TL;DR: Hybrid and composite cryptography are creating uneven post-quantum migration paths because policy, tooling, and certification requirements differ across regions and environments, according to Keyfactor’s conference reflections. The practical issue is not algorithm preference alone, but whether an organisation can inventory cryptography, test interoperability, and change trust at speed without breaking systems.
At a glance
What this is: This analysis argues that post-quantum migration is being slowed less by algorithm choice than by conflicting policy, tooling, and certification constraints around hybrid and composite cryptography.
Why it matters: It matters because identity and infrastructure teams must plan for cryptographic change across certificates, APIs, devices, and trust policies before compliance, interoperability, or hardware dependencies force rushed decisions.
By the numbers:
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
👉 Read Keyfactor's reflections on hybrid and composite cryptography at the PQC Conference
Context
Post-quantum migration is an identity and trust governance problem as much as it is a cryptography problem. Once certificates, APIs, embedded systems, and device trust chains must change across multiple jurisdictions, the real challenge becomes how quickly an organisation can see its cryptographic estate and change policy without disrupting access.
The article’s core point is that hybrid cryptography can help bridge old and new algorithms, but it also multiplies configuration, compatibility, and compliance complexity. For identity and access teams, that means crypto-agility has to be treated as part of broader identity lifecycle and trust management, not as a separate engineering concern.
Key questions
Q: How should security teams plan PQC migration when hybrid and composite standards are still evolving?
A: Security teams should plan PQC migration by separating near-term compatibility work from longer-term standard adoption. Hybrid can bridge current systems, while composite may better fit future standardisation. The practical priority is to inventory cryptographic dependencies, validate interoperability in test environments, and define how trust changes will be governed before production rollout.
Q: Why do hardware and certification dependencies slow post-quantum migration?
A: Hardware security modules, smartcards, and firmware-bound devices often lag behind software libraries in supporting new algorithms. Certification requirements can also delay production use even when code is ready. That means migration speed is usually limited by operational dependency chains, not just by whether the algorithm itself is available.
Q: What breaks when an organisation has no crypto-agility strategy?
A: Without crypto-agility, teams cannot change algorithms, certificates, or trust anchors quickly when standards or regulations shift. The result is lock-in to legacy dependencies, longer remediation cycles, and higher operational risk during migration. In practice, the environment becomes difficult to adapt without service disruption.
Q: Which control matters most when post-quantum migration spans multiple jurisdictions?
A: The most important control is governance of cryptographic policy by environment and region. Different regulators and industries may allow or restrict hybrid approaches at the same time, so a single universal rollout assumption will fail. Teams need a policy model that records where each cryptographic mode is permitted, tested, and supportable.
Technical breakdown
Hybrid cryptography vs composite cryptography
Hybrid cryptography combines classical and post-quantum algorithms while remaining backward compatible with existing systems. Composite cryptography places multiple algorithms into a single cryptographic object, usually without backward compatibility, and is moving through IETF standardisation. The practical difference is operational: hybrid can ease transition where legacy interoperability matters, while composite aims for a cleaner future state but depends on tooling and standards maturity. Practitioners should not treat the terms as interchangeable because they imply different migration paths, testing burdens, and policy decisions.
Practical implication: separate hybrid transition planning from composite standard adoption so policy, tooling, and interoperability testing do not get conflated.
Why crypto-agility becomes the control plane
Crypto-agility is the ability to change algorithms, certificates, trust anchors, and policy without redesigning the environment each time standards shift. In a PQC migration, agility matters because regulatory direction, vendor support, and certification readiness do not arrive at the same pace. Without a flexible control plane, organisations end up locked into whichever algorithm their oldest dependency can support. That is why inventory, policy abstraction, and staged testing are not side tasks but the enabling conditions for migration.
Practical implication: build cryptographic inventory and policy abstraction first so algorithm changes do not require a full platform rewrite.
Why certification and hardware dependencies slow migration
The article highlights a common implementation blocker: certified HSMs, smartcards, and firmware-bound devices often lag behind software libraries in supporting post-quantum algorithms. That creates a split between organisations that can move now and those that must wait for compliance or hardware refresh cycles. In practice, the migration bottleneck is rarely mathematical readiness alone. It is usually the combination of certification backlog, embedded dependencies, and the requirement to preserve trusted operations while standards are still settling.
Practical implication: identify hardware and certification constraints early so PQC workstreams can be sequenced around real deployment blockers.
NHI Mgmt Group analysis
Crypto-agility is the governing assumption that decides whether PQC migration is manageable or chaotic. The article shows that algorithm selection is not the real constraint. The real constraint is whether the organisation can change trust material, policy, and interoperability rules fast enough to absorb regulatory and tooling divergence. Practitioners should treat agility as the control that allows every other cryptographic decision to remain reversible.
