Post-Quantum Cryptography (PQC)

Securing digital communications for the quantum era

Educational NIST 2024 Quantum-Safe

Table of Contents

→ What is PQC?
→ Quantum Threat
→ Algorithm Categories
→ NIST Standards 2024
→ Implementation Challenges
→ Migration Timeline
→ Real-World Implementations
→ Getting Started
→ PQC Tools

What is Post-Quantum Cryptography?

Post-Quantum Cryptography (PQC), also known as quantum-safe, quantum-proof, or quantum-resistant cryptography, represents the development of cryptographic algorithms designed to be secure against attacks from quantum computers. Unlike traditional encryption methods, PQC algorithms are built to withstand the computational power of quantum machines.

Most widely used public-key cryptography systems today rely on mathematical problems that are difficult for classical computers to solve, such as integer factorization, discrete logarithms, and elliptic-curve discrete logarithms. However, quantum computers running specialized algorithms could potentially solve these problems exponentially faster, rendering current encryption methods vulnerable.

The Quantum Computing Threat

Quantum computers pose a significant threat to cybersecurity by potentially breaking encryption systems that protect sensitive data worldwide. While large-scale quantum computers capable of breaking current encryption don't yet exist, experts anticipate their development within the next decade.

Key Vulnerabilities:

• RSA encryption (used in HTTPS, email, VPNs)
• Elliptic Curve Cryptography (ECC) - mobile and IoT devices
• Diffie-Hellman key exchange - secure connections
• Digital signatures - authentication systems

"Harvest Now, Decrypt Later" - Adversaries may already be collecting encrypted data with the intention of decrypting it once quantum computers become available.

PQC Algorithm Categories

Research focuses on six main approaches to quantum-resistant cryptography:

1. Lattice-based Cryptography

Based on the hardness of lattice problems in high-dimensional spaces.

CRYSTALS-Kyber (ML-KEM)

CRYSTALS-Dilithium (ML-DSA)

Falcon (FN-DSA)

NTRU

2. Hash-based Cryptography

Digital signatures based on cryptographic hash functions.

SPHINCS+ (SLH-DSA)

XMSS

Merkle Signatures

3. Code-based Cryptography

Based on error-correcting codes like Goppa codes.

Classic McEliece

BIKE

HQC

4. Multivariate Cryptography

Based on solving systems of multivariate polynomial equations.

Rainbow (compromised 2022)

Oil and Vinegar

5. Isogeny-based Cryptography

Based on properties of elliptic curve isogenies.

CSIDH

SQIsign

SIDH (broken 2022)

6. Symmetric Key Quantum Resistance

Doubling key sizes provides quantum resistance.

AES-256

SHA-384/512

NIST Post-Quantum Standards (2024)

In August 2024, NIST released the first three finalized post-quantum cryptographic standards:

FIPS 203: ML-KEM Key Encapsulation

Module-Lattice-Based Key-Encapsulation Mechanism (CRYSTALS-Kyber)

Public Key: 1,312 bytes Private Key: 2,560 bytes

FIPS 204: ML-DSA Digital Signature

Module-Lattice-Based Digital Signature Algorithm (CRYSTALS-Dilithium)

Signature: 2,420 bytes

FIPS 205: SLH-DSA Hash Signature

Stateless Hash-Based Digital Signature Standard (SPHINCS+)

Signature: 8,000 bytes

FIPS 206: FN-DSA Coming 2025

FalconSign Digital Signature Algorithm (Falcon)

Implementation Challenges

Key Sizes

PQC algorithms typically require larger key sizes than traditional cryptography. For example, ML-KEM public keys are around 1,312 bytes compared to 32 bytes for ECC-256.

Migration Complexity

Transitioning to PQC requires updating hardware, software, protocols, and infrastructure. Organizations must inventory their cryptographic systems and plan phased migrations.

Performance Impact

Some PQC algorithms require more computational resources. However, lattice-based schemes like Kyber and Dilithium offer good performance on modern hardware.

🔐Hybrid Approaches

Many organizations implement hybrid encryption combining traditional and post-quantum algorithms to ensure security during the transition period.

PQC Migration Timeline

2024

NIST Standards Released

First three PQC standards finalized (ML-KEM, ML-DSA, SLH-DSA)

2025–27

Early Adoption Phase

Organizations begin implementing PQC in new systems and critical infrastructure

2030–35

Widespread Migration

Transition period for most organizations to upgrade legacy systems

~2035

Quantum Computing Maturity

Estimated timeframe when quantum computers may threaten current encryption

Real-World PQC Implementations

Messaging Applications Active

Signal uses PQXDH (Post-Quantum Extended Diffie-Hellman), Apple iMessage deployed PQ3 with ongoing rekeying for Level 3 security.

Web Browsers & CDN Testing

Google Chrome, Firefox, and Cloudflare have tested hybrid PQC in TLS connections using X25519+Kyber.

Security Keys Available

Google released FIDO2 security keys with ECC/Dilithium hybrid signatures in partnership with ETH Zürich.

Getting Started with PQC

Inventory Your Systems

Identify all cryptographic systems, certificates, and algorithms currently in use.

Assess Risk & Priority

Determine which systems handle long-lived sensitive data requiring immediate protection.

Test PQC Algorithms

Use libraries like liboqs or BouncyCastle to test PQC implementations in development environments.

Deploy Hybrid Solutions

Implement hybrid approaches combining traditional and PQC algorithms for backward compatibility.

Monitor Standards Evolution

Stay updated with NIST publications and industry best practices as the field evolves.

Try the Tools

Use our post-quantum cryptography tools to evaluate your security posture:

PQ Validator

Check certificate quantum resistance

Use Tool →

🔐

PQ Cipher Suite

Generate PQC keys and encrypt data

Use Tool →

🌐

Domain PQ Status

Analyze domain PQC readiness

Use Tool →

Learn More

→ Documentation → All Security Tools → Security Blog → API Reference