The Limits of AES & The Necessity of Post-Quantum Cryptography (PQC)

The common reliance on strong AES encryption is dangerously misplaced, as quantum computers will swiftly compromise the initial key exchange by breaking the underlying classical Rivest–Shamir–Adleman (RSA) and Elliptic Curve Cryptography (ECC) protocols with Shor’s algorithm, a critical “handshake” vulnerability that allows adversaries to “Harvest Now, Decrypt Later” (HNDL). This urgency, highlighted by major industry moves like Zoom’s May 2024 global Post-Quantum E2EE rollout and Signal’s late 2023 PQXDH deployment, demands the immediate implementation of Post-Quantum Cryptography (PQC) public-key algorithms to secure the key distribution, allowing the otherwise quantum-resistant AES-256 to remain a viable defence for bulk data.

Best Practices & Mitigation Strategies

Defence must shift to protecting the key exchange via “Crypto-Agility.”

1. Adopt Hybrid Key Exchange: Do not rely on AES alone for secure communication. Implement a Hybrid Key Exchange that combines classical ECC with newly developed, NIST-standardised PQC public-key algorithms (like ML-KEM/Kyber). This secures the AES key handshake against both classical and quantum threats.

2. Build a Cryptographic Bill of Materials (CBOM): You cannot secure what you cannot see. Inventory all applications to identify where vulnerable RSA/ECC algorithms are actively used for key wrapping.

3. Avoid “Snake Oil” Solutions: Discard recommendations suggesting the need for fictitious standards like “AES-512.” Focus engineering resources entirely on upgrading public-key infrastructure to PQC standards.

While AES-256 remains secure, the imminent threat of quantum computing to our current RSA/ECC key exchange protocols fundamentally compromises the entire system. To prevent adversaries from decrypting harvested traffic tomorrow, we must immediately adopt Post-Quantum Cryptography (PQC) for key exchange.