In August 2024, the NIST standardization effort for post-quantum cryptography produced the first 3 standards: ML-KEM for key encapsulation and ML-DSA and SLH-DSA for signatures. The publication of those standards initiated a massive effort to deploy these schemes in systems and applications. Already today, all major web browsers support ML-KEM for key agreement in TLS, the Signal messenger and Apple's iMessage upgraded their cryptographic protocols to integrate ML-KEM, and the automotive industry started putting cars on the road whose software updates are secured with ML-DSA. Most of these early successful deployments are software-only; but also upgrades to hardware roots of trust are underway to enable efficient and secure implementation of these novel algorithms. In my
talk I will look back at the NIST standardization effort and then focus on the role that trusted open-source silicon is expected to play in upgrading our cryptographic systems to post-quantum schemes.