Whitepaper
Post-Quantum Cryptography at the Edge: A Practical Migration
A practical examination of NIST post-quantum standards, the harvest-now-decrypt-later threat, hybrid migration approaches, and the role of image-based platforms in enabling cryptographic agility.
Use This Brief
Reader context and operating assumptions for this document.
- Read time
- 22 min read
- Updated
- April 21, 2026
- Audience
- Security engineersPlatform architectsCompliance teams
- Related resources
- 3 linked documents
The Post-Quantum Threat to Edge Infrastructure
RSA, ECDSA, and ECDH are mathematically vulnerable to Shor's algorithm on a sufficiently large quantum computer. Edge devices with long deployment lifetimes are among the most urgent candidates for migration.
The combination of long field lifetimes, physical exposure, and high-consequence workloads means that edge infrastructure cannot wait for quantum computers to arrive before beginning the transition.
NIST Post-Quantum Standards
NIST finalized three PQC standards in August 2024: FIPS 203 (ML-KEM for key encapsulation), FIPS 204 (ML-DSA for digital signatures), and FIPS 205 (SLH-DSA for hash-based signatures).
ML-KEM-768 and ML-DSA-65 are the recommended parameter sets for most applications, offering strong security margins with performance competitive with classical algorithms on edge hardware.
- ML-KEM provides quantum-resistant key exchange, replacing ECDH.
- ML-DSA provides quantum-resistant signatures, replacing RSA and ECDSA.
- SLH-DSA offers a conservative hash-based alternative for highest-assurance applications.
Hybrid Approaches and Cryptographic Agility
Hybrid schemes combine classical and post-quantum algorithms in the same operation, providing quantum resistance while maintaining backward compatibility during the transition period.
Image-based platforms support cryptographic agility by design: algorithm changes are deployed as atomic image replacements, ensuring fleet-wide consistency without per-device library management.
Key Takeaways
- The harvest-now-decrypt-later threat makes PQC migration urgent today, not when quantum computers arrive.
- Hybrid cryptographic approaches (combining classical and post-quantum algorithms) provide a safe migration path with backward compatibility.
- Image-based platforms enable cryptographic agility by treating algorithm upgrades as atomic image replacements rather than per-device library updates.
Implementation Checklist
- Inventory all cryptographic dependencies across the platform stack.
- Confirm the platform supports NIST-standardized PQC algorithms (ML-KEM, ML-DSA).
- Verify cryptographic upgrades can be deployed through the standard update mechanism.
Related Resources
The library is designed as a connected set of technical briefs so adjacent topics stay easy to discover.
Whitepaper
The Unified Kernel Image: Why One File Can Replace an Entire Boot Chain at the Edge
How the Unified Kernel Image format simplifies the edge host operating model by reducing boot-path complexity, shrinking the host attack surface, and making fleet-wide recovery predictable.
Whitepaper
Container Hardening on a Minimal Host: The Split-Runtime Security Model
A layered approach to container hardening that combines minimal host design, split-runtime architecture, systemd sandboxing, and OCI policy enforcement for edge deployments.
Whitepaper
Achieving CNSA 2.0 Compliance at the Edge
CNSA 2.0 compliance at the edge is a lifecycle management challenge, not an algorithm selection exercise. This paper examines how disconnected, long-lived, and constrained deployments change the operational requirements for post-quantum cryptographic policy, and what teams need to prove to auditors.