Articles

PQC Migration: From Crypto Inventory to Signatures

March 15, 2026 5 min read

Post-quantum cryptography isn’t about replacing your current encryption; it’s about adding a new layer to protect against future threats that classical computers can’t break.

Let’s see this in action. Imagine you have a secure TLS connection. Traditionally, this relies on Diffie-Hellman or RSA for key exchange, which are vulnerable to Shor’s algorithm on a quantum computer. Post-quantum cryptography (PQC) introduces algorithms like CRYSTALS-Kyber or CRYSTALS-Dilithium that are designed to be resistant to quantum attacks.

Here’s a simplified flow of how a PQC-enabled handshake might look conceptually:

  1. Client Hello: Client sends supported cipher suites, including PQC options.
  2. Server Hello: Server chooses a PQC-capable cipher suite.
  3. Key Exchange: Instead of a classical Diffie-Hellman, a PQC key encapsulation mechanism (KEM) like Kyber is used.
    • The server generates a public key and a secret key for Kyber.
    • The server sends its Kyber public key to the client.
    • The client uses the server’s public key to generate a shared secret and a ciphertext.
    • The client sends the ciphertext back to the server.
    • The server uses its secret key to decrypt the ciphertext and recover the same shared secret.
  4. Authentication: Digital signatures using PQC algorithms like Dilithium might be used to authenticate the server (and potentially the client).
  5. Finished: Both sides confirm the handshake using the established shared secret.

The core problem PQC solves is the imminent threat of quantum computers breaking today’s widely used asymmetric encryption algorithms. While building a quantum computer capable of running Shor’s algorithm at scale is still a significant engineering challenge, the "harvest now, decrypt later" threat is real: adversaries can record encrypted traffic today and decrypt it once quantum computers are available. PQC aims to make that future decryption impossible by using mathematical problems that are believed to be hard even for quantum computers.

Internally, PQC algorithms leverage different mathematical structures than classical cryptography. For example, lattice-based cryptography (like Kyber and Dilithium) relies on the difficulty of solving problems in high-dimensional lattices, such as the shortest vector problem or the closest vector problem. These problems are not known to be efficiently solvable by quantum algorithms.

The levers you control in migrating to PQC are primarily in your application’s or infrastructure’s cryptographic configuration and library choices. You’ll need to:

  • Select Standardized Algorithms: Focus on algorithms that have been standardized by NIST (National Institute of Standards and Technology) or other reputable bodies. Currently, CRYSTALS-Kyber (for KEM) and CRYSTALS-Dilithium (for digital signatures) are leading candidates.
  • Update Cryptographic Libraries: Ensure your TLS libraries (like OpenSSL, BoringSSL, mbedTLS), SSH clients/servers, VPN software, and any custom crypto implementations are updated to support these new PQC algorithms. This often involves compiling with specific flags or installing newer versions.
  • Configure Protocols: For protocols like TLS, you’ll need to configure your web servers (e.g., Nginx, Apache) and clients to advertise and negotiate these new PQC cipher suites. This usually involves modifying configuration files. For instance, in OpenSSL, you might see new cipher strings like TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES256-GCM-SHA384:KYBER768-RSA-AES256-GCM-SHA384.
  • Manage Key Sizes: PQC algorithms often have larger key sizes and signatures compared to their classical counterparts. This can impact bandwidth, storage, and processing time. For example, a Kyber-768 public key is around 1 KB, and a Dilithium-3 key pair can be tens of kilobytes.

A subtle but critical aspect of PQC migration is understanding the "hybrid mode" approach. Many initial deployments will use a combination of classical and post-quantum algorithms simultaneously. For example, a TLS handshake might establish a shared secret using both ECDHE (for classical security) and Kyber (for PQC security). The final session key is then derived from both. This provides forward secrecy against classical attacks and quantum attacks, and it allows for a smoother transition, as you can rely on established classical algorithms while PQC support matures. It also helps mitigate risks associated with any potential undiscovered weaknesses in the new PQC algorithms, as the classical algorithm still provides protection.

The next challenge you’ll face is managing the performance implications and larger key sizes introduced by these new algorithms.

Want structured learning?

Take the full Cryptography course →