As of this writing, there are a few early adopters who have already implemented and rolled out Kyber-enhanced hybrid PQC, such as Signal with its post-quantum extended Diffie-Hellman (PQXDH) , Apple with PQ3 for iMessage, Google with respective cipher suites for Chrome, and Cloudflare to support these cipher suites on the server side. There are less implementations and deployments of PQ-resistant digital signatures though. This is because the respective signature schemes have some disadvantages that make it a truly challenging task to use and deploy them in the field (this is why the NIST has called for additional proposals for its PQC standardization process). Generally speaking, the trend to enhance cryptographic protocols, services, and products with PQC is going on, and it will certainly become a must criterion to support PQC anytime soon (simply to be sure to mitigate so-called “harvest now, decrypt later” attacks). Some companies have already published PQC-related threat models and respective strategies, such as Google, and many other companies will follow. Anyway, implementing a hybrid approach and cryptographic agility are keys to a successful deployment of PQC.
Is Post-Quantum Cryptography (PQC) used in the field?
This entry was posted in Uncategorized. Bookmark the permalink.