Inhaltsverzeichnis
3.6 PQC Migration
Steps for introducing quantum-safe cryptography.
Phase 1: Inventory (2025)
What needs to be done:
- Identify all cryptographic systems
- Document RSA/ECC usage
- Assess data lifespan
- Risk categorization
Tools:
- Certificate scanner
- Code analysis
- Network audit
Phase 2: Piloting (2026)
First implementations:
- Hybrid mode (classical + PQ)
- Non-critical systems first
- Performance tests
- Compatibility testing
Phase 3: Rollout (2027-2030)
Production transition:
- Prioritize high-risk systems
- Gradual migration
- Fallback strategies
- Employee training
Hybrid Approach
During the transition period:
Encryption: X25519 + ML-KEM-768 Signature: ECDSA + ML-DSA-65
Advantage: Security even if one algorithm is broken.
Budget Planning
| Item | Estimated Effort |
|---|---|
| Inventory | 5-10 person-days |
| Pilot implementation | 20-40 person-days |
| Production migration | Depends on system count |
| Training | 1-2 days per team |
Zuletzt geändert: on 2026/01/29 at 11:28 PM
