With NIST finalizing the first set of post-quantum standards, my CISO is pushing for a "Quantum Readiness" audit. I’m curious if anyone here has started migrating their TLS certificates to quantum-resistant algorithms? Are you seeing any performance hits on your VPNs or encrypted databases when using these larger key sizes? I’d love to know which libraries you're testing for PQC compatibility right now.
3 answers
We started our pilot phase for PQC last quarter. The biggest challenge isn't just the algorithms; it's the "crypto-agility." We had to rewrite parts of our legacy middleware that assumed a fixed size for public keys. When we switched to Kyber (ML-KEM) for our internal service mesh, we saw a 15% increase in handshake latency. It’s manageable for backend services, but we’re holding off on the client-facing mobile apps until the mobile SDKs are more mature. My advice is to start by auditing where your "Harvest Now, Decrypt Later" risks are highest.
Cynthia, that 15% latency jump is higher than I expected. Are you using any hardware acceleration, like specialized HSMs, to offload that extra computational burden?
We are focusing on our data at rest first. Upgrading the encryption on our long-term cold storage is our top priority since that data is what's most vulnerable to future quantum attacks.
That’s a smart move, Melissa. "Data at rest" is often overlooked in the PQC conversation, but it's exactly what attackers are collecting today to crack in ten years.
Mark, we are currently testing the latest Nitro Enclaves on AWS which have built-in support for some of these new primitives. It brings the latency down significantly, but it’s definitely an added cost. We’re also looking at hybrid certificates that use both RSA and Kyber during the transition period to ensure we don't break compatibility with older systems that aren't PQC-aware yet.