Preparing for Post-Quantum Cryptography | Wiz Blog

Keypoints

• Cryptographically Relevant Quantum Computers (CRQCs) do not yet exist to break current public-key cryptography, but the risk (Q-Day) and Harvest Now, Decrypt Later attacks motivate early preparation.
• NIST announced PQC standards on August 13, 2024: CRYSTALS-Kyber (ML-KEM), CRYSTALS-Dilithium (ML-DSA), Sphincs+ (SLH-DSA), with FALCON (FN-DSA) as a backup in progress.
• Governments set migration timelines (US federal migration by 2035 and TLS 1.3 support by 2030); other jurisdictions (UK, EU, Japan, Canada, Australia) have similar 2030–2035 targets or intermediate deadlines.
• Recommended migration approach: (1) inventory cryptographic use, (2) prioritize migrating TLS/SSH key exchange functionality (mitigates HNDL), and (3) migrate remaining uses and keys.
• PQC support is defined as using NIST standards (via negotiation or hybrid cryptography); hybrid deployments (PQC + classical) are common to retain safety while standards mature.
• Wiz provides a PQC security framework and ACDI/CBOM capabilities—detecting TLS termination, key management issues, secret scanning, host configuration auditing, and a free pqc-tester (wiz.io/pqc-tester).