Practical writing on post-quantum cryptography

2026-06-01 · 9 min read

Is AES Quantum-Safe? What Grover's Algorithm Actually Does to Symmetric Encryption

Yes — AES-256 remains quantum-safe. Grover's algorithm only delivers a quadratic speedup against symmetric ciphers, leaving AES-256 with roughly 128 bits of post-quantum security. The dangerous misconception is concluding "we use AES-256, so we're fine." The quantum threat lands on asymmetric cryptography: RSA, ECDH key exchange, and ECDSA/RSA signatures fall to Shor's algorithm. The fix is post-quantum key exchange (hybrid ML-KEM) and post-quantum signatures (ML-DSA / SLH-DSA), not replacing your bulk encryption. This post walks through the math, the "harvest now, decrypt later" risk, and the concrete migration path — and how QNSP, the flagship PQC platform from CUI Labs, implements it with verifiable conformance evidence.

Read post →

2026-06-01 · 9 min read

ML-DSA Explained: Post-Quantum Digital Signatures (and How They Differ from ML-KEM)

ML-DSA is NIST's primary post-quantum digital signature standard (FIPS 204), finalized in August 2024. Where ML-KEM protects a key exchange, ML-DSA protects authenticity and integrity — proving who signed something and that it hasn't changed. This post explains the difference, walks through the ML-DSA-44/65/87 parameter sets, shows where signatures break under a quantum adversary (code-signing, JWTs, certificates, audit chains), covers SLH-DSA and Falcon as alternatives, and describes how QNSP — the flagship post-quantum cryptography platform from CUI Labs — uses ML-DSA for KMS signing and a PQC-signed audit trail.

Read post →

2026-06-01 · 9 min read

What Is Crypto-Agility — and Why You Need a CBOM Before You Migrate

Crypto-agility is the ability to change cryptographic algorithms without rewriting the systems that depend on them. It matters because algorithms get deprecated (SHA-1, RSA-1024) and the post-quantum algorithms now being standardized are themselves young. This post defines crypto-agility, explains why a Cryptographic Bill of Materials (CBOM) is the prerequisite for any migration, walks the discover to inventory to govern to migrate flow, and shows how QNSP — the flagship post-quantum cryptography platform from CUI Labs — enforces crypto-policy tiers and ships CBOM in CycloneDX 1.5 format.

Read post →

2026-06-01 · 9 min read

How to Choose a Post-Quantum Cryptography Platform in 2026

Choosing a post-quantum cryptography platform in 2026 is less about picking a winner and more about matching a layer of the stack to your problem. This guide lays out eight decision criteria — FIPS standards coverage, algorithm breadth, verifiable conformance evidence, crypto-agility and policy, HSM/BYOH, deployment topology, audit/compliance, and SDK coverage — and explains the real distinction between IP/library vendors, crypto-agility orchestration overlays, full managed platforms, and cloud KMS, so you buy the layer you actually need.

Read post →

2026-06-01 · 10 min read

SLH-DSA Explained: Hash-Based Signatures (SPHINCS+) for Your Most Long-Lived Roots of Trust

SLH-DSA is NIST's hash-based post-quantum signature standard (FIPS 205, formerly SPHINCS+), finalized in August 2024 alongside ML-KEM and ML-DSA. Where ML-DSA leans on lattice problems, SLH-DSA's security rests only on the hardness of the underlying hash function — the most conservative assumption available — which is why it is the natural hedge for roots of trust you cannot afford to re-key. This post explains what stateless hash-based signing is (FORS + WOTS+ over a Merkle hypertree), why "stateless" matters versus LMS/XMSS, the 12 parameter sets and their characteristically large signatures (roughly 8 KB to 50 KB), the speed and size trade-offs versus ML-DSA, exactly when to choose SLH-DSA — code-signing roots, firmware-update keys, CA hierarchies, decades-long archival audit signatures — and how QNSP, the flagship post-quantum cryptography platform from CUI Labs, supports SLH-DSA across every crypto-policy tier with dual-provider cross-verification and public NIST ACVP conformance evidence.

