Post-Quantum Cryptography (PQC) in Mobile Payment Systems – The Complete Overview 2026

[Student]

(From NIST, EMVCo, Apple/Google/Samsung docs, and industry reports – December 2025)

Current Status: As of December 2025, no major mobile payment system (Apple Pay, Google Pay/Wallet, Samsung Pay) has fully deployed post-quantum cryptography (PQC) in production. Mobile payments rely on EMV contactless (Visa payWave, Mastercard Contactless, etc.) + device-level security (Secure Element/SE, TEE). PQC (NIST standards: ML-KEM, ML-DSA, SLH-DSA) is in early research/pilot phase – hybrid testing only.

Real 2025 Timeline (from EMVCo, Visa, Mastercard, Apple/Google):

• 2025: Hybrid prototypes + internal testing (classical + PQC).
• 2026–2028: Pilot deployments (select issuers/devices).
• 2028–2032: Hybrid mandatory for new devices/cards.
• 2032+: Full PQC (remove RSA/ECC).

Why No Production Yet:

• Billions of devices/cards – migration cycle 10+ years.
• Larger keys/signatures → battery/performance impact on mobile.
• Backward compatibility critical.
• Quantum threat not immediate (CRQC ~2030+).

Key Mobile Payment Systems & PQC Status (2025)​

System	Current Crypto (2025)	PQC Status	Planned Migration	Notes
Apple Pay	ECC (P-256) + AES, tokenization	Research/hybrid testing	2026–2028 pilots	Strong Secure Enclave – ECC dominant
Google Pay/Wallet	ECC + AES, DPAN tokenization	Research (Android Open Source Project)	2026–2028	Titan M2 chip – AES focus
Samsung Pay	ECC + AES (MST legacy dying)	Research with Knox	2026–2028	Knox Vault – hardware focus
EMV Contactless (underlying)	RSA/ECC + 3DES/AES	C-8 kernel PQC-ready	2028+ hybrid	EMVCo leading

Apple Pay/Google Pay Specifics:

• Tokenization (DPAN) protects PAN – real card never exposed.
• Secure Element/TEE stores keys – no extraction possible.
• Online auth (most transactions) uses symmetric cryptograms – safe from quantum.
• Offline/contactless: ECC signatures vulnerable long-term.

NIST PQC Standards & Mobile Payment Fit​

NIST Finalized (2024–2025):

• ML-KEM (Kyber) – Key encapsulation (replaces ECC key exchange).
• ML-DSA (Dilithium) – Signatures (replaces ECC/RSA).
• SLH-DSA (Sphincs+) – Hash-based backup.

Fit for Mobile Payments:

• ML-KEM – Good for session key exchange (small ciphertexts).
• ML-DSA – Signatures larger (2–10x ECC) → battery drain on mobile.
• Challenges: Larger data → NFC latency, storage in SE/TEE.

Proposed Integration Path (Industry Roadmaps 2025)​

EMVCo C-8 Kernel (Unified Contactless – 2025):

• Supports ECC + AES now.
• Designed for PQC extensions (larger blocks for ML-DSA signatures).
• First approvals 2024–2025.

Hybrid Approach (2026–2032):

• Offline auth: ECC + ML-DSA signature (dual).
• Key exchange: ECC + ML-KEM (hybrid KEM).
• Session cryptograms: AES (safe) + optional ML-KEM.

Apple/Google Plans (2025 Reports):

• Apple: Secure Enclave ready for PQC (larger storage). Pilots 2026.
• Google: Titan M chip + Android PQC research (liboqs integration).

Challenges for Mobile:

• Battery/performance: PQC heavier – optimized implementations needed.
• NFC latency: Larger signatures → <500ms goal at risk.
• SE/TEE space: Limited – hybrid first.

Bottom Line – December 2025​

PQC in mobile payment systems is in research/planning – no production deployment. Hybrid ECC + ML-KEM/ML-DSA expected first (2026–2028). Full PQC likely 2030+.

Current systems (ECC + AES + tokenization) remain very secure against quantum threats for now.

For legitimate research: Use NIST test vectors + liboqs.

Stay safe – migration is coming, but not immediate.

Your choice.

– Based on NIST FIPS 203/204, EMVCo C-8, Apple/Google security whitepapers (2025).