In a recent article on its security blog, AWS detailed its plan for migrating to post-quantum cryptography (PQC). The article addresses the challenges posed by PQC, outlines AWS's current progress in the migration process, and explains the impact on customers within the traditional shared responsibility model.
According to the plan, AWS is adopting a multi-phase migration strategy to implement post-quantum cryptography, with an initial focus on securing data transmission and long-term digital signatures against potential quantum computing threats. Matthew Campagna, lead cryptographer at AWS, Melanie Goldsborough, worldwide senior security specialist at AWS, and Peter O'Donnell, principal solution architect at AWS, emphasize:
The threat of a large-scale quantum computer, sometimes referred to as a cryptographically relevant quantum computer, is its potential to break the public-key cryptographic algorithms in use today. These algorithms are used in most communication protocols and digital signature schemes.
Over the past five years, AWS has incorporated early versions of post-quantum cryptographic (PQC) algorithms into its open-source libraries and core security services. AWS now plans a multi-layered migration to PQC, focusing on system inventory and planning, integrating PQC algorithms for data confidentiality, deploying PQC signing to ensure long-term trust, and enabling post-quantum signatures for authentication. Campagna, Goldsborough, and O'Donnell outline these four workstreams and state:
While the security of symmetric encryption keys and algorithms isn’t impacted by a cryptographically relevant quantum computer, there are cases where public key algorithms are used to negotiate a shared symmetric key, thereby creating risk that the symmetric key could be compromised. The first use of public key cryptography in AWS that we will migrate to PQC is exactly this case—where we negotiate a shared symmetric key between our customers and the public endpoints of AWS services.
Last August, NIST finalized three PQC algorithms as Federal Information Processing Standards (FIPS) as part of its standardization process: the Module-Lattice-Based Key-Encapsulation Mechanism Standard (FIPS 203), the Module-Lattice-Based Digital Signature Standard (FIPS 204), and the Stateless Hash-Based Digital Signature Standard (FIPS 205). Duncan Jones, head of cybersecurity at Quantinuum, writes:
Amazon just set the high-bar for transparency and clarity on post-quantum migration plans (...) Vendors should be emulating this level of detail when explaining their own plans for migration. Purchasers should be asking hard questions to any vendor who can't.
Mihaela Curca, cybersecurity project manager at the Directoratul Național de Securitate Cibernetică, comments:
AWS’s post-quantum cryptography migration plan is a smart and forward-looking move that really shows they’re ahead of the game when it comes to cybersecurity (...) By focusing first on encryption in transit, they’re tackling the most immediate risks without causing unnecessary disruptions. Their hybrid solution, which combines classic and post-quantum algorithms, is a clever way to ease the transition while keeping everything secure.
AWS is not the only cloud provider working on a post-quantum cryptography migration plan. Cloudflare, another hyperscaler active in this space, shared some of its experiments as early as 2017 and an article about the "state of the post-quantum Internet" earlier this year. In the recent Cloudflare Radar 2024 Year in Review, the network provider notes:
In October 2022, we enabled post-quantum key agreement on our network by default, but use of it requires that the browser support it as well. Google's Chrome 124 enabled it by default this year, starting on April 17, and adoption grew rapidly following that release, including Chrome derivatives.
AWS has previously shared how post-quantum hybrid SFTP file transfers using the AWS Transfer Family work and how to configure TLS for hybrid post-quantum cryptography with Kyber. Additional information about AWS's PQC migration and the project's future goals is available on the AWS Post-Quantum Cryptography page.
Earlier this month, InfoQ explored post-quantum cryptography in Java.