Skip to content

PATTERN Cited by 1 source

Compensating controls for migration gap

Context

A new security primitive (e.g., a better post-quantum signature algorithm) is needed but will not be standardised and available for 5โ€“10 years. The threat it addresses (quantum computer capable of breaking classical crypto) may arrive before the ideal solution is ready.

Problem

Systems where the current-best primitive (ML-DSA) causes genuine operational problems (wire-size constraints, protocol incompatibility) face a gap: the ideal algorithm isn't ready, but the threat is approaching.

Solution

Deploy the available general-purpose primitive where possible, and apply compensating controls in systems where it doesn't fit:

Compensating control Mechanism Trade-off
Restricted access Limit who/what can connect to the vulnerable endpoint Reduces availability
Tunneling Wrap the vulnerable protocol inside a PQ-encrypted tunnel Adds latency, operational complexity
Enhanced monitoring Detect and alert on anomalous authentication patterns Reactive, not preventive
Shorter key lifetimes Reduce the window of exposure for any single key Increases operational churn
Pre-positioned trust anchors Deploy PQ root keys now via out-of-band channels Only works for trust anchors, not live authentication

Once smaller PQ signatures arrive (2030s), compensating controls can be removed and full efficiency/security restored.

Anti-pattern: Waiting for the perfect algorithm

Delaying PQ migration entirely because ML-DSA is "too big" is the wrong choice. The threat arrives on a timeline set by quantum hardware progress, not by algorithm-standardisation timelines. "You go to war with the algorithms you have, not the ones you wish you had."

(Source: sources/2026-07-09-cloudflare-post-quantum-signature-algorithms)

Consequences

  • Compensating controls are temporary and expensive โ€” track removal timelines.
  • The migration is not a single event but a multi-year transition period.
  • Supporting both PQ and classical creates a downgrade attack surface that itself needs mitigation.
  • Disabling classical crypto (eliminating downgrade) takes years in distributed systems.

Seen in

Last updated ยท 575 distilled / 1,757 read