# The recommended PQC migration strategy is 'hybrid mode' - using both classical and post-quantum algorithms simultaneously

**Date:** 2025-12-18  
**Tags:** Cryptography, Security, PostQuantum  
**URL:** https://kelexine.is-a.dev/til/hybrid-pqc-deployment

---

TIL: The recommended PQC migration strategy is 'hybrid mode' - using both classical and post-quantum algorithms simultaneously. If either is broken, the other protects. This lets you adopt PQC now while classical algorithms are still trusted, ensuring security even if PQC has undiscovered flaws.


```python
# Hybrid key derivation (both must be broken to compromise)
def hybrid_key_exchange(classical_sk, pq_sk, peer_keys):
    classical_secret = ecdh_derive(classical_sk, peer_keys.ecdh)
    pq_secret = ml_kem_decapsulate(pq_sk, peer_keys.ml_kem)
    
    # Combine: attacker needs to break BOTH
    return kdf(classical_secret + pq_secret)
```




---

*This content is available at [kelexine.is-a.dev/til/hybrid-pqc-deployment](https://kelexine.is-a.dev/til/hybrid-pqc-deployment)*