Amazon Web Services Implements Post-Quantum Cryptography
Amazon Web Services is deploying new cryptographic algorithms designed to resist attacks from future quantum computers. These measures aim to protect customer data confidentiality, integrity, and authenticity.
Amazon Web Services (AWS) announced it is implementing post-quantum cryptography (PQC) across its services. This initiative aims to safeguard customer data against potential threats from quantum computers, which could break current encryption standards.
The new algorithms, including ML-KEM and ML-DSA, are based on mathematical principles believed to be resistant to quantum computing. These standards are being integrated into key AWS services to ensure data remains secure.
Several AWS services have already seen PQC integration. AWS Key Management (AWS KMS), Amazon S3, and Amazon CloudFront are now using hybrid key establishment methods that combine existing protocols with ML-KEM. This approach protects against "harvest now, decrypt later" attacks, where encrypted data is captured and decrypted once quantum computers become powerful enough.
Furthermore, AWS KMS and AWS Private CA are supporting quantum-resistant digital signatures using ML-DSA. These implementations are built upon AWS-LC, the company's cryptographic library, which has achieved FIPS-140-3 validation and was among the first to include ML-KEM in such validation.