Day 27: Review, Gaps, and Synthesis

Phase 3 · August 3, 2026

Agenda (2–3 hours)

• Review (45 min): What did you not fully understand? What deserves another pass?
• Fill gaps (90 min): Targeted re-reading or re-building of weak areas
• Synthesize (30 min): Write the "Open Questions" section of the roadmap

Phase 3 Full Concepts Inventory

Go through this list honestly. Mark each: ✓ solid / ~ partial / ✗ need review.

Week 1 — Quantum Threat

• [ ] Shor's algorithm — what it solves, why it works (period finding + QFT)
• [ ] Grover's algorithm — quadratic speedup, implications for AES/SHA
• [ ] HNDL attack — mechanics, timeline, why it matters for long-lived secrets
• [ ] LWE/MLWE — why noise makes algebraic attacks fail, including quantum ones
• [ ] NIST PQC standards — which four, what type each, when finalized

Week 2 — ML-KEM and ML-DSA

• [ ] ML-KEM KEM construction — KeyGen, Encaps, Decaps, implicit rejection
• [ ] IND-CCA2 security — what it means for a KEM in practice
• [ ] ML-DSA signing — commit-challenge-respond, the abort step
• [ ] Parameter sets — 512/768/1024 for KEM, 44/65/87 for DSA

Week 3 — Hybrid and TLS

• [ ] Hybrid rationale — why "break both" is the security argument
• [ ] X25519MLKEM768 — wire format, combined secret derivation
• [ ] PQC certificate sizes — leaf/intermediate/root impact
• [ ] Composite certs vs dual delivery — tradeoffs

Week 4 — Migration

• [ ] Migration layers — 0 through 5, dependencies
• [ ] CNSA 2.0 — which algorithms, which security levels, which deadlines
• [ ] AWS PQC status — what's shipped, what's on the roadmap

Gap-Filling Options

If Shor's/Grover's is still fuzzy: re-read Day 1 + 2 notes; watch a 10-min YouTube explanation. You don't need the math, just the intuition.

If ML-KEM construction is unclear: re-read Day 8; trace through the three steps (KeyGen/Encaps/Decaps) with toy numbers (e.g., n=4, q=17).

If the migration layers feel abstract: re-read Day 22 and draw the dependency graph on paper.

If the CNSA 2.0 timeline is fuzzy: re-read Day 23 and memorize the "2025/2033" new-products/legacy split.

The "Open Questions" Section

This may be the most valuable part of your roadmap for your team.
You're on leave — there's things you can't know. Be explicit about them.

Questions to consider:

1. Does your team's provisioning service already use s2n-tls somewhere (e.g., via SDK)? If so, is hybrid TLS already being negotiated?
2. What is your team's current CA key storage mechanism? Is it already in CloudHSM, or software-only?
3. Does your provisioning service issue certs directly via ACM PCA, or does it have its own CA infrastructure?
4. What is the cert validity period for provisioned device certs? This determines HNDL exposure window.
5. Are there downstream consumers of your service's certs (other teams, customer systems) that must also migrate?
6. Does your Lambda runtime use ring or aws-lc-rs? (Check cargo tree | grep ring)

Challenge Assignment

1. Complete any gap areas identified in the concepts inventory
2. Add the "Open Questions" section to pqc-migration-roadmap.md
3. Re-read the entire roadmap — does it flow? Is every recommendation justified?
4. Write one sentence for each week of Phase 3 summarizing what you learned

Looking Ahead: Phase 4 (Aug 5–25)

Phase 4: SPIFFE/SPIRE and workload identity

You now understand classical PKI deeply (Phase 1) and know where it's going (Phase 3).
Phase 4 tackles a complementary problem: how do you authenticate services to each other
at cloud scale without managing static certificates everywhere?

SPIFFE/SPIRE solves this with workload identity — short-lived, automatically-rotated
certificates tied to workload identity (not just machine identity).
This is increasingly relevant for Lambda-based provisioning services.