Overview
Post-Quantum Cryptography (PQC) encompasses cryptographic algorithms designed to resist attacks from both classical and quantum computers. Current public-key cryptography (RSA, ECDSA, Diffie-Hellman) relies on mathematical problems that quantum computers using Shor's algorithm can solve efficiently—making today's encryption potentially obsolete when sufficiently powerful quantum computers emerge. The threat is immediate: "harvest now, decrypt later" attacks mean adversaries are collecting encrypted data today to decrypt when quantum capability arrives. NIST has finalized the first PQC standards (ML-KEM, ML-DSA, SLH-DSA), providing a concrete migration path. For identity security, PQC affects authentication protocols, digital signatures, federation, certificates, and key exchange. Good looks like crypto-agility enabling rapid algorithm updates, hybrid deployments combining classical and PQC algorithms, and systematic migration before quantum threats materialize.
Architecture & Reference Patterns
Pattern 1: Hybrid Cryptography
Deploy hybrid schemes combining classical and PQC algorithms during transition:
Key Exchange: Classical ECDH + ML-KEM (Kyber)
↓
Combined shared secret
↓
If either algorithm secure, connection secure
Signatures: Classical ECDSA + ML-DSA (Dilithium)
↓
Both signatures required
↓
Protects against classical and quantum attacks
Benefits:
- Security maintained if either algorithm is secure
- Allows gradual migration with fallback
- Recommended by NIST and BSI during transition period
Pattern 2: Crypto-Agility Architecture
Design systems to swap cryptographic algorithms without major refactoring:
- Abstract cryptographic operations behind clean interfaces
- Maintain algorithm catalogs with deprecation schedules
- Separate key management from algorithm implementation
- Enable runtime algorithm selection where appropriate
Pattern 3: Prioritized PQC Migration
Migrate based on data sensitivity and longevity:
- Immediate: Long-term secrets, PKI infrastructure, key exchange
- Near-term: Authentication tokens, session keys, federation
- Later: Short-lived data, transient communications
Key Decisions
| Decision | Options | Recommendation | Notes / Gotchas |
|---|---|---|---|
| Key encapsulation algorithm | ML-KEM (Kyber), Classic McEliece | ML-KEM-768 or ML-KEM-1024 | NIST standardized; good performance/security balance |
| Signature algorithm | ML-DSA (Dilithium), SLH-DSA (SPHINCS+), FN-DSA (Falcon) | ML-DSA for general use | SLH-DSA for conservative security; Falcon for compact signatures |
| Migration strategy | Big bang, Hybrid transition, Phased by system | Hybrid transition | Hybrid protects during transition; phased reduces risk |
| Timeline | Start now, Wait for standards maturity, Assess only | Start now with assessment and pilots | BSI recommends PQC for sensitive systems by 2030 |
| PKI approach | Dual certificates, Composite certificates, PQC-only | Hybrid/composite certificates | Maintains compatibility while adding PQC protection |
| HSM/KMS readiness | Require PQC support, Software fallback, Wait | Require PQC support for new procurement | HSM support critical for production deployment |
Implementation Approach
Phase 0: Discovery
Inputs: Cryptographic inventory, data classification, system dependencies, compliance requirements Outputs: Cryptographic touchpoint map, risk assessment by data sensitivity, vendor readiness assessment, migration priority list
Phase 1: Design
Inputs: Inventory, risk assessment, selected algorithms, vendor capabilities Outputs: PQC migration architecture, hybrid deployment design, crypto-agility requirements, timeline by system, testing strategy
Phase 2: Build & Integrate
Inputs: Architecture design, algorithm implementations, vendor solutions Outputs: PQC libraries integrated, hybrid configurations deployed (test), HSM/KMS upgraded, monitoring configured, testing completed
Phase 3: Rollout
Inputs: Tested configurations, rollout plan, fallback procedures Outputs: Phased production deployment (by priority), performance validation, compatibility verification, operational procedures updated
Phase 4: Operate
Inputs: Production PQC deployment, operational procedures Outputs: Ongoing monitoring, algorithm updates as standards evolve, crypto-agility validation, periodic risk reassessment
Deliverables
- Cryptographic inventory and risk assessment
- PQC migration strategy and roadmap
- Crypto-agility architecture requirements
- Hybrid deployment design specifications
- Testing and validation procedures
- Operational runbooks for PQC systems
- Vendor assessment for PQC readiness
- Training materials for development and operations
Risks & Failure Modes
| Risk | Likelihood | Impact | Early Signals | Mitigation |
|---|---|---|---|---|
| Premature quantum capability (sooner than expected) | L | H | Breakthrough announcements, accelerated timelines | Start migration now, prioritize sensitive data |
| Algorithm vulnerability discovered post-deployment | M | M | Cryptanalysis publications, NIST updates | Crypto-agility, hybrid deployment, monitoring |
| Performance degradation from PQC overhead | M | M | Latency increases, resource consumption | Performance testing, optimization, hardware acceleration |
| Interoperability issues with partners/vendors | H | M | Failed connections, protocol mismatches | Standards compliance, compatibility testing, hybrid fallback |
| Implementation vulnerabilities | M | H | Side-channel attacks, implementation bugs | Vetted libraries, security testing, vendor security |
KPIs / Outcomes
- Cryptographic inventory completeness (target: 100% of identity systems)
- PQC migration progress (percentage of systems migrated)
- Hybrid deployment coverage (percentage of connections with PQC protection)
- Performance impact (latency change from PQC)
- Crypto-agility readiness (ability to swap algorithms)
- Vendor PQC support status (track ecosystem readiness)