With the rise of quantum computing, safeguarding cryptographic systems against quantum threats is a shared challenge for the industry. AWS has outlined a structured approach to adopting post-quantum cryptography (PQC), offering insights into how organizations can plan their transition effectively.

Four Key Areas of PQC Implementation:

1️⃣ Cryptographic Inventory and Standards: AWS has prioritized reviewing its cryptographic systems, focusing first on encryption of data in-transit since public key cryptography is more vulnerable to quantum threats. Encryption of data at-rest based on symmetric cryptography is less vulnerable.

2️⃣ Securing Data in Transit: Hybrid post-quantum key agreements, combining classical ECDH with post-quantum ML-KEM, are being integrated to protect communications protocols like HTTPS.

3️⃣ Long-Term Digital Signatures: Addressing the need for long-lived roots of trust, AWS plans to offer post-quantum digital signatures such as ML-DSA through its cryptographic services. This is especially important for systems that cannot be easily updated, like IoT devices or firmware.

4️⃣ Session-Based Authentication: Transitioning to PQC in certificates and digital signatures used for session-based authentication such as TLS and SSH will take time as the industry is still developing and standardizing solutions. Progress here relies heavily on interoperability and collaboration across multiple stakeholders.

🔎 Preparing for PQC Migration

Organizations should begin laying the groundwork for PQC by:
•⁠ ⁠Upgrading to TLS 1.3 which supports future PQC adoption while providing immediate security benefits.
•⁠ ⁠Improving Software Agility to ensure that the systems can quickly adapt to new cryptographic standards.
•⁠ ⁠Conducting Cryptographic Inventories to assess where and how public key cryptography is used in order to accurately identify priority areas for PQC transition.

🤝 Collaboration is Key
AWS is working with various industry groups, such as the CA/Browser Forum, NCCoE, and open-source projects, to ensure interoperability and readiness for PQC across protocols and systems. These efforts are part of a larger industry shift toward creating quantum-resistant infrastructure.

More details can be found here: https://lnkd.in/e8-tTYsF

As the journey toward post-quantum cryptography unfolds, organizations must stay informed and be proactive in adapting their cryptographic systems for the future.

Reach out to us at contact@pqstation.com to begin your transition towards Post-Quantum Cryptography today!