Post-Quantum Cryptography
Bringing quantum-resistance to AWS services and customers
What is post-quantum cryptography at AWS?
At AWS, the confidentiality, integrity, and authenticity of our customers' data is a top priority. Today's widely-used public-key cryptographic schemes rely on mathematical problems - like integer factoring and discrete logarithms - that could be efficiently solved by future quantum computers. To address this challenge, AWS is deploying new NIST-standardized post-quantum cryptographic algorithms that are designed to resist both classical and quantum computing attacks. These algorithms, including the Module-Lattice-based Key-Encapsulation Mechanism (ML-KEM) and Module-Lattice-based Digital Signature Algorithm (ML-DSA), are based on different mathematical foundations that are believed to be resistant to quantum computing attacks.
AWS has already deployed post-quantum cryptography across several key services. AWS Key Management Service (AWS KMS), AWS Secrets Manager, and AWS Certificate Manager have implemented post-quantum hybrid key establishment combining Elliptic Curve Diffie-Hellman (ECDH) with ML-KEM to protect against "harvest now, decrypt later" attacks. At the foundation of these implementations is AWS-LC, our FIPS-140-3-validated cryptographic library, which was the first open-source cryptographic module to include ML-KEM in its FIPS validation.
Migration to quantum-resistant cryptography
Through our PQC migration strategy, AWS is ensuring that customers’ security needs are met not just for today, but well into the quantum computing era. We continue to work closely with our customers, global standards organizations and the cryptographic community to advance the development and deployment of quantum-safe technologies.
The AWS Post-Quantum team interfaces with the global cryptographic community by participating in international conferences, the open literature, and standards organizations with a goal of leading the adoption of quantum-resistant cloud-scale cryptographic technology. We are participating in projects and working groups on quantum-resistant cryptography, including the Internet Engineering Task Force (IETF), ETSI Quantum Safe Cryptography Technical Committee, NIST’s National Cybersecurity Center of Excellence (NCCoE) Migration to Post-Quantum Cryptography project, MITRE Post-Quantum Cryptography Coalition, Post-Quantum Cryptography Alliance (PQCA), and the Open Quantum Safe initiative.
Featured resources
Take the first step to benchmark, prototype, or understand the performance impact of quantum-resistant cryptography on AWS services by reviewing the AWS Security blog posts about Transport Layer Security (TLS), QUIC, and Secure Shell (SSH).
ML-KEM post-quantum TLS supported in KMS, ACM, & Secrets Manager
April 7, 2025
In this blog post, we announce that the latest hybrid post-quantum key agreement standards for TLS have been deployed to three AWS services. AWS Key Management Service (AWS KMS), AWS Certificate Manager (ACM), and AWS Secrets Manager endpoints now support Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) for hybrid post-quantum key agreement in non-FIPS endpoints in all AWS Regions in the aws partition.
AWS-LC FIPS 3.0: First to include ML-KEM in FIPS 140-3 validation
December 10, 2024
Learn more about the ongoing development, optimization, and validation of the cryptography that we provide to our customers and products through our open source cryptographic library, AWS-LC. This blog introduces the addition of FIPS-validated post-quantum algorithms and provides configuration options to begin using these algorithms today to protect against future threats.
AWS post-quantum cryptography migration plan
December 5, 2024
In this blog post, we cover how AWS will migrate to Post Quantum Cryptography (PQC) as part of our shared responsibility model. We also provide information about how to implement a PQC migration strategy for your organization, where AWS is today in the journey of migrating to PQC, and outlines our path forward.
Workshop: Post-Quantum Cryptography on AWS
This workshop demonstrates hands-on post-quantum cryptographic algorithms, their performance and size differences to classical ones. It shows how AWS services like AWS KMS can be used with AWS SDKs to establish a quantum-safe tunnel to transfer the most critical IT secrets protected from a theoretical computer targeting these communications in the future. Learn how these tunnels leverage classical and quantum-resistant key exchanges to offer the best of both worlds.
Standards and industry collaborations
We're working with researchers around the world to help author the following standards:
NIST
The NIST Post-Quantum Cryptography standardization effort is a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms. The new public-key cryptography standards will specify one or more additional digital signatures, public-key encryption, and key encapsulation mechanisms (KEM) algorithms to augment Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard (DSS), as well as NIST Special Publication 800-56A Revision 3. NIST has outlined an estimated timeline of 2024 for the completion of this process, at which point the draft standards and call for public comments will be released.
Of the submissions remaining in the standardization process that are either to be standardized, or advancing onto further rounds of analysis, AWS team members have contributed to the key encapsulation mechanisms ML-KEM and the signature algorithms ML-DSA and SLH-DSA
IETF
The standardization of hybrid key exchange in TLS 1.3. This IETF draft is motivated by the transition to quantum-resistant cryptography, in particular, defining more explicitly how we will navigate the transitional phase from classical to post-quantum algorithms in the Transport Layer Security (TLS) protocol version 1.3.
The standardization of the SPHINCS+ Signature Algorithm in the Cryptographic Message Syntax (CMS). CMS is the IETF's standard for cryptographically protected messages. It can be used to digitally sign, digest, authenticate or encrypt any form of digital data. This standard will provide the quantum-resistant algorithm SPHINCS+ into CMS.
The standardization of ML-DSA Algorithm Identifiers for X.509 Public Key Infrastructure and ML-KEM Algorithm Identifiers for X.509 Public Key Infrastructure. These are two IETF drafts to describe the conventions for using ML-DSA and ML-KEM quantum-resistant signature and KEM respectively in Internet X.509 certificates and certificate revocation lists. The conventions for the associated post-quantum signatures, subject public keys, and private key are also described.
The standardization of Post-Quantum Hybrid Key Exchange in Secure Shell that extends the SSH Transport Layer Protocol with post-quantum hybrid key exchange methods.
ETSI
The European Telecommunications Standards Institute (ETSI) plays a leading role in the standardization of quantum-safe cryptography through its Technical Committee on Quantum-Safe Cryptography. The group focuses on identifying, evaluating, and standardizing post-quantum cryptographic algorithms and protocols, offering practical implementation guidelines to support a secure transition to quantum-resistant systems.In collaboration with academia, industry leaders, and governments, ETSI addresses the security impact of quantum computing, defines requirements for post-quantum algorithms, and provides best practices for deploying quantum-safe infrastructures.
Its work helps ensure interoperability, scalability, and performance in real-world applications. ETSI has published extensive technical reports and specifications on the transition to quantum-safe systems, including Technical Report TR 103 619 defining migration strategies and recommendations for Quantum-Safe schemes, and TS 103 744 on Quantum-Safe Hybrid Key Exchanges.
For more information, visit the ETSI Quantum-Safe Cryptography webpage.
Open source contributions
Research and experimentation
Interested?
To learn more about post-quantum cryptography with AWS