Hybrid cryptography solves transition pain, but it also creates governance ambiguity. A hybrid model can help organisations bridge old and new algorithms, yet it also means different jurisdictions may tolerate different approaches at the same time. That creates a policy conflict, not just an engineering one. The implication is that global identity programmes need region-aware cryptographic governance rather than a single universal rollout assumption.
Crypto-agility gap: the organisation’s inability to move cryptographic policy faster than its legacy dependencies can absorb change. That gap is visible when software can test PQC but hardware, certification, or standards cannot yet support production use. It is a structural mismatch between migration ambition and operational reality. Practitioners should expect the gap to shape sequencing, not just timelines.
Cryptographic inventory is now a prerequisite for identity trust management. If teams cannot identify where certificates, APIs, devices, and embedded systems depend on current algorithms, they cannot assess blast radius or migration risk. This is not just a PKI hygiene issue. It is an identity governance issue because trust spans human, machine, and platform interactions.
Post-quantum readiness will be determined by lifecycle discipline, not by a single algorithm choice. Migration succeeds when organisations can discover, classify, test, replace, and retire cryptographic dependencies in order. That lifecycle view is the part many programmes still miss. The practical conclusion is that PQC readiness belongs inside the identity and trust operating model, not beside it.
From our research:
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, which shows how often identity lifecycle controls lag behind operational change.
- Post-quantum migration will expose the same governance weakness in cryptographic estates, so readers should also review Ultimate Guide to NHIs , 2025 Outlook and Predictions for the longer-term identity posture angle.
What this signals
Crypto-agility gap: organisations that can test post-quantum algorithms but cannot certify or deploy them at scale will face an extended dual-stack period. That means identity, PKI, infrastructure, and compliance owners need a shared decision model for where hybrid is acceptable, where composite is viable, and where pure PQC is the only realistic path.
The broader signal is that cryptographic change management is becoming an identity programme issue, not a niche PKI project. When trust spans devices, APIs, certificates, and regional policy, programme teams need to think in terms of inventory, lifecycle, and control ownership rather than isolated algorithm upgrades.
With 96% of organisations storing secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, per the Ultimate Guide to NHIs, the same operational pattern will hurt PQC readiness if cryptographic dependencies remain undocumented and unmanaged.
For practitioners
- Build a complete cryptographic inventory Map every place cryptography is used, including certificates, APIs, embedded devices, applications, and external trust relationships. Tag each dependency by algorithm, owner, refresh cadence, and business criticality so migration planning starts from evidence rather than assumptions.
- Prioritise systems by business impact and technical feasibility Start with workloads that protect sensitive data for long periods or sit in devices that will remain deployed for years. Then sequence migration based on what can actually be changed in your current tooling, certification, and hardware environment.
- Test hybrid and pure PQC paths in controlled environments Use development or non-production environments to validate interoperability, identify breakpoints, and document where current libraries or integrations fail. Testing should also confirm whether regional policy or certification constraints alter the deployment model.
- Treat crypto-agility as a policy capability Define how certificates, trust anchors, and algorithm choices can be changed without a redesign of the whole stack. Make that policy visible to PKI, IAM, infrastructure, and compliance owners so changes can be executed under governance.
Key takeaways
- Post-quantum migration is being slowed by governance complexity, not just cryptographic choice.
- Hardware, certification, and regional policy constraints determine which organisations can move now and which must sequence change carefully.
- Crypto-agility and complete cryptographic inventory are the practical foundations for avoiding a disruptive PQC transition.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Covers credential and certificate lifecycle risk during PQC migration. |
| NIST CSF 2.0 | PR.DS-2 | Addresses data protection through encryption and trust material management. |
| NIST Zero Trust (SP 800-207) | PR.AC-1 | Zero trust depends on continuously validated trust relationships across systems. |
Track cryptographic asset rotation and replacement so legacy algorithms are retired on a defined schedule.
Key terms
- Hybrid Cryptography: A transition approach that combines classical and post-quantum algorithms so systems can keep working while the environment changes. It is used to preserve compatibility during migration, but it also adds policy and interoperability complexity that must be governed explicitly.
- Composite Cryptography: A cryptographic design that bundles multiple algorithms into one object and may not preserve backward compatibility. It aims to standardise how classical and post-quantum keys are represented and used together, but it depends on mature tooling and agreed implementation rules.
- Crypto-Agility: The ability to change cryptographic algorithms, certificates, trust anchors, and related policy without redesigning the entire environment. In practice, it is a governance capability as much as a technical one because it determines how quickly an organisation can respond to standards, risk, and regulatory change.
- Cryptographic Inventory: A complete record of where cryptography is used across systems, devices, applications, APIs, and embedded environments. It gives teams the visibility needed to assess migration impact, prioritise work, and avoid discovering critical dependencies only when a change is already underway.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
This post draws on content published by Keyfactor: Hybrid Confusion, Composite Promise, Reflections from the PKI Consortium’s 2025 PQC Conference. Read the original.
Published by the NHIMG editorial team on 2025-11-26.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
