Cloud servers, IoT sensors, and military networks face different constraints - here’s how architects select the right post-quantum algorithms for each.
1. Introduction: The Smart City Dilemma
Imagine you are the Chief Software Architect for a massive “Smart City” project. Your mandate is to ensure that the entire city’s digital infrastructure is completely safe from the impending quantum computing threat.
You sit down at your desk and look at your network map. You realize you aren’t just securing one type of computer.
- In the city center, you have a massive, climate-controlled Cloud Data Center with fiber-optic internet and infinite processing power.
- In the citizens’ pockets, you have millions of Smartphones running on variable 4G and 5G connections.
- Buried under the asphalt of the streets, running on watch batteries that must last for ten years, you have thousands of tiny Smart Traffic Sensors.
If you try to force all three of these systems to use the exact same Post-Quantum Cryptography (PQC) algorithm, your smart city will fail. The massive keys will drain the batteries of the traffic sensors in a week, and the network will choke on fragmented data.
Previously, we compared the raw specs of the new PQC algorithms. Today, we flip the perspective. We are going to look at the systems themselves. We will categorize real-world hardware into three distinct “Profiles” and show you exactly how to choose the right quantum-proof tools for each environment.
2. Profile A: The “Unconstrained” Environment
The Systems: Cloud Servers, Desktop PCs, Laptops, and modern Web Browsers.
The Characteristics: These systems are plugged into the wall (infinite power), possess high-end multi-core CPUs, and are connected via broadband or fiber-optic internet (massive bandwidth).
For these systems, developers do not need to worry about squeezing every last byte out of a network packet. The primary goal is finding a balanced, fast, and easy-to-implement standard that integrates smoothly with existing web protocols like TLS (HTTPS).
The Chosen Algorithms:
- Key Exchange: ML-KEM (formerly Kyber).
- Digital Signatures: ML-DSA (formerly Dilithium).
Why Developers Choose Them:
These two algorithms form the default “broadsword and shield” of the modern internet. Because ML-KEM and ML-DSA are based on standard Lattice math, they only require simple whole-number arithmetic. This means they are incredibly easy for developers to code securely.
While their cryptographic keys are relatively large (~1,100 to 2,400 bytes), an unconstrained system on a Wi-Fi or broadband connection can download a 2,400-byte signature in a fraction of a millisecond. The user won’t even notice.
- Real-World Application: When you log into your bank’s website from your laptop, the web server (Profile A) and your browser (Profile A) will default exclusively to ML-KEM and ML-DSA.

Cloud servers and desktop PCs have the bandwidth and power to use the default NIST Lattice standards without breaking a sweat.
3. Profile B: The “Bandwidth Constrained” Edge
The Systems: IoT Smart Devices, Pacemakers, DNSSEC (Domain Name System Security Extensions), and Low-Power Radio Networks (like LoRaWAN).
The Characteristics: These systems operate in harsh environments. They run on tiny microcontrollers, use batteries that cannot be recharged, and operate on highly restrictive networks where sending large amounts of data causes catastrophic failures.
The MTU Bottleneck
To understand this constraint, developers must understand the MTU (Maximum Transmission Unit). On the internet, data is chopped into packets. The standard MTU (the maximum size of a packet) is 1,500 bytes.
If you try to squeeze the default signature algorithm, ML-DSA (which is 2,400 bytes), through a 1,500-byte pipe, the router has to chop it in half. This is called Packet Fragmentation. In deep IoT networks or strict protocols like DNS, packet fragmentation often results in the data being dropped completely. The connection dies.
The Chosen Algorithms:
Digital Signatures: FN-DSA (formerly FALCON).
Why Developers Choose It:
When you absolutely, positively cannot exceed the MTU limit, you reach for the scalpel. FN-DSA uses specialized “Origami-folded” Lattice math to crush the signature size down to a mere 660 bytes. It fits comfortably inside a single packet with plenty of room to spare.
- The Developer Warning: As we learned previously, FN-DSA requires complex decimal (floating-point) math. Developers must be incredibly careful when implementing it on IoT chips to avoid “Timing Attacks.” You only use this algorithm when the physics of your network force you to.

