A practical guide to cryptographic agility before Q-Day

Summary

The post-quantum transition is already underway. Organizations that embrace cryptographic agility, the ability to replace and upgrade cryptographic algorithms without operational disruption, are already showing what preparedness looks like.

But don’t get complacent. Agility is not a one-time upgrade; it is an active stance.

Before the blizzard

Picture the Netherlands buried under its first real blizzard in years. Trains have stopped. Schools are closed. Highways are blocked with abandoned cars.

And yet, some people are doing just fine. They salted their driveways yesterday, stocked up on groceries. They know where the candles are if the power goes out.

They didn’t stop the snow. They just made its arrival a non-event.

Cryptographic preparedness looks the same. Don’t panic about Q-Day – the moment quantum computers can break today’s encryption. Take a clear-eyed inventory of your algorithms, dependencies, and contingencies.

That’s cryptographic agility: designing systems that can adapt before the blizzard hits.

Because something always breaks.

The question is whether you’re scrambling in the storm or having a cup of tea by the window, watching the snow fall.

The post-quantum transition isn’t an emergency. It’s a forecast. You can see it coming. You have time to prepare.

Only if you start now.

The inventory

Before you can protect anything, know what you have.

Most organizations can’t answer basic questions about their cryptographic estate:

• What algorithms are we using?
• Where are our keys stored?
• Which certificate authorities do we trust?
• What happens if one of them is compromised overnight?

Think of it like a hospital preparing for a grid failure.

• What still works when the power goes out?
• What runs on backup generators?
• What fails silently?

If RSA breaks tomorrow, what do you need to shut down? What can keep running? What’s the blast radius?

But it’s more than algorithms. What happens if a key holder loses access? What if an HSM becomes unreachable? The International Association for Cryptologic Research (IACR) had to void an entire election because a trustee lost their decryption key.

These aren’t hypotheticals. They could be next Tuesday.

You need a cryptographic Bill of Materials (BOM). This is your inventory. It includes:

• Algorithms in use: RSA, ECDSA, AES, SHA-256. Where are they, and what depends on them?
• Key storage: Hardware security modules, software keystores, cloud KMS. Where do secrets live?
• Trust anchors: Which root CAs do you trust? Which intermediate certificates chain to them?
• Dependencies: What third-party libraries, SDKs, or services bring their own cryptographic assumptions?
• Upgrade paths: What can be migrated? If a system runs RSA, can it move to ECC or PQC? At what cost? What’s hardcoded in silicon, and what’s configurable in software?

This is where cryptographic agility becomes measurable.

If migration requires hardware replacement or firmware redesigns, you don’t have agility. You have fragility.

Not everything needs to be upgraded today, but everything needs to be upgradeable. And you can’t upgrade what you can’t find. You can’t assess risk on assets you don’t know you have.

This isn’t glamorous work. It’s tedious, painstaking, and often reveals uncomfortable surprises. But it’s the foundation of everything else.

As G.I. Joe put it: “Knowing is half the battle.”

Mo’Data, Mo’Problems

Protecting sensitive data starts with stepping back.

We are often too eager to collect and hoard data, even though only a fragment of it is relevant. Oversharing and over-retention compound the problem.

Don’t collect, don’t store, don’t keep data that you don’t need.

Data is a long-term burden. The more you keep, the more you must protect, both now and in the future. Data minimalism strengthens cryptographic agility: fewer long-lived secrets mean fewer future migrations under pressure.

So, internalize data minimalism. Less data, less exposure, less quantum risk.

Protect what lasts

Not all data is equal.

Some secrets need to stay secret for decades: medical records, legal documents, state intelligence. Others are ephemeral: session tokens, temporary keys, transient credentials.

The difference matters.

The Harvest Now, Decrypt Later threat makes this concrete. Adversaries are already collecting encrypted traffic, betting that upcoming quantum computers will crack it open.

If your data has a long confidentiality requirement, the clock is already ticking.

This is where you should apply Zero Trust thinking: identify your most critical protect surfaces first. What can’t you afford to lose? What would hurt most if exposed in ten years? Twenty? Systems protecting long-lived secrets must be built with cryptographic agility in mind.

Not because Q-Day is imminent, but because the data will still be sensitive when quantum computers arrive.

Assess your data. Classify by sensitivity and lifetime. Then ask:

Can this be upgraded when needed?

If the answer is no – that’s your first problem.

Replaceability, not redundancy

Hybrid cryptography comes up often in discussions about the post-quantum transition. Be precise about what it means, and what it doesn’t.

