Abstract
As post-quantum cryptography moves from theory into deployment, organizations need a clearer view of what is real today and what still requires time. In this episode of Shielded: The Last Line of Cyber Defense, Sofia Celi, Senior Cryptography and Security Researcher at Brave, breaks down the two-speed reality shaping PQC adoption. She explains why confidentiality is already protected at scale through TLS 1.3 and hybrid post-quantum key encapsulation, now used across major browsers, CDNs, and cloud providers to defend against harvest-now-decrypt-later threats. This shift is live, scaled, and part of today’s internet. However, authentication like signatures, PKI, eID systems, and privacy-preserving proofs remains early. Lattice-based signatures are large and costly, prompting NIST’s second call for signature schemes with new mathematical foundations and smaller communication sizes. Sofia’s work on MAYO, a compact multivariate signature scheme, offers a promising path for authentication, distributed signing, and environments where signature size matters. She also examines European digital identity plans, noting the gap between policy ambition and cryptographic readiness. Current timelines overlook the immaturity of zero-knowledge systems and the privacy risks hidden in their design. Sofia closes with two practical actions any organization can take now: migrate fully to TLS 1.3 and enable hybrid post-quantum key exchange. These steps strengthen confidentiality today while the ecosystem advances authentication.
What You’ll Learn
- Why PQC deployment for confidentiality is real and already scaled in production
- How TLS 1.3 and hybrid KEMs mitigate harvest-now-decrypt-later threats
- Why authentication and signatures lag far behind despite rapid standardization work
- How MAYO targets small keys, compact signatures, and natural threshold support
- Why multivariate signatures matter for algorithm diversity and future resilience
- How zero-knowledge proofs behave differently in practice and why they require caution
- Why 2027 digital identity timelines overlook both cryptographic maturity and privacy risks
- What makes threshold cryptography attractive for distributed signing and delegated trust
- Why the first PQC steps every organization must take are simple, available, and high impact
Sofia Celi is a Senior Cryptography and Security Researcher at Brave, where she focuses on practical deployment of privacy-preserving and post-quantum cryptography. Her work spans Private Information Retrieval (PIR), zero-knowledge proof integration, TLS attestation, and the real-world application of advanced cryptography beyond blockchain. She is a co-author of MAYO, a multivariate post-quantum signature scheme submitted to NIST’s second signature call, and has led efforts to bring privacy technologies such as PIR into production environments.
Sofia serves as WG/RG Chair and Ombudsperson at the IETF, where she co-chairs a working group shaping global post-quantum protocol standards. She is an IACR ePrint co-editor, a reviewer for BlackHat, a member of the Open Technology Fund Advisory Council, and previously worked as a Cryptography and Security Researcher at Cloudflare. Her career sits at the intersection of research, protocol design, and applied security, advancing cryptography from theory into widely deployed systems.