BenchmarksComparisonOverview
H33-VaultH33-ShareH33-ShieldH33-HealthH33-KeyH33-GatewayH33-128H33-CKKSH33-256H33-FHE-IQH33-TFHEFHE OverviewH33-CompileZK LookupsBiometricsH33-3-KeyH33-MPCZK-TrustlessZK-PhishZK-VerifyPQC ArchitecturePQ VideoH33-AI ComplianceH33-FraudShieldH33-MedVaultH33-VaultKeyH33-QuantumVaultH33-DeviceProofH33-BotShieldBlind Mode Demo
APIsPricingDocsWhite PaperTokenBlogAboutSecurity Demo
Log InGet API Key

NIST Post-Quantum Migration Checklist

A practical checklist for moving encryption, authentication, and signatures from RSA/ECC to NIST-aligned post-quantum cryptography.

Download Checklist → Start Migration

1Identify RSA/ECC exposure

  • Audit TLS termination points (load balancers, reverse proxies, API gateways)
  • Inventory certificate chains (internal CA, public CA, client certificates)
  • Map API authentication methods (JWT signing, HMAC, OAuth tokens)
  • Identify code signing in CI/CD pipelines
  • Run HICS scan for automated classical crypto detection

2Prioritize by confidentiality window

  • Immediate: medical records, financial data, legal communications
  • Soon: authentication tokens, session keys, API credentials
  • Planned: internal systems, dev environments, non-sensitive flows

3Map what changes

  • Key exchange: RSA/ECDH → ML-KEM (FIPS 203)
  • Signatures: RSA/ECDSA → ML-DSA (FIPS 204)
  • Certificates: X.509 with PQ algorithm support
  • Auth: token signing with post-quantum keys
  • What stays: AES-256, SHA-256/SHA-3, application logic, network arch

4Choose deployment mode

  • Hybrid: run ML-KEM + ECDH in parallel (NIST recommended for transition)
  • Full PQ: replace classical entirely (for new systems or high-risk data)
  • API abstraction: route through H33 โ€” no library or cert changes needed

5Integrate ML-KEM and ML-DSA

  • Option A: SDK integration (Rust, Python, Node, Go)
  • Option B: API integration (one endpoint, H33 handles everything)
  • Option C: Hybrid proxy (route TLS through PQ-capable gateway)

6Create compliance evidence

  • Generate H33-74 attestations for every PQ operation
  • Enable HATS continuous compliance attestation
  • Document migration for SOC 2, ISO 27001, HIPAA auditors

7Test and measure

  • Benchmark latency impact (H33: 1.36ms full pipeline)
  • Verify key sizes don't break bandwidth constraints
  • Test rollback path (classical stack still operational)

8Roll out by system criticality

  • High-value data systems first (HNDL defense)
  • Authentication and session management second
  • Internal and development systems last
  • Enable HATS for continuous drift detection

Key takeaway:

NIST post-quantum migration requires replacing asymmetric cryptography (RSA, ECC) with ML-KEM and ML-DSA. Symmetric encryption and hash functions are already quantum-safe. The migration surface is narrower than most organizations expect.

Get the full checklist

We'll send the complete migration checklist to your inbox.

Primary migration concern...
Timeline pressure
Backward compatibility
Performance impact
Regulatory compliance
Cost and resources
Other

Zero spam. We'll also show you how to run the migration.