====== 3.6 PQC Migration ======

Steps for introducing quantum-safe cryptography.

===== Phase 1: Inventory (2025) =====

**What needs to be done:**
  * Identify all cryptographic systems
  * Document RSA/ECC usage
  * Assess data lifespan
  * Risk categorization

**Tools:**
  * Certificate scanner
  * Code analysis
  * Network audit

===== Phase 2: Piloting (2026) =====

**First implementations:**
  * Hybrid mode (classical + PQ)
  * Non-critical systems first
  * Performance tests
  * Compatibility testing

===== Phase 3: Rollout (2027-2030) =====

**Production transition:**
  * Prioritize high-risk systems
  * Gradual migration
  * Fallback strategies
  * Employee training

===== Hybrid Approach =====

During the transition period:

<code>
Encryption: X25519 + ML-KEM-768
Signature: ECDSA + ML-DSA-65
</code>

Advantage: Security even if one algorithm is broken.

===== Budget Planning =====

^ Item ^ Estimated Effort ^
| Inventory | 5-10 person-days |
| Pilot implementation | 20-40 person-days |
| Production migration | Depends on system count |
| Training | 1-2 days per team |