Skip to content
PQ.00Post-quantum cryptography

Crypto-agility now, quantum-safe by 2027.

NIST finalised the first PQC standards in 2024 (FIPS 203 ML-KEM, FIPS 204 ML-DSA, FIPS 205 SLH-DSA). FlyttGo runs a public crypto-agility programme migrating every public-key surface to hybrid classical + PQC ahead of the harvest-now-decrypt-later horizon.

PQ.PRCryptographic posture

Four anchors for the post-quantum migration.

  • PQ.PR.01

    NIST FIPS 203/204/205 alignment

    Targeting NIST-finalised primitives — ML-KEM (Kyber, FIPS 203) for key establishment, ML-DSA (Dilithium, FIPS 204) for signatures, SLH-DSA (SPHINCS+, FIPS 205) as a hash-based fallback signature. ETSI / ENISA profile guidance tracked alongside.

  • PQ.PR.02

    Hybrid classical + PQ first

    No primitive swap-and-pray. Every PQ-vulnerable surface migrates through a hybrid stage where the classical algorithm and the PQ algorithm are both in force. Withdrawal of the classical algorithm only after the PQ algorithm has matured in production.

  • PQ.PR.03

    Crypto-agility by construction

    Algorithm identifiers are first-class throughout the platform — TLS suite registry, JWS algorithm header, Sigstore signature manifest. Adding or retiring a primitive is a config change, not a redeploy. New NIST onramps are absorbed as they land.

  • PQ.PR.04

    Harvest-now-decrypt-later defence

    Long-confidentiality data (audit logs, identity records, regulated payments) gets PQ-resistant transport priority. The window for an adversary to capture-and-store traffic against a future cryptographically-relevant quantum computer closes first on the highest-stakes flows.

PQ.MXPer-surface migration matrix

Eight cryptographic surfaces, one migration plan.

Each row tracks where a primitive lives today, what it migrates to, and what stage it's at. Symmetric primitives (AES-256-GCM, SHA-2/3) are already PQ-resistant; only public-key surfaces need the migration.

CodeSurfaceCurrentTarget (PQ-hybrid)StatusTarget
PQ.M01TLS · transport securityTLS 1.3 · X25519 + secp256r1TLS 1.3 + X25519MLKEM768 (hybrid)In flightQ3 2026
PQ.M02mTLS · service-to-serviceTLS 1.3 + mutual authTLS 1.3 + ML-KEM hybrid + ML-DSA certsIn flightQ4 2026
PQ.M03Code-signing · Sigstore releasesECDSA P-256 + RSA-2048Hybrid ECDSA + ML-DSA (Dilithium)In flightQ3 2026
PQ.M04JWT / signed agent tokensEdDSA Ed25519Ed25519 + ML-DSA (hybrid JWS)PlannedQ4 2026
PQ.M05Webhook signaturesHMAC-SHA256HMAC-SHA256 + ML-DSA optional layerPlannedQ1 2027
PQ.M06Identra · qualified signaturesECDSA P-256 / RSA-2048Hybrid ECDSA + ML-DSA (eIDAS-aligned)PlannedQ2 2027
PQ.M07At-rest encryption (KMS keys)AES-256-GCM · KMS-managedAES-256-GCM (already PQ-resistant)Liven/a
PQ.M08BYOK · sovereign tenant keysKMIP / PKCS#11 RSA-2048KMIP / PKCS#11 with ML-KEM key wrapPlannedQ2 2027
PQ.RGRegulatory deadlines
  • PQ.RG.01

    NIST FIPS 203/204/205

    Final standards (2024) — ML-KEM, ML-DSA, SLH-DSA. Reference primitives for the migration.

  • PQ.RG.02

    NSA CNSA 2.0 · 2030 / 2035

    NSA Commercial National Security Algorithm Suite 2.0 — full transition by 2030 for software/firmware signing, by 2035 for everything else.

  • PQ.RG.03

    CNSSP 15 · classified networks

    Committee on National Security Systems Policy 15 — PQ migration mandate for US national-security workloads.

  • PQ.RG.04

    BSI · TR-02102 (Germany)

    German BSI cryptographic recommendations include PQC primitives; updated annually.

  • PQ.RG.05

    ENISA · PQ migration guidance

    EU-wide PQ migration recommendations; member-state regulators draw from this baseline.

  • PQ.RG.06

    ETSI PQC profiles (in flight)

    ETSI eIDAS-aligned PQC profile expected 2026; required for qualified-signature migration.

PQ.NXWhere the PQ migration plugs in

Cryptographic agility is one layer of the trust posture.

Post-quantum migration sits inside the broader security and trust framework. The four pathways below take a programme from this statement to a signed engagement under MNDA.