Migration Planning

This page is for organisations that identify as urgent adopters, or regular adop- ters who would like to act proactively.

Checklist before migration planning

  • You went through diagnosis (previous page)
  • You have information about your current security architecture of your organisation

When to migrate? (With migration scenarios)

In a few years, certified post-quantum cryptographic standards and libraries will be released. Migration policy will depend on whether the organisation can afford to wait. Others may start migrating today.

Different migration scenarios

Take a look at these three variables:

  • Namely the time X the asset must remain secure
  • The migration time Y
  • The time Z left until a quantum computer will be able to break public-key cryptography

X + Y < Z, called Mosca’s inequality. The closer X + Y is to Z, the more urgent the migration is.

Note: that all of these variables are merely estimates and may not fully represent reality. They are meant as a test to understand whether it is time to migrate.

To understand when to migrate - there are four options your organisation can choose for when to migrate.

  1. NIST Standards Announced
    (PRESENT, Extremely Urgent Migration)

  2. NIST Standards Published
    (2024, Urgent Migration)

  3. Production-level PQC Libraries Available
    (≥2024, Semi-Urgent Migration)

  4. Industry-certified PQC Libraries Available
    (≥2024, Less Urgent Migration)

Hence, the total migration time X + Y when migrating from Scenario i can be rephrased as X + Wi + Yi, whereby • X is the estimated time the data must remain secret; • Wi is the estimated waiting time until the milestone associated with Scenario i; • Yi is the estimated time it takes to perform the migration in Scenario i.

For some organisations it will be vital to migrate from Scenario 1, 2 or 3, which will mean migrating to PQC standards without certified libraries being available. It should be mentioned that this brings an extra disadvantage because using uncertified libraries can lead to certification issues and using non-production-level code can lead to a slew of security problems. It is important to note, however, that the current most-used standard for cryptography, FIPS 140-2, already allows for hybrid schemes.

NOTE: Any organisations claiming to be using hybrid encryption, make sure it is classical AND post-quantum algorithms at the same time for encryption!

Planning of the migration

This section will answer the following:

  • which cryptographic assets need replacement
  • what to replace them with
  • in which order you should replace them

This involves prioritising, identifying dependencies and anticipating some consequences of the migration, such as the necessity to temporarily isolate some data assets.