Toward Quantum-Safe Software Engineering: A Vision for Post-Quantum Cryptography Migration

TL;DR

This paper envisions a new software engineering paradigm for migrating legacy systems to post-quantum cryptography, emphasizing the development of specialized tools and frameworks like AQuA.

Contribution

It introduces the AQuA framework and outlines a three-pillar agenda for PQC-aware detection, refactoring, and verification, advancing Quantum-Safe Software Engineering.

Findings

Proposes the AQuA framework for PQC migration

Identifies key challenges in PQC-aware software engineering

Motivates a new research direction in QSSE

Abstract

The quantum threat to cybersecurity has accelerated the standardization of Post-Quantum Cryptography (PQC). Migrating legacy software to these quantum-safe algorithms is not a simple library swap, but a new software engineering challenge: existing vulnerability detection, refactoring, and testing tools are not designed for PQC's probabilistic behavior, side-channel sensitivity, and complex performance trade-offs. To address these challenges, this paper outlines a vision for a new class of tools and introduces the Automated Quantum-safe Adaptation (AQuA) framework, with a three-pillar agenda for PQC-aware detection, semantic refactoring, and hybrid verification, thereby motivating Quantum-Safe Software Engineering (QSSE) as a distinct research direction.