Post-quantum cryptography: time to prepare
Quantum computers capable of breaking RSA and ECC don’t exist yet, but the threat is real today. The “harvest now, decrypt later” strategy involves exfiltrating encrypted data now to decrypt it in a decade when quantum capabilities mature.
Finalized NIST standards
On August 14, 2024, NIST published the first post-quantum cryptography standards:
| Standard | ID | Purpose | Replaces |
|---|---|---|---|
| ML-KEM | FIPS 203 | Key encapsulation | RSA, ECDH |
| ML-DSA | FIPS 204 | Digital signature | RSA, ECDSA |
| SLH-DSA | FIPS 205 | Hash-based signature | ML-DSA alternative |
Key deadlines
| Date | Milestone |
|---|---|
| Aug 2024 | FIPS 203, 204, 205 published |
| Dec 2025 | CISA/NSA publish quantum-safe product categories |
| Jan 2027 | US NSS acquisitions must be CNSA 2.0 compliant |
| Jan 2030 | Mandatory TLS 1.3 adoption |
| 2033 | Full NSS compliance |
| 2035 | Broad PQC adoption target |
Why act now
Data exfiltrated today (trade secrets, medical records, diplomatic communications) can be decrypted in 10-15 years. If your data has a lifespan exceeding 10 years, it is already at risk. Migration challenges include larger key sizes, higher computational costs, and protocol compatibility issues that will take years to resolve.
5-step migration plan
- Cryptographic inventory: identify all systems using RSA, ECC, DH, or DSA. Map protocols (TLS, SSH, IPsec, S/MIME).
- Risk assessment: which data has a lifespan over 10 years? Which systems are exposed to exfiltration?
- Hybrid strategy: deploy hybrid solutions (classical + PQC) for progressive transition, starting with the most exposed systems.
- Testing: validate PQC algorithm performance in your environment and compatibility with partners.
- Progressive deployment: migrate by priority (most sensitive data first), plan certificate renewal with PQC algorithms.
Recommended reading
These are affiliate links. If you make a purchase through these links, we may earn a commission at no extra cost to you.
- (ISC)² CISSP Official Study Guide: covers the cryptography domain including the foundations needed to understand the PQC transition.
- Destination CISSP: A Concise Guide: concise coverage of encryption algorithms and key management relevant to PQC migration.
Sources
- NIST Post-Quantum Cryptography - NIST
- PQC Enterprise Migration Guide 2026 - Security Boulevard
- PQC Standards Guide - Palo Alto Networks
Advertisement