Key insight

The real goal isn’t installing ML-KEM — it’s crypto-agility: the ability to swap algorithms quickly and repeatedly. The last migration (SHA-1 → SHA-2) took a decade because crypto was hard-coded with no clean seam. Agile systems make the algorithm a configuration setting behind an abstraction layer, assume no fixed sizes, and automate certificate lifecycle. The right question isn’t “is this safe today?” but “how fast could we change it?

In one sentence

If changing your crypto would take months or years, that rigidity is the vulnerability — fix agility once and every future migration becomes routine.

Why the last migration took a decade

The last time the world moved algorithms at scale — the old SHA-1 hash to SHA-2 — it took the better part of a decade and was painful. Why so slow? Cryptography had been baked deep into systems: algorithm names hard-coded into application logic, key sizes assumed in schemas and protocols, no clean seam to reach in and swap. Every change meant hunting through code, rebuilding, and re-testing thousands of places by hand.

What crypto-agility means

Crypto-agility is the discipline of never letting that happen again: designing so the choice of algorithm is a configuration setting, not a hard-coded fact. The rest of the application asks “encrypt this” or “sign this” without caring which algorithm does the work.

Rigid vs agile Rigid systems hard-code algorithms throughout the app; agile systems route all crypto through one swappable abstraction layer. Rigid RSA here RSA here RSA here RSA hard-coded everywhere change = hunt & rebuild all Agile encrypt() sign() verify() crypto abstraction layer (config) change = one config setting
One swappable seam beats a thousand hard-coded copies.

The patterns that make systems agile

PatternWhat it does
Abstraction layer / crypto providerApp calls encrypt()/sign(); the algorithm lives in one place
Config-driven algorithm selectionSwap algorithm via configuration, not code change
No hard-coded sizesLarger PQC keys/signatures don’t overflow buffers or schemas
Automated certificate lifecycleRotating to a new algorithm is routine, not a fire drill
Living CBOMYou always know what would need to change
Hybrid-ready protocolsRun classical + PQC together, flip the mix by config
What the abstraction layer actually looks like: concretely it’s one module (a class, service, or library wrapper) that every caller goes through — the algorithm is chosen from config, never named at the call site:
# callers only ever see this:
token = crypto.sign(payload)          # not rsa_sign(...) or mldsa_sign(...)

# one place decides the algorithm, from config:
class CryptoProvider:
    def sign(self, data):
        algo = config.get("sig_algorithm")   # "ml-dsa-65" | "rsa-2048" | "hybrid"
        return _registry[algo].sign(data)
Swapping algorithms becomes a config edit plus a redeploy, not a code hunt. Most languages support this with a provider/factory pattern; the pain is usually not the pattern but retrofitting code that skipped it.
Finding hard-coded sizes: rigidity often hides as fixed lengths, not just algorithm names. Hunt for literal byte counts in code (64, 256, 2048), fixed-width database columns and message fields, and pre-allocated buffers sized for RSA/ECC. Code review plus static analysis (grep-style rules or SAST) surfaces most of them — because PQC keys and signatures are much larger, a buffer sized for yesterday’s crypto is a silent break waiting to happen.

The question to keep asking

When you design or assess a system, don’t only ask “is this algorithm quantum-safe today?” Ask: “how quickly could we change this algorithm if we had to?” If the honest answer is months or years, that rigidity is the real vulnerability.

A rough self-scoring rubric:

BandWhat “change” takes
GreenA config flag flips the algorithm — hours to days, no code change.
AmberA library bump + redeploy across a few services — weeks.
RedA protocol, schema, hardware, or vendor change — months or more, often outside your control.

Score each critical system honestly. The red rows are where migration will hurt — and therefore where crypto-agility work pays back first.

Why it pays off beyond quantum

PQC is young; one of today’s algorithms may later need adjusting, or a better one may arrive. A crypto-agile organisation absorbs that with a config change and redeploy. A rigid one faces another decade-long hand-cranked migration every time.

Myth: “We’re done once we’ve deployed ML-KEM.” Deploying one algorithm is a milestone, not the goal. If it’s hard-coded again, you’ve just recreated the rigidity for the next transition. The durable win is the swappable seam.
Crypto-agility
The ability to change cryptographic algorithms quickly, ideally by configuration.
Abstraction layer
A single interface (encrypt/sign/verify) behind which the algorithm lives.
Hybrid-ready
Able to run classical + PQC together and adjust the mix without rebuilds.
Certificate lifecycle automation
Automated issuance/rotation so algorithm changes are routine.
SHA-1 / SHA-2
Successive versions of the Secure Hash Algorithm; the SHA-1→SHA-2 move is the decade-long migration this article learns from.
PQC (Post-Quantum Cryptography)
The quantum-resistant algorithms whose larger keys/signatures agile systems must accommodate.
RSA / ECC
The classical algorithms — RSA (Rivest–Shamir–Adleman) and ECC (Elliptic-Curve Cryptography) — whose fixed sizes are often baked into buffers and schemas.
ML-KEM
Module-Lattice Key-Encapsulation Mechanism — deploying it is a milestone, not the end of agility work.
SAST (Static Application Security Testing)
Automated source analysis that helps surface hard-coded algorithms and sizes.

What to carry forward

Next: Risk & Data Classification → — deciding what to migrate first.

AI-first? Crypto-agility is the same discipline as model-agility — see Quantum-Safe AI.

Understand it in your own words

Paste into any AI assistant to check yourself:

I'm learning crypto-agility. Quiz me one question at a time, correcting me
gently:

1. Why is agility — not a specific algorithm — the real goal of quantum
   readiness?
2. Why did the SHA-1 to SHA-2 migration take about a decade?
3. Name four patterns that make a system crypto-agile.
4. What single question should I ask when assessing a system's crypto?
5. Why does crypto-agility pay off even beyond the quantum transition?

References & further reading

  1. NIST NCCoE, Crypto-Agility Considerations for Migrating to PQC. nccoe.nist.gov
  2. NIST, Cybersecurity White Paper: Considerations for Achieving Crypto Agility (CSWP 39). csrc.nist.gov/pubs/cswp/39
  3. CISA, NSA & NIST, Quantum-Readiness: Migration to PQC. cisa.gov/quantum
  4. ENISA, Post-Quantum Cryptography: Current state and quantum mitigation. enisa.europa.eu