All news with #post quantum cryptography tag

🧠 The convergence of AI and quantum computing is poised to redefine computing, cybersecurity and geopolitical power. Quantum machine learning can accelerate model training and enable real-time simulation by exploiting qubits' parallelism, while quantum key distribution promises communication that is far more resistant to interception. At the same time, this synergy raises risks: quantum-capable adversaries could undermine current cryptography and enable advanced cyberattacks.

🌐 Check Point's 2026 analysis warns that an unprecedented convergence of AI, quantum computing, and an immersive Web 4.0 will reshape digital risk. Autonomous systems and hyper-automation will blur boundaries between cloud, networks, and physical infrastructure, expanding attack surfaces and changing the nature of digital trust. The report calls for updated cryptography, enhanced detection, and cross-industry resilience planning.

🔐 AWS Payments Cryptography now supports hybrid post-quantum TLS to protect API calls and long-lived data-in-transit using ML-KEM-based PQC. This helps enterprises mitigate “harvest now, decrypt later” risks by combining classical and post-quantum key establishment. Customers enable PQ-TLS by upgrading to a compatible AWS SDK or browser and can verify sessions via tlsDetails in CloudTrail. The capability is generally available across Regions at no added cost.

🔐 AWS Application Load Balancers (ALB) and Network Load Balancers (NLB) now offer an opt-in post-quantum TLS (PQ-TLS) key exchange option. The new PQ-TLS security policies use hybrid key agreement that combines classical algorithms with post-quantum KEMs including the standardized ML-KEM, protecting against 'harvest now, decrypt later' attacks. Available at no extra cost across AWS Commercial, GovCloud (US), and China Regions, the feature requires explicit listener updates and supports monitoring via ALB connection logs and NLB access logs.

🔐 Amazon S3 now supports post-quantum TLS key exchange on regional S3, S3 Tables, and S3 Express One Zone endpoints using the NIST-standardized Module Lattice-Based Key Encapsulation Mechanism (ML-KEM). PQ-TLS key exchange is available at no additional cost across all AWS regions and will be negotiated automatically when clients are configured for ML-KEM. Combined with server-side AES-256 encryption by default, S3 offers quantum-resistant protection for data both in transit and at rest.

🔐 AWS announced support for post-quantum ML-DSA code signing in AWS Private CA, integrated with AWS KMS. The integration lets customers create ML-DSA X.509 certificate chains and generate KMS-held ML-DSA key pairs to sign binaries, enabling quantum-resistant code-signing, device authentication, and private-PKI workflows such as mTLS or IKEv2/IPsec. A provided Java Runner demonstrates CA creation, CSR issuance, CMS detached signing with SHAKE256, and signature verification against customer-managed roots.

🔐 AWS Private CA now supports the post-quantum digital signature algorithm ML-DSA (NIST FIPS 204), enabling organizations to create CAs and issue certificates designed to resist quantum attacks. The feature lets you test certificate issuance, identity verification, and code signing using ML-DSA, and supports CRLs and OCSP responders. Availability spans all commercial AWS Regions, AWS GovCloud (US), and China Regions to help teams begin transitioning PKI toward post-quantum cryptography.

🔐 AWS Key Management Service (KMS) now supports the Edwards-curve Digital Signature Algorithm (EdDSA) using the Ed25519 curve. You can create asymmetric KMS keys or data key pairs to sign and verify EdDSA signatures, benefiting from 128-bit security equivalent to NIST P-256, faster signing, and compact 64‑byte signatures and 32‑byte public keys. This capability is available in all AWS Regions, including GovCloud and China.

🔒 Google Cloud has been migrating its infrastructure toward post-quantum cryptography for nearly a decade to mitigate Store Now, Decrypt Later (SNDL) risks. The company has deployed the standards-based ML-KEM (FIPS 203) for key exchange across internal traffic and the Google Cloud networking stack, and introduced ML-KEM capabilities in Cloud KMS (preview) for key generation, encapsulation, and decapsulation. It also added native support for ML-DSA and SLH-DSA in Cloud KMS to protect long-lived digital signatures, and is phasing quantum-safe certificate support into Certificate Authority Service to enable future PQC-ready PKI. Administrators will receive tooling to opt in, audit cryptographic assets, and manage transitions to hybrid or pure PQC deployments as standards mature.

🔒 Lena Heimberger examines the challenge of building post-quantum Anonymous Credentials that are practical for large-scale use. The post summarizes real-world needs — from the EU digital identity wallet to Cloudflare’s Privacy Pass rate-limiting — and defines key requirements like unlinkability, unforgeability, round-optimality, and per-origin rate limits. It surveys PQ approaches (generic ZKP composition, lattice-based signatures, hash-and-sign with aborts, and MPC-in-the-head/VOLEitH), evaluates trade-offs in bandwidth and latency, and calls for standardized ZK-friendly hashes and PQ-native protocol designs.

