Our Post‑Quantum Cryptography Journey: From Awareness to Action

What is the role of a cybersecurity team in an organization's journey towards a Post-Quantum world? In a company like ours, which builds software, devices, networks, and apps, and operates critical infrastructure at scale, the answer requires some reflection. In consultation with our Chief Network Officer, Chief Product Officer, and Chief Technology Officer, we decided that the cyber team would focus on Post Quantum Cryptography (PQC). We are at the beginning of a multi-year migration to PQC, but we have defined a practical roadmap and started shipping open-source tools to help our teams, and hopefully others, move from awareness to action.

Why Now: The Quantum Risk Is Real and the Timelines Are Tight

Quantum computing has moved beyond the hypothetical. While the date of a cryptanalytically relevant quantum computer remains uncertain, the trajectory is unmistakable and so is the "harvest-now, decrypt-later" reality that motivates adversaries to collect encrypted data today for future decryption. U.S. policy reflects this urgency: NSM-10 directs the federal migration to quantum-resistant cryptography, and OMB M-23-02 requires agencies to inventory and prioritize cryptographic systems explicitly warning about harvest-now, decrypt-later risks. Congress reinforced this through the Quantum Computing Cybersecurity Preparedness Act, mandating government-wide readiness.

Standards are also here. In August 2024, NIST finalized the first PQC FIPS, including ML-KEM (key establishment), ML-DSA (signatures), and SLH-DSA (signatures). These approvals clear the path for broad deployment and give engineering teams stable targets for implementation and testing.

For organizations operating or interconnecting with U.S. National Security Systems, NSA's CNSA 2.0 outlines transition expectations through the early-to-mid-2030s pragmatic dates that reinforce how protracted crypto transitions can be. We have all lived through decade-long shifts (e.g., SHA-1 to SHA-256); PQC is more complex, touching asymmetric primitives, protocols, hardware, and supply chains.

This push is beyond U.S.-centric. The European Commission's coordinated PQC roadmap urges Member States and critical sectors to begin migration planning, and proposed NIS2 updates would name PQC transitions explicitly in national strategies. The global direction is clear: discover, plan, and migrate.

Our Approach: Three Components, One Program

Drawing on industry guidance, standards momentum, and our own experience building and operating large-scale networks, we organized Comcast's PQC program around three mutually interconnected components:

1. Cryptographic Discovery (Inventory & Visibility)

2. Risk Assessment (Prioritization & Road-mapping)

3. Enablement & Migration (Patterns, Pilots, and Productization)

This mirrors the discover-observe-transform arc that many practitioners recognize, and it keeps crypto-agility (the ability to swap algorithms with minimal disruption) at the center of every decision.

1) Cryptographic Discovery: Building the Ground Truth

You cannot migrate what you cannot see. Our first priority is to establish a living cryptographic inventory -- a detailed, continuously updated view of where algorithms, keys, certificates, protocols, libraries, and accelerators are used across our environment and supply chain. This means combining multiple techniques: static code analysis, CBOM enrichment, passive and active network telemetry, certificate stores and PKI data, and targeted scans for hardcoded secrets and legacy ciphers.

To accelerate this work, we have developed xIPHER, a discovery-focused solution designed to help quickly identify cryptographic usage patterns across code and runtime and seed a Cryptography Bill of Materials (CBOM).

Initial learning: inventory is never truly "done." It is a product, not a project. It requires automation, ownership, and integration into continuous integration / continuous delivery (CI/CD) pipelines and runtime monitoring. Discovery data must also be normalized and enriched with business context (system criticality, data sensitivity, external exposure), or it cannot drive good prioritization decisions.

2) Risk Assessment: From Lists to Priorities

Once discovery gives us the map, we need a compass. We built and open-sourced the Crypto Agility Risk Assessment Framework (CARAF) to translate inventory into actionable priorities. CARAF scores each asset along two axes:

• Crypto Agility: How easily can this asset adopt PQC (considering libraries, protocol support, vendor dependencies, performance headroom, and hardware constraints)?

• Risk Level: How critical is the asset and how long must its data remain confidential (the classic X+Y>Z test: asset lifespan plus migration time versus the expected time-to-threat)?

CARAF then recommends one of three actions: migrate, phase-out, or accept-risk. This produces a sequenced migration plan, calling out distinct paths for first-party versus third-party systems. We have provided a calculator, documentation, and examples to make it straightforward for teams to self-serve.

Initial learning: agility often dominates risk. Two systems with similar criticality can flip in priority because one is crypto-agile (modern libraries, protocol headroom, vendor roadmap clarity) and the other is locked behind inflexible hardware or proprietary stacks. That is why crypto-agility and abstracting crypto through well-designed interfaces delivers agile systems.

3) Enablement & Migration: From Pilots to Patterns

With priorities in hand, we guide teams from proof-of-concept to production. Our PQC Center of Excellence partners with product and platform groups to:

• Raise awareness of the quantum threat, the standards landscape (ML-KEM, ML-DSA, SLH-DSA), and the performance/size trade-offs that come with lattice- and hash-based schemes.

• Publish patterns and reference integrations hybrid key exchange in TLS, PQC-ready certificate profiles, code-signing options, and staged fallback strategies.

• Benchmark and test at scale so product teams can make informed choices.

To that end, we have released PQBench, a curated benchmarking and evaluation toolkit that maps real-world use cases (e.g., handshake latency budgets, MTU/fragmentation thresholds, device memory constraints) to PQC algorithm parameters and performance metrics. PQBench helps teams choose sensible defaults, test on representative hardware, and understand operational impacts before broad rollout.

Related Stories

Initial learning: PQC integration is a full-stack change. It touches protocols (TLS, SSH, QUIC, IPsec), PKI and HSMs, signing services, storage and message formats, telemetry, and even UX (e.g., larger keys/signatures in QR flows). Hardware matters as some paths require firmware updates or next-gen accelerators. That is why early pilot lines with tight feedback loops are essential.

Additionally, because our cybersecurity teams also architect and operate several of Comcast's core cryptographic platforms, including our enterprise PKI, code-signing and certificate authorities, and token issuance/verification services, we treat these shared services as first-class products (high priority) in the migration. Upgrading them for PQC early in the transition process strengthens downstream crypto-agility, allowing every dependent system to adopt PQC through well-defined interfaces.

Open Source: Standing Up Reusable Blocks

xIPHER - discovery-oriented tooling to seed crypto inventories and CBOMs.

CARAF - an open, methodical approach to crypto-agility scoring and PQC risk prioritization, with a calculator and guidance.

PQBench - practical benchmarking to translate PQC algorithms and parameters into operational realities for product teams.

We will keep iterating in the open, engaging with standards bodies and the broader security community as we do in our other security initiatives and publications.