionen_US
dc.typeArticleen_US
dspace.entity.typePublicationen_US

Dosyalar

Orijinal paket
Listeleniyor 1 - 1 / 1
Küçük Resim
İsim:
From_policy_to_practice_a_sector_agnostic_operational_framework_for_post_quantum_cryptography_transition.pdf
Boyut:
2.43 MB
Biçim:
Adobe Portable Document Format
İndir
Lisans paketi
Listeleniyor 1 - 1 / 1
Küçük Resim Yok
İsim:
license.txt
Boyut:
1.17 KB
Biçim:
Item-specific license agreed upon to submission
Açıklama:
İndir

Koleksiyon

Öğrenci Yayınları Makale Koleksiyonu
Lisansüstü Eğitim Enstitüsü Diğer Yayınlar Koleksiyonu
Makale Koleksiyonu | Bilgisayar Mühendisliği Bölümü
Scopus İndeksli Yayınlar Koleksiyonu
WoS İndeksli Yayınlar Koleksiyonu