Read post →

2026-06-01 · 9 min read

When Will a Quantum Computer Break Encryption? An Honest CRQC Timeline

An honest CRQC timeline: what a quantum computer actually breaks, why no one can name a date, and why secrecy lifetime — not a CRQC ETA — is the number that decides when you migrate.

Read post →

2026-06-01 · 9 min read

Hybrid Post-Quantum Cryptography: Why X25519 + ML-KEM-768 (and Not Pure PQC Yet)

Hybrid key exchange combines a classical algorithm (X25519) with a post-quantum one (ML-KEM-768) so the shared secret stays confidential as long as at least one of the two holds. It defends against both a future cryptographically relevant quantum computer AND undiscovered weaknesses in young PQC implementations — and is provably no worse than classical crypto alone. This post explains the construction, why it is the correct default during the transition, where it is deployed in TLS, and how QNSP — the flagship PQC platform from CUI Labs — runs hybrid at its edge gateway alongside dual-provider cross-verification.

Read post →

2026-06-01 · 9 min read

CNSA 2.0 Explained: The Federal 2030–2033 Quantum-Migration Deadline

CNSA 2.0 is the NSA's Commercial National Security Algorithm Suite for protecting US national security systems against the quantum threat. It is not a single cutover date but a staged migration with category-dependent deadlines running through roughly 2030–2033. This guide explains what the suite mandates — ML-KEM and ML-DSA for asymmetric crypto, AES-256 and SHA-384 for symmetric and hashing — who it binds (NSS owners plus their vendors and contractors), and the practical compliance posture: a verifiable cryptographic inventory, a government-grade policy that allows only FIPS-finalized algorithms, and reproducible conformance evidence. It closes by mapping these requirements to QNSP, the flagship PQC platform from CUI Labs.

Read post →

2026-06-01 · 9 min read

Migrating from AWS KMS to a Post-Quantum Platform: A Practical Guide

AWS KMS is a strong managed key service that now ships hybrid ML-KEM in the TLS handshake — but it does not yet expose PQC key operations in the data plane. This guide covers, fairly, when AWS KMS is enough and when a dedicated post-quantum platform earns its place: algorithm breadth, per-tenant crypto-policy governance, CBOM crypto inventory, multi-cloud and on-prem portability, and verifiable NIST ACVP conformance. It then lays out a practical, low-risk migration path — inventory with CBOM, run dual-stack with PQC wrapping the AWS-side key in place, then cut over — with no need to move your KMS-protected keys until you're ready.

Read post →

2026-05-14 · 7 min read

Five PQC Vendor Red Flags You Can Catch in 10 Minutes

PQC vendor selection is on a 2027 clock. Most vendors selling 'quantum-ready' platforms can't pass a 10-minute scrutiny test. Here are the five red flags you can catch before due diligence even starts.

Read post →

2026-05-14 · 6 min read

Why 'Harvest Now, Decrypt Later' is Already on a 2027 Clock

CNSA 2.0 mandates PQC for US National Security Systems starting January 2027. But the real clock started years ago — every byte of encrypted traffic captured today by a state-level adversary is a candidate for future quantum decryption.

Read post →

2026-05-14 · 8 min read

Mapping MAS TRM to Post-Quantum Cryptography: The Singapore-Specific PQC Compliance Story

MAS TRM is the Singapore-specific compliance framework that most US-HQ PQC vendors ignore on their Trust Centers. Here's the 10-control mapping — what each section requires, and how a PQC platform actually maps onto it.

Read post →

2026-05-14 · 8 min read

What ML-KEM Actually Does: A Plain-English Walkthrough of FIPS 203

Most PQC content assumes you already know the difference between a KEM and a cipher. This post starts at the beginning. ML-KEM is QNSP's default KEM in every tier, and understanding it is the first step in understanding what 'post-quantum' actually means.

Read post →

2026-05-14 · 6 min read

Live Compliance Evaluation vs. Snapshot Reports: Why Continuous Beats Annual

A SOC 2 report tells you a vendor's controls were effective last quarter. Live compliance evaluation tells you they're effective right now. Here's why the difference matters — and how QNSP's compliance engine works.

Read post →