AWS post-quantum cryptography migration plan

Amazon Web Services (AWS) is initiating a migration to post-quantum cryptography (PQC) to enhance data security against potential threats posed by quantum computing. This transition will occur in phases, starting with systems that communicate over untrusted networks. AWS has been actively involved in the development of new public-key cryptographic algorithms resistant to quantum attacks, collaborating with industry leaders and government agencies. The National Institute of Standards and Technology (NIST) recently standardized three PQC algorithms, which AWS plans to implement for long-term support. The migration strategy includes four workstreams: assessing existing systems, integrating PQC algorithms into public AWS endpoints, enabling PQC signing algorithms for long-term digital signatures, and adapting these algorithms for session-based authentication. AWS emphasizes the importance of encryption in transit, particularly for public key cryptography, while maintaining that existing symmetric encryption methods remain secure. Customers are encouraged to prepare for this transition by ensuring their software can be updated and adopting TLS 1.3, which supports PQC. AWS has already begun deploying PQC through its open-source cryptographic library and plans to align its services with evolving industry standards.

- AWS is migrating to post-quantum cryptography to enhance data security.

- The transition will occur in phases, starting with untrusted network communications.

- Three PQC algorithms have been standardized by NIST and will be implemented by AWS.

- Customers are advised to adopt TLS 1.3 and ensure their software can be updated.

- AWS is already deploying PQC in its open-source cryptographic library.