Workshops Digital Media PQC Migration for CDN and Streaming
Digital Media Full Day Workshop

PQC Migration for Content Delivery Networks and Streaming Infrastructure

A technical workshop for platform engineers and CDN architects migrating high-throughput media delivery systems to post-quantum cryptography without degrading streaming performance or availability.

Full day (6 hours + Q&A)
In person or online
Max 30 delegates
Commission This Workshop View Agenda

Proud to recommend our expert members

Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside
Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside

Workshop Description

CDN and streaming infrastructure presents a specific PQC migration challenge that differs from typical enterprise IT. Edge networks terminate millions of TLS connections per second. Every additional byte in a handshake or certificate has a measurable cost in latency, memory, and compute at that scale. ML-KEM-768 key exchange adds roughly 1,100 bytes to the TLS ClientHello; ML-DSA-65 certificates are approximately four times larger than ECDSA equivalents. These are not abstract concerns for platform engineers running edge stacks at Akamai, Cloudflare, or Fastly scale.

This workshop maps the cryptographic dependencies in a typical CDN and streaming architecture: TLS termination at edge and origin, QUIC/HTTP/3 transport, DRM licence key delivery (Widevine, PlayReady), segment encryption key distribution, manifest signing, and API authentication. For each dependency, we assess the quantum risk timeline, identify the appropriate NIST FIPS 203/204/205 algorithm, and work through the performance and compatibility trade-offs. Published deployment data from Cloudflare and Google inform the performance discussion rather than theoretical projections. Participants leave with a prioritised migration sequence mapped to their own infrastructure topology.

What participants cover

  • TLS 1.3 hybrid key exchange (X25519+ML-KEM-768) deployment at CDN edge scale: handshake latency, connection memory, and throughput impact
  • Certificate lifecycle migration: managing ML-DSA certificate chain size across millions of edge endpoints with OCSP stapling and hybrid certificate strategies
  • QUIC and HTTP/3 PQC implications: connection migration, 0-RTT security, and UDP packet size constraints with larger key exchange payloads
  • Streaming protocol security: DRM licence key delivery (RSA to ML-KEM), segment encryption key distribution, and manifest integrity under PQC
  • Performance benchmarking against published Cloudflare and Google deployment data rather than theoretical models
  • Migration sequencing for CDN infrastructure: origin-to-edge first, then edge-to-client, then API endpoints, with hybrid parallel deployment

Preliminary Agenda

Full-day session structure with scheduled breaks. Content is configurable to your CDN vendor stack, streaming protocols, and DRM ecosystem.

# Session Topics
1 CDN and Streaming Cryptographic Architecture Where asymmetric cryptography sits in media delivery
2 TLS 1.3 Post-Quantum Hybrid Modes for High-Throughput Delivery ML-KEM integration in edge stacks and origin servers
  • TLS 1.3 hybrid key exchange: X25519+ML-KEM-768 handshake mechanics and overhead
  • QUIC and HTTP/3 implications: connection migration, 0-RTT, and PQC key sizes
  • Edge node TLS termination at scale: per-connection memory, CPU, and latency budgets
Break, after 50 min
3 Certificate Lifecycle and PKI Migration at CDN Scale Managing millions of certificates across edge infrastructure
  • FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA): algorithm selection for certificate signing versus key exchange
  • Certificate chain depth and size impact on TLS handshake latency (ML-DSA-65 certificates are ~3.3 KB versus ~800 bytes for ECDSA)
  • OCSP stapling and CRL distribution with larger PQC signatures; hybrid certificate strategies during transition
4 Streaming Protocol Security and DRM Transport Encryption HLS, DASH, CMAF, and content key delivery under PQC
  • Content key encryption in licence delivery (Widevine, PlayReady): RSA dependency and ML-KEM replacement path
  • Segment encryption (AES-128-CTR, CBCS): symmetric key distribution via PQC-protected channels
  • Manifest integrity and CDN cache poisoning: hash-based signature options for playlist authentication
Break, after 45 min
5 Performance Benchmarking and Migration Sequencing Measured impact on real CDN workloads
  • Published benchmarks: Cloudflare ML-KEM-768 deployment data (handshake overhead, connection throughput)
  • Prioritisation framework: origin-to-edge first, then edge-to-client, then API endpoints
  • Hybrid deployment strategies: running classical and PQC in parallel without service disruption
6 Regulatory and Standards Landscape ETSI, NIST, and sector-specific requirements
  • ETSI TS 103 744 (quantum-safe cryptography) and its relevance to media delivery
  • NIST SP 800-227 (PQC migration guidelines) and timeline expectations
  • Ofcom and EU AVMSD security requirements for streaming platform operators
7 Q&A and Migration Planning

Designed and Delivered By

Workshops are designed and delivered by QSECDEF in collaboration with sector specialists. All facilitators have direct experience in both quantum technologies and digital media systems.

QD

Quantum Security Defence

Workshop design and delivery

QSECDEF brings world-leading expertise in post-quantum cryptography, quantum computing strategy, and defence-grade security assessment. Our advisory membership spans 600+ organisations and 1,200+ professionals working at the intersection of quantum technologies and critical infrastructure security.

DI

Digital Media Partners

Domain expertise and operational validation

Digital Media workshops are co-delivered with sector specialists who bring direct operational experience in CDN operations, streaming platform engineering, and media delivery infrastructure. This ensures workshop content is grounded in the performance, scalability, and availability requirements specific to high-throughput media delivery.

Commission This Workshop

Sessions are configured around your CDN vendor stack, streaming protocols, DRM ecosystem, and edge infrastructure topology. Get in touch to discuss requirements and schedule a date.

Contact Us
Digital Media Workshops All Consulting Services All Workshops