What is Post-Quantum Cryptography
Post-quantum cryptography uses algorithms that remain secure even against quantum computers — protecting data from "harvest now, decrypt later" attacks where adversaries record encrypted traffic today and decrypt it once quantum computers are powerful enough.
What is the threat?
Today's encryption relies on mathematical problems that classical computers can't solve efficiently. RSA depends on factoring large numbers. Elliptic curve cryptography depends on the discrete logarithm problem. A sufficiently powerful quantum computer running Shor's algorithm could break both in hours.
The danger isn't theoretical. Intelligence agencies and other adversaries are already recording encrypted traffic. If a quantum computer becomes available in 10 or 20 years, every TLS session, VPN tunnel, and encrypted email captured today could be retroactively decrypted. This is the "harvest now, decrypt later" threat.
What are the new algorithms?
NIST standardized the first post-quantum algorithms in 2024:
- ML-KEM (formerly CRYSTALS-Kyber) — a key exchange mechanism based on lattice problems. This is the primary replacement for Diffie-Hellman and elliptic curve key exchange in TLS.
- ML-DSA (formerly CRYSTALS-Dilithium) — a digital signature algorithm for authentication.
These algorithms are based on mathematical problems that quantum computers are not known to solve efficiently — primarily structured lattice problems.
How is it being deployed?
Rather than switching entirely to new algorithms, the industry is deploying hybrid key exchange — combining a classical algorithm (like X25519) with a post-quantum algorithm (like ML-KEM) in the same handshake. If either algorithm is secure, the connection is secure. Chrome and Cloudflare have been using hybrid key exchange in TLS since 2024.
Why it matters
Post-quantum cryptography is not about some distant future. The migration is happening now. Every TLS connection, every certificate, every cipher suite will need to transition to quantum-safe algorithms. The organizations that start now protect their historical traffic. Those that wait leave it permanently vulnerable.