Sign in Subscribe

fundamentals

Core PQC concepts, NIST standards, and algorithm explainers for CISOs and security architects beginning their post-quantum migration journey.

ML-KEM Explained: How CRYSTALS-Kyber Became FIPS 203

ML-KEM Explained: How CRYSTALS-Kyber Became FIPS 203

If your cryptographic inventory still lists “CRYSTALS-Kyber” rather than “ML-KEM (FIPS 203)” as your post-quantum key-establishment mechanism, you likely have at least a nomenclature and conformance-review gap, and possibly an implementation gap as well. NIST finalized FIPS 203 on August 13, 2024, establishing ML-KEM as the first federally standardized post-quantum

What Is Q-Day? The Quantum Threat Timeline Security Teams Need to Know

What Is Q-Day? The Quantum Threat Timeline Security Teams Need to Know

The most dangerous misconception in enterprise security right now is that Q-Day is a calendar event your organization can plan around once it gets closer. It is not. The adversaries most likely to exploit a cryptographically relevant quantum computer are the same ones currently intercepting and archiving your encrypted traffic-today,

What Is a Cryptographically Relevant Quantum Computer (CRQC)? A Practitioner's Reference for CISOs and Security Architects

What Is a Cryptographically Relevant Quantum Computer (CRQC)? A Practitioner's Reference for CISOs and Security Architects

Every post-quantum cryptography conversation eventually circles back to the same foundational question: what, precisely, is the threat model? Vendor briefings invoke quantum computing loosely. Board members conflate quantum communication with quantum computation. And well-intentioned security teams sometimes dismiss the risk entirely because today's quantum hardware cannot factor a

What Is Post-Quantum Cryptography? The Practitioner's Guide for CISOs and Security Architects

What Is Post-Quantum Cryptography? The Practitioner's Guide for CISOs and Security Architects

Your organization's encrypted data is being stolen right now — not to be read today, but to be decrypted the moment a cryptographically relevant quantum computer (CRQC) comes online. Nation-state adversaries running "harvest now, decrypt later" (HNDL) operations do not need a quantum computer to collect your

Lattice-Based Cryptography for Security Architects: Standards, Performance, and Migration Architecture

Lattice-Based Cryptography for Security Architects: Standards, Performance, and Migration Architecture

The question is no longer whether lattice-based cryptography will replace RSA and ECC in production systems—it is how fast your organization can execute that replacement before quantum-capable adversaries make the decision for you. NIST finalized FIPS 203, 204, and 205 in August 2024. For security architects, this is an

Harvest Now, Decrypt Later: Why Every Month of PQC Delay Is an Irreversible Security Decision

Harvest Now, Decrypt Later: Why Every Month of PQC Delay Is an Irreversible Security Decision

Your adversaries are not waiting for Q-Day. They are collecting your encrypted traffic right now — TLS sessions, VPN tunnels, archived communications, financial records — and storing it with the explicit plan to decrypt it once a cryptographically relevant quantum computer exists. This is not a threat model from a research paper.

FIPS 203, 204, and HQC Explained: What Security Architects Need to Know About NIST's Finalized PQC Standards

FIPS 203, 204, and HQC Explained: What Security Architects Need to Know About NIST's Finalized PQC Standards

Security architects are now encountering FIPS 203 and FIPS 204 in vendor documentation, procurement requirements, and compliance frameworks — but the naming conventions around these standards are genuinely confusing. Kyber, ML-KEM, and FIPS 203 are related but not interchangeable references. The same problem applies to Dilithium, ML-DSA, and FIPS 204. Misusing