Hall 5 · Exhibit 1 1 min
The Hybrid Transition Strategy
Why we deploy both classical and PQC simultaneously
Why hybridPQC is ~10y young vs. 40y for RSA
IdeaTwo locks — break one, the other holds
Endorsed comboX-Wing: X25519 + ML-KEM-768
Backed byNCSC · NSA · NIST · EU
Try it yourself
TLS Handshake Theater
Step through a TLS 1.3 handshake with a quantum attacker.
Because algorithms are mathematically young (~decade vs. 40 years for ), the industry deploys hybrid cryptography — both a classical and lock simultaneously. If is broken, classical holds; if classical falls to quantum, survives.
( + ML-KEM-768) combines classical with NIST's primary lattice standard. Endorsed by NCSC, NSA, NIST, and the EU as the responsible default during migration.
SIKE's 2022 failure — a NIST finalist broken on a desktop in an hour — underscores why a classical safety net remains essential.
Explore more in the atlas
Key Takeaways
- Hybrid wraps data in both a classical and PQC lock — if either is broken, the other survives
- X-Wing (X25519 + ML-KEM-768) is the endorsed hybrid KEM
- SIKE's 2022 failure proves why relying on PQC alone would be premature