What is Post-Quantum Cryptography?

Post-quantum cryptography develops cryptographic algorithms resistant to attacks by both classical and quantum computers, preparing for the era when quantum machines break current encryption.

What is post-quantum cryptography?

Post-quantum cryptography (PQC) refers to cryptographic algorithms designed to resist attacks from both classical and quantum computers. Current public-key cryptography (RSA, ECC, DH) will be broken by sufficiently powerful quantum computers running Shor's algorithm, requiring new mathematical foundations for secure communications.

Why does quantum computing threaten current cryptography?

Quantum computers running Shor's algorithm can efficiently factor large integers and solve discrete logarithm problems, breaking RSA, ECC, and Diffie-Hellman key exchange. Grover's algorithm also weakens symmetric ciphers by halving effective key lengths, though doubling key sizes mitigates this. The asymmetric cryptography threat is existential.

What PQC algorithms has NIST standardized?

NIST has standardized ML-KEM (formerly CRYSTALS-Kyber) for key encapsulation and ML-DSA (formerly CRYSTALS-Dilithium) and SLH-DSA (formerly SPHINCS+) for digital signatures. These algorithms are based on lattice problems and hash functions respectively, providing quantum-resistant alternatives to RSA and elliptic curve algorithms.

What is the harvest-now-decrypt-later threat?

Harvest-now-decrypt-later describes adversaries collecting encrypted data today with the intention of decrypting it once quantum computers become capable. This is particularly concerning for data with long confidentiality requirements like government secrets, healthcare records, and financial data that must remain protected for decades.

How should organizations prepare for post-quantum cryptography?

Organizations should inventory all cryptographic usage (crypto agility assessment), prioritize systems protecting long-lived secrets, begin testing NIST-standardized PQC algorithms, plan migration roadmaps, update procurement requirements to include PQC readiness, and implement hybrid approaches combining classical and quantum-resistant algorithms during transition.

What is crypto agility?

Crypto agility is the ability to quickly switch cryptographic algorithms without significant system redesign. Organizations should architect systems with abstracted cryptographic layers, configurable algorithm selection, and modular implementations that allow seamless migration to post-quantum algorithms when needed.

When will quantum computers break current encryption?

Expert estimates vary, but most predict cryptographically relevant quantum computers (CRQC) could emerge between 2030 and 2040. Given the time required for cryptographic migration, organizations should begin planning and implementing PQC transitions now, especially for systems protecting data with long-term confidentiality requirements.

What is hybrid cryptography in the PQC context?

Hybrid cryptography combines a classical algorithm (like ECDH) with a post-quantum algorithm (like ML-KEM) so that the system remains secure even if one algorithm is broken. This approach provides backward compatibility during the transition period while adding quantum resistance, and is recommended by NIST for early PQC adoption.