PQC – Where to Start, What to Prioritize, and How to Facilitate a Smooth Transition
The shift to Post-Quantum Cryptography (PQC) can feel overwhelming for large enterprises, but a structured approach makes it manageable. This session provides a practical roadmap for navigating the migration. We will discuss exactly where to start, moving beyond simple discovery. We’ll cover what to prioritize based on a risk-based threat model to focus your immediate efforts on the most urgent issues first. Finally, we will explore how to facilitate a smooth transition by embedding cryptographic agility and automated key rotation into your infrastructure, ensuring this and future migrations are seamless operational shifts rather than massive, disruptive rewrites.
I am a Staff Software Engineer and Tech Lead Manager at Google, where I work in the Security Engineering team. My focus is on post-quantum cryptography and enabling developers at Google and across the internet to use cryptography safely and correctly.
I have a PhD in cryptography and an extensive background in the design and analysis of symmetric-key algorithms, post-quantum cryptography, and lightweight cryptography. I have contributed to several cryptographic standardization efforts, including the SKINNY cipher, which is part of the ISO/IEC 29192-2 standard. I also contributed to the SPHINCS+ signature scheme, which was standardized by NIST as FIPS 205. I currently represent Switzerland in the ISO/IEC JTC 1/SC 27/WG 2 committee for cryptography and security mechanisms.
Before joining Google, I was a Senior Technology Manager at Cybercrypt and a postdoctoral researcher at the Technical University of Denmark, working on the H2020 PQCRYPTO project.