01
Cryptographic inventory
We map every cryptographic dependency across systems — protocols, libraries, hardware modules — and classify by quantum exposure (harvest-now-decrypt-later vs near-term break risk).
Quantum · Cryptography
Post-Quantum Cryptography (PQC) Migration in Canada
Quantum is a 2026 procurement problem, not a 2030 research curiosity. CFRI helps Canadian regulated firms inventory their cryptographic surface, assess quantum risk, and plan a NIST-aligned post-quantum cryptography migration. We participate in Google's Willow quantum early-access program.
02
NIST-aligned PQC selection
ML-KEM, ML-DSA, SLH-DSA, with hybrid-deployment patterns that preserve interoperability through the transition period.
03
Crown-grade rollout planning
Migration sequencing, key-management changes, vendor coordination, and the timeline that fits inside a Canadian Crown corporation's procurement cadence.
What we deliver
- →Cryptographic inventory and exposure scoring
- →PQC algorithm selection (NIST FIPS 203 / 204 / 205 aligned)
- →Hybrid deployment architecture
- →Vendor coordination playbook
- →Multi-year migration roadmap
Frequently asked
Why now?
Harvest-now-decrypt-later attacks already capture today's encrypted traffic for future quantum decryption. Long-lived secrets must migrate before quantum capability lands.
What standards do you align to?
NIST FIPS 203 (ML-KEM), 204 (ML-DSA), and 205 (SLH-DSA), plus CCCS guidance for Canadian federal systems.
Do you cover Crown corporations specifically?
Yes — we have specific patterns for Crown-corp procurement cadence and CCCS-adjacent security review.
What about Bitcoin and digital-asset infrastructure?
Yes. CFRI's TSB token-standard work includes PQC-compatible signature design.
Are you connected to the Waterloo quantum ecosystem?
Yes — see /locations/waterloo. We work with IQC- and Perimeter-adjacent researchers.
How to start?
Email info@cfri.io with the systems whose cryptographic surface you want inventoried first.
Next Step
PLANNING YOUR PQC MIGRATION?
Thirty minutes with operators who have already shipped what you're trying to figure out. CAD-billed. SR&ED-aware.