22 Post Quantum Crypto for Dummies Google has been using this approach in their experimental deployment of the postquantum scheme NewHope 12. Agility Not all cryptographic primitives need to be replaced by post-quantum primitives right away. For example, authentication does not yet need to be post-quantum secure before quantum computers are built — an attacker cannot retroactively break authentication that was performed in the past. However, ephemeral key exchange and symmetric encryption must be secure against quantum computers long time before attacks are using quantum computers—otherwise, an attacker is able to break into previously recorded communication. Certificates and digital signatures that expire in the far future must be secure against attacks using quantum computers. If signatures are not post-quantum secure yet, they must be renewed with post-quantum schemes before quantum computers are available. Therefore, whenever a secure post-quantum scheme is not yet required or available, applications must use agile protocols and update mechanisms that allow to upgrade to post-quantum primitives once they become available and before quantum computers are available. Caveats Compatibility Some post-quantum schemes have additional requirements for their execution environment that are different from classical schemes. For example, the signature scheme XMSS is stateful, i.e., an internal state needs to be stored between the computation of consecutive signatures. This state must not be lost and also must not return to an earlier state. This breaks interoperability with backup strategies that are designed to preserve older copies of data but do not guarantee that the most recent changes can be recovered. Using stateful signature schemes requires an adaptation of the data backup procedure; in the worst case a loss of the private signature key is preferable over returning to an old state because reusing the signature state might enable an attacker to forge valid signatures using only publicly available information.
PQC_for_Dummies
To see the actual publication please follow the link above