1. What is Post-Quantum Cryptography?
Post-quantum cryptography (PQC), also known as quantum-resistant or quantum-safe cryptography, refers to cryptographic algorithms that are designed to be secure against attacks from both classical computers and quantum computers.
Unlike current encryption standards like RSA and ECC (Elliptic Curve Cryptography), which rely on mathematical problems that quantum computers can solve efficiently, PQC algorithms are based on problems that remain computationally hard even for quantum computers.
Key Takeaway
PQC is not about quantum computers doing encryption. It's about classical cryptography that quantum computers cannot break.
2. Why It Matters Now
You might think that if quantum computers capable of breaking encryption are still years away, there's no urgency. This assumption is dangerously wrong for three critical reasons:
- 1.Data has a shelf life.
Medical records, financial data, government secrets, and trade secrets often need to remain confidential for 10, 20, or 30+ years. Data encrypted today must withstand threats that will exist throughout its entire lifetime.
- 2.Migration takes time.
Transitioning enterprise cryptographic infrastructure is not a quick process. Large organizations typically need 5-10 years to fully migrate their systems. Starting now means being ready when quantum computers arrive.
- 3.Attackers are already collecting.
Nation-states and sophisticated adversaries are already harvesting encrypted data, storing it until quantum computers can decrypt it. This is happening now.
3. The Quantum Computing Threat
In 1994, mathematician Peter Shor developed an algorithm that demonstrated quantum computers could efficiently solve the mathematical problems underlying RSA and ECC encryption. This theoretical breakthrough has driven decades of quantum computing research.
What Quantum Computers Will Break
| Algorithm | Type | Quantum Impact |
|---|---|---|
| RSA-2048 | Public Key | Broken |
| ECDSA / ECDH | Public Key | Broken |
| DSA | Signatures | Broken |
| AES-256 | Symmetric | Weakened (128-bit effective) |
| SHA-256 | Hash | Still secure |
Timeline Estimates
Experts estimate that cryptographically relevant quantum computers (CRQCs) capable of breaking RSA-2048 could emerge between 2030 and 2040. However, these timelines are uncertain, and breakthroughs could accelerate progress significantly.
4. Harvest Now, Decrypt Later
"Harvest now, decrypt later" (HNDL) is a threat model where adversaries intercept and store encrypted data today, with the intention of decrypting it once quantum computers become available.
This Is Happening Now
Intelligence agencies and sophisticated threat actors are believed to be actively collecting encrypted communications and stored data. Any sensitive data transmitted or stored with classical encryption is potentially at risk.
High-Risk Data Categories
- Government and military communications
- Healthcare records and genetic data
- Financial transactions and records
- Intellectual property and trade secrets
- Legal documents and contracts
- Infrastructure control systems
5. NIST PQC Standards
In August 2024, the National Institute of Standards and Technology (NIST) published the first three post-quantum cryptography standards, marking a historic milestone in cryptographic security.
ML-KEM
Module-Lattice Key Encapsulation Mechanism. For secure key exchange in TLS, VPNs, and encrypted communications.
ML-DSA
Module-Lattice Digital Signature Algorithm. For code signing, document signing, and authentication.
SLH-DSA
Stateless Hash-Based Digital Signature Algorithm. A conservative alternative based on well-understood hash functions.
6. The Algorithms Explained
ML-KEM (Kyber)
ML-KEM is based on the Module Learning With Errors (MLWE) problem. It provides a way to securely establish shared secret keys between parties. In practice, it replaces ECDH key exchange in TLS and similar protocols.
- Key sizes: 800 - 1568 bytes (depending on security level)
- Ciphertext: 768 - 1568 bytes
- Very fast: Comparable to classical algorithms
ML-DSA (Dilithium)
ML-DSA is also lattice-based, providing digital signatures that can replace RSA and ECDSA signatures. It's suitable for most signature use cases including TLS authentication, document signing, and code signing.
- Public key: 1312 - 2592 bytes
- Signature: 2420 - 4627 bytes
- Fast signing and verification
SLH-DSA (SPHINCS+)
SLH-DSA is based entirely on hash functions, making it the most conservative choice. While signatures are larger and slower, the security assumptions are minimal and well-understood.
- Public key: 32 - 64 bytes
- Signature: 7856 - 49856 bytes (much larger)
- Best for high-security, low-frequency signing
7. Implementation Strategy
Migrating to post-quantum cryptography requires a systematic approach. Here's a proven framework for enterprise PQC adoption:
Phase 1: Cryptographic Inventory
Identify all cryptographic assets in your organization:
- TLS/SSL certificates and configurations
- VPN and encrypted tunnel technologies
- Digital signature systems
- Key management systems
- Encrypted data stores
- Third-party integrations using cryptography
Phase 2: Risk Assessment
Prioritize systems based on:
- Data sensitivity and longevity requirements
- Exposure to network interception
- Regulatory requirements (NIS2, GDPR, etc.)
- Business criticality
Phase 3: Hybrid Implementation
Deploy hybrid cryptography that combines classical and post-quantum algorithms. This approach ensures:
- Backward compatibility with existing systems
- Defense in depth (if one fails, the other protects)
- Compliance with current and future requirements
Phase 4: Full Migration
Once hybrid systems are proven and classical cryptography is deprecated, transition to pure PQC implementations.
8. Migration Timeline
Cryptographic inventory, risk assessment, pilot planning
Deploy hybrid PQC in high-priority systems
Extend PQC across all enterprise systems
Phase out classical-only cryptography
9. Getting Started
The transition to post-quantum cryptography is a significant undertaking, but it doesn't have to be overwhelming. Here are your next steps:
Free Quantum Readiness Check
Start by understanding where you stand. Our free scanner analyzes your website's TLS configuration and quantum readiness in seconds.
Enterprise Assessment
For a comprehensive assessment of your organization's cryptographic infrastructure and a tailored migration roadmap, contact our team for a consultation.