🔐 Signal has rolled out a quantum-safe update that adds a third ratchet, branded SPQR, to its secure messaging protocol. Instead of replacing the existing Double Ratchet, Signal runs a parallel KEM-based ratchet and derives encryption keys by mixing outputs from both ratchets with a KDF. Developed with PQShield, AIST, and NYU, the design preserves familiar behaviors while adding post-quantum resilience for forward secrecy and post-compromise protection.

🔐 The article surveys major post‑quantum cryptography (PQC) initiatives from 2023–2025 that aim to prepare governments and industry for an eventual Q‑Day. It highlights NIST's standardization of ML‑KEM, ML‑DSA and SLH‑DSA (with HQC later selected) and vendor adoption by Google, AWS, Microsoft and others, including Chrome's default hybrid key exchange. Collaborative efforts such as the Linux Foundation's PQCA, the PQC Coalition and IETF's PQUIP are creating tooling, guidance and implementations, while agencies and standards bodies provide migration roadmaps and practical advice on crypto agility and hybrid strategies to mitigate "harvest now, decrypt later" risks.

🔒 Palo Alto Networks presents a unified, AI-driven approach to network security that consolidates browser, AI, and quantum defenses into the Strata Network Security Platform. New offerings include Prisma Browser, a SASE-native secure browser that blocks evasive attacks and brings LLM-augmented data classification to the endpoint, and Prisma AIRS 2.0, a full-lifecycle AI security platform. The company also outlines a pragmatic path to quantum-readiness and centralizes control with Strata Cloud Manager to simplify operations across hybrid environments.

🔒 Cloudflare reports that, as of late October 2025, the majority of human-initiated traffic through its network is protected with post‑quantum key agreement, reducing the risk of harvest‑now/decrypt‑later attacks. The post summarizes progress since the last update 21 months earlier: NIST standardization, broad adoption of ML‑KEM hybrids, Google's Willow milestone, and Craig Gidney's optimizations that materially moved Q‑day closer. It explains why migrating key agreement was urgent and relatively straightforward, why signature/certificate migration remains the harder challenge, and what organizations and regulators should prioritize now.

🔐 Cloudflare is collaborating with Chrome to experimentally deploy Merkle Tree Certificates (MTCs) to reduce the number of public keys and large post-quantum signatures transmitted during TLS handshakes. MTCs batch certificates into a Merkle tree with a single signed treehead and per-certificate inclusion proofs, dramatically shrinking handshake size and CPU work. The experiment will roll out to a subset of Cloudflare free customers while Chrome distributes validation landmarks and fallbacks to preserve existing trust.

🔒 Signal has moved to integrate post-quantum cryptography into its messaging stack to mitigate future quantum threats. Phase 1 uses PQXDH, a hybrid handshake combining X25519 with the KEM CRYSTALS-Kyber, to block harvest now, decrypt later attacks. Phase 2 adds SPQR, which runs alongside the Double Ratchet to form a hybrid Triple Ratchet, preserving forward secrecy and post-compromise security while handling larger key sizes, asynchrony, and message loss.

🔒 This post demonstrates deploying the AWS Secrets Manager Agent as a sidecar container in Amazon EKS to provide a language-agnostic local HTTP interface (localhost:2773) for secrets retrieval. The agent pulls and caches secret values, reducing direct API calls to Secrets Manager and improving application availability. It enforces SSRF protection via a generated token at /var/run/awssmatoken and implements ML‑KEM post‑quantum key exchange by default. Authentication uses Amazon EKS Pod Identity and IAM permissions (secretsmanager:GetSecretValue and secretsmanager:DescribeSecret), and the post includes build, containerization, and deployment steps.

🔐 Cybersecurity must evolve to meet rapid advances in agentic AI, quantum computing, low-code platforms and proliferating IoT endpoints. The author argues organizations should move from static defenses to adaptive, platform-based security that uses automation, continuous monitoring and AI-native protection to match attackers' speed. He urges early planning for post-quantum cryptography and closer collaboration with partners so security enables — rather than hinders — innovation.

🔐 Enterprises acknowledge that quantum computing threatens current public-key cryptography, yet progress toward post-quantum cryptography (PQC) is uneven and slow. A PwC report finds fewer than 10% prioritize PQC in budgets, only 3% have fully implemented leading measures, 29% are piloting, and 49% have not started. Financial services, government, telecom and cloud are moving faster, while manufacturing, healthcare and industrial sectors lag due to legacy systems, skills shortages, and standards uncertainty. Experts advise inventories, pilot programs, crypto agility, and investment before the 2030 deprecation deadline to avoid 'harvest now, decrypt later' risks.

🔐 The arrival of cryptographically relevant quantum computers will create a "silent boom" where adversaries can capture encrypted traffic today and decrypt it later, making intrusions neither observed nor observable. This undermines traditional incident response and shifts responsibility to engineering teams, not a vendor checkbox. Organizations must pursue quantum readiness by engaging developers to inventory algorithms and data, assess internet-facing assets for PQC support, and build testing capability for new ciphers within their release cycles.