Hybrid cryptography, in this context, means running classical and post-quantum algorithms in parallel, with the ability to negotiate and select between them. Classical algorithms rely on mathematical problems that today’s computers struggle with. Post-quantum algorithms are designed to resist attacks from future quantum machines.

Combining the two is a practical application of cryptographic agility: designing systems where the security primitives can be swapped without tearing down the whole stack.

Think of it like dual-fuel heating: you can run on gas or electric, and switch when one becomes unavailable or too expensive.

What hybrid does not mean is layering one cipher on top of another and assuming the result is a stronger combination.

Stacking algorithms is not the goal. In some cases, stacking can even degrade security by introducing complexity, timing side-channels, or implementation bugs.

The goal is replaceability, not redundancy. Design systems so that when an algorithm retires, it can do so gracefully: without a forklift upgrade, without downtime, without panic.

Lifecycle, not apocalypse

“A complex system that works is invariably found to have evolved from a simple system that worked.”

– John Gall, “Systemantics”

There’s a tendency to frame the post-quantum transition as a countdown to disaster.

Q-Day becomes this fixed point in the future, a cryptographic Y2K, where everything breaks at once, and chaos ensues.

That framing is unhelpful. It breeds either paralysis, because the threat feels too distant to act on, or panic – because it feels overly pressing to plan properly.

A better mental model is lifecycle management.

Everything in cryptography has a lifespan: algorithms weaken, standards evolve, trust anchors rotate. This isn’t new. We’ve deprecated MD5, retired SHA-1, and even Microsoft phased out DES by now. The post-quantum transition is just the next deprecation sliding into view.

This is normal.

Treating any algorithm, standard, or certificate authority as permanent is a form of vendor lock-in. You’ve tied your system to a dependency that will eventually fail.

Cryptographic agility is lifecycle thinking applied to encryption. It assumes every algorithm has an expiration date.

Lifecycle thinking should replace doomsday thinking.

You’re not preparing for the apocalypse. You’re maintaining a garden: pruning what’s dead, planting what’s next, and accepting that seasons change.

Already underway

“Once you open a can of worms, the only way to recan them is to use a bigger can.”

— Zymurgy’s First Law of Evolving Systems Dynamics

The post-quantum transition isn’t a future concern waiting for some distant breakthrough. It’s happening now, in production systems serving billions of users.

• In 2025, Cloudflare reported that 52% of TLS 1.3 traffic on its network used post-quantum encryption. That’s not a pilot program. Not a research experiment. That’s half of all secure web traffic on one of the largest infrastructure providers in the world.
• OpenSSH has supported post-quantum key exchange for years, and has recently made it the default.
• Signal upgraded its protocol to include quantum-resistant key agreement.
• Apple rolled out PQ3 for iMessage, protecting conversations against future decryption.

What’s notable is the convergence.

Most of these deployments rely on hybrid cryptography, following NIST’s guidance and betting on Kyber, a lattice-based algorithm now standardized as ML-KEM.

They’re not waiting for perfect certainty.

They’re picking the best available option, wrapping it in a hybrid approach alongside classical cryptography, and shipping.

The blizzard isn’t here yet. But some people have already salted the driveway.

The real threat

We’ve said it before in our blog posts, but it bears repeating: the greatest threat to cryptographic security isn’t quantum computers. It’s inertia.

Systems get deployed and forgotten. Algorithms get hardcoded into firmware. Standards linger past their expiration date because updating them is expensive, politically fraught, or simply inconvenient.

Then one day, something breaks. The failure everyone predicted becomes the crisis no one prepared for.

The organizations that survive are the ones that design for change. They build systems where cryptographic components are configurable, not welded in. They maintain inventories. They run deprecation drills. They treat algorithm replacement as routine maintenance, not emergency surgery.

The goal isn’t to predict Q-Day.

It’s to make Q-Day irrelevant.

Salt the driveway

The blizzard is coming. Maybe not today, maybe not this year, but the forecast is clear.

Quantum computers will eventually break the cryptographic assumptions we rely on. The only question is whether you’ll be ready.

Readiness doesn’t mean panic.

What does it mean?

It’s time to upgrade:

• Create an inventory: know what you have, what it depends on, and what breaks if it fails.
• Prioritize: protect long-lived secrets first.
• Build agility: design systems that can swap algorithms without surgery.

And it means accepting that nothing is permanent – not algorithms, not standards, not trust.

So salt your driveway. Stock your pantry. Know where the candles are.

And when the blizzard finally hits, you can watch it from the safety of your house.

FAQ