In bandwidth-constrained environments, standard algorithms cause packet fragmentation. Compact algorithms like FN-DSA are required to keep the connection alive.
4. Profile C: The “Deep Future” (High Paranoia)
The Systems: Root Certificate Authorities (CAs), Military Tunnels, Satellite Firmware Updates, and Submarine Communications.
The Characteristics: These systems are dealing with data that must remain secret or verifiable not just for five years, but for fifty years. The speed of the connection and the size of the keys are completely irrelevant. The only metric that matters is absolute, unquestionable mathematical paranoia.
The Chosen Algorithms:
- Key Exchange: Classic McEliece.
- Digital Signatures: SLH-DSA (formerly SPHINCS+).
Why Developers Choose Them:
These algorithms are massive and slow. A Classic McEliece Public Key is a colossal 1 Megabyte. An SLH-DSA signature can be up to 40 Kilobytes.
However, neither of these algorithms relies on Lattice math. McEliece relies on Error-Correcting Codes (unbroken since 1978), and SLH-DSA relies purely on Hash Functions. Because they use entirely different math, they serve as the ultimate insurance policy. If Lattice math is surprisingly broken by an academic breakthrough in 2035, these two algorithms will stand strong.
- Real-World Application: When Google issues a new “Master Key” to secure its entire global server infrastructure for the next decade, they will use SLH-DSA. They only have to generate and sign this master key once, so the 40-Kilobyte size is a negligible price to pay for unbreakable security.
5. The Golden Rule of Modern Architecture: Cryptographic Agility
Let’s say you perfectly matched the algorithms to the hardware profiles in your Smart City. Your cloud servers run ML-KEM, your traffic lights run FN-DSA, and your root servers run SLH-DSA.
Are you done? No.
The most important lesson cryptographers learned during the quantum transition is that math changes. If you hardcode ML-KEM directly into the motherboard of your systems, and ML-KEM is broken by a hacker ten years from now, you will have to physically replace every single computer and sensor in your city.
Modern developers must design systems with Cryptographic Agility.
Crypto Agility means writing your software in a modular way. Your application shouldn’t know how the encryption works; it should just know who to ask for it.
How to Build for Agility:
- Do not hardcode algorithms: Never write use_Kyber_encryption(). Instead, write use_current_standard_encryption(), which points to a separate configuration file.
- Use Abstraction Layers: Rely on major cryptographic libraries (like OpenSSL or BoringSSL). Let the experts update the math inside the library; your app just calls the library.
- Plan for “Key Expansion”: As we’ve seen, PQC keys are much larger than classical keys. When building databases today, make sure the columns storing cryptographic keys and certificates are large enough to handle unexpected future growth (e.g., avoid hard limits like VARCHAR(255)).
If you build an agile system today, upgrading to a newly discovered algorithm in 2035 will be as simple as updating a drop-down menu in a configuration file.

Cryptographic Agility means designing systems where algorithms can be swapped out like game cartridges without rewriting the core application.
Summary: The Real-World Cheat Sheet
- Profile A (Unconstrained): For cloud servers, laptops, and web browsers where bandwidth is plentiful. Use the default Lattice standards: ML-KEM and ML-DSA.
- Profile B (Bandwidth Constrained): For IoT devices and strict network protocols (DNSSEC) where large packets drop. Use the compact (but complex) FN-DSA.
- Profile C (High Paranoia): For root certificates and permanent military VPNs where long-term security trumps performance. Use the massive, battle-tested backups: Classic McEliece and SLH-DSA.
- Cryptographic Agility: The engineering practice of building modular systems, ensuring that algorithms can be swapped out in the future without breaking the underlying application.
What’s Next?
You now possess the architectural knowledge to choose the right quantum-proof algorithms for any hardware environment on Earth. You have completed the theoretical and design phases of your journey.
But knowing what to build is different from knowing how the internet is currently building it.
Next we will look at the massive, global logistics operation happening right now to upgrade the internet. We will explore how internet protocols like TLS are physically being rewritten, what a “Hybrid Handshake” actually looks like over the wire, and the exact steps the tech industry is taking to migrate trillions of dollars in global commerce without causing a single outage.

Top comments (0)