# Post-Quantum Cryptography: Securing Data Against the Quantum Threat **Author:** kelexine **Date:** 2025-12-18 **Category:** Security **Tags:** Cryptography, Security, Quantum Computing, Encryption, NIST **URL:** https://kelexine.is-a.dev/blog/post-quantum-cryptography-2025 --- # Post-Quantum Cryptography: Securing Data Against the Quantum Threat The encryption protecting your data today has an expiration date. Quantum computers, when sufficiently powerful, will be able to break the cryptographic algorithms that currently secure everything from banking transactions to state secrets. This isn't a theoretical concern for the distant future. The "harvest now, decrypt later" threat is real: adversaries are collecting encrypted data today, storing it until quantum computers can break the encryption. For data with long-term sensitivity—medical records, trade secrets, classified information—the threat is already here. ## The Quantum Threat Explained ### Why Current Encryption Is Vulnerable Modern encryption relies on mathematical problems that are computationally infeasible for classical computers: - **RSA**: Based on the difficulty of factoring large prime numbers - **Elliptic Curve Cryptography (ECC)**: Based on the discrete logarithm problem - **Diffie-Hellman**: Based on similar mathematical foundations Quantum computers change the game. Shor's algorithm, when run on a sufficiently powerful quantum computer, can solve these problems exponentially faster than classical computers. ```python # Classical vs Quantum Factoring Complexity classical_factoring = "O(exp((ln n)^(1/3) * (ln ln n)^(2/3)))" # Sub-exponential quantum_factoring = "O((log n)^3)" # Polynomial with Shor's algorithm # A 2048-bit RSA key: # Classical: ~300 trillion years to crack # Quantum (future): Hours to crack ``` ### Timeline Uncertainty While large-scale quantum computers capable of breaking encryption don't exist yet, timelines are uncertain: - **Conservative estimates**: 15-30 years - **Optimistic estimates**: 5-10 years - **"Unknown unknown"**: Breakthrough could accelerate timelines The uncertainty itself demands action—if your data needs protection for 10+ years, you should be migrating now. ## NIST Post-Quantum Standards The National Institute of Standards and Technology (NIST) has been running a post-quantum cryptography competition since 2016. In August 2024, the first standards were finalized. ### Standardized Algorithms **FIPS 203 - ML-KEM (formerly CRYSTALS-Kyber)** - **Purpose**: Key encapsulation (secure key exchange) - **Foundation**: Module lattice problems - **Use Case**: Establishing shared secrets for encrypted communications **FIPS 204 - ML-DSA (formerly CRYSTALS-Dilithium)** - **Purpose**: Digital signatures - **Foundation**: Module lattice problems - **Use Case**: Authenticating messages and documents **FIPS 205 - SLH-DSA (formerly SPHINCS+)** - **Purpose**: Digital signatures - **Foundation**: Hash-based cryptography - **Use Case**: Alternative signature scheme with different security assumptions ### Additional Standards Coming - **FIPS 206 - FN-DSA (formerly FALCON)**: Another lattice-based signature scheme - **HQC (Hamming Quasi-Cyclic)**: Selected March 2025 as backup KEM algorithm, offering diversification from lattice-based approaches ## Understanding the Algorithms ### Lattice-Based Cryptography Most NIST selections are based on mathematical lattice problems: ```javascript // Conceptual: Lattice Problem // Finding shortest vector in high-dimensional lattice // Easy to construct, hard to solve const latticeProblem = { input: "High-dimensional lattice structure", challenge: "Find shortest non-zero vector", security: "No known efficient classical or quantum algorithm", basis: "Learning With Errors (LWE) problem" }; ``` **Advantages**: - Strong security properties - Efficient performance - Versatile (works for encryption and signatures) **Considerations**: - Larger key sizes than ECC - Relatively new (less real-world testing) ### Hash-Based Cryptography SLH-DSA uses hash functions as its foundation: **Advantages**: - Security based on well-understood hash functions - Conservative, time-tested approach **Considerations**: - Larger signatures - Slower performance ### Code-Based Cryptography HQC is based on error-correcting codes: **Advantage**: Different mathematical foundation provides diversification **Use**: Backup algorithm if lattice-based cryptography encounters issues ## Transition Timeline ### Official Guidance | Timeline | Milestone | |---|---| | **Now - 2030** | Deprecate 112-bit security algorithms | | **By 2030** | Deprecate RSA, ECDSA, EdDSA, DH, ECDH | | **By 2035** | Complete transition to PQC | The 2035 deadline aligns with White House National Security Memorandum 10 (NSM-10) for US Federal systems. ### Practical Transition Steps 1. **Cryptographic Inventory**: Identify all systems using vulnerable algorithms 2. **Risk Assessment**: Prioritize based on data sensitivity and longevity 3. **Hybrid Deployment**: Use PQC alongside classical algorithms during transition 4. **Testing and Validation**: Ensure compatibility and performance 5. **Full Migration**: Phase out classical algorithms ```python # Hybrid Encryption Pattern class HybridEncryption: def __init__(self): self.classical = ECDH() # Current standard self.post_quantum = MLKEM() # NIST PQC standard def key_exchange(self, peer_public_keys): # Combine both key exchanges classical_secret = self.classical.derive(peer_public_keys.ecdh) pq_secret = self.post_quantum.decapsulate(peer_public_keys.mlkem) # Final secret requires both to be compromised combined_secret = KDF(classical_secret + pq_secret) return combined_secret ``` ## Implementation Considerations ### Performance Impact PQC algorithms generally have larger keys and signatures: | Algorithm | Key Size | Signature/Ciphertext | Performance | |---|---|---|---| | RSA-2048 | 256 bytes | 256 bytes | Baseline | | ML-KEM-768 | 1,184 bytes | 1,088 bytes | Faster than RSA | | ML-DSA-65 | 1,952 bytes | 3,293 bytes | Slower than ECDSA | ### Protocol Updates Many protocols need updates: - **TLS**: Post-quantum key exchange already supported in TLS 1.3 - **SSH**: PQC key exchange being standardized - **VPNs**: Protocol updates in progress - **Email (S/MIME, PGP)**: Specification work underway ### Hardware Considerations - **Hardware Security Modules (HSMs)**: Require firmware updates - **Smart Cards**: May need replacement - **IoT Devices**: Limited update capability may require replacement ## Industry Adoption ### Early Movers Tech giants are already deploying PQC: - **Google**: Experimenting with hybrid TLS in Chrome - **Cloudflare**: PQC support for internal services - **Signal**: Hybrid key agreement protocol - **Apple**: PQ3 protocol for iMessage ### Regulated Industries Sectors with high-value, long-lived data are prioritizing: - **Government**: NSM-10 compliance deadlines - **Finance**: Protecting transaction records - **Healthcare**: Long-term patient data protection - **Aerospace/Defense**: Classified information protection ## Recommendations ### For Organizations 1. **Start Now**: Don't wait for quantum computers to become a reality 2. **Inventory Cryptography**: Know what algorithms you're using where 3. **Prioritize by Risk**: Focus on highest-value, longest-lived data first 4. **Test Hybrid Approaches**: Build experience before full migration 5. **Update Procurement**: Require PQC support in new systems ### For Developers 1. **Use Established Libraries**: Avoid implementing cryptography yourself 2. **Design for Agility**: Build systems that can swap cryptographic algorithms 3. **Test PQC Now**: Experiment with PQC libraries in non-production environments 4. **Monitor Standards**: Stay current with NIST updates > **The bottom line**: Post-quantum cryptography isn't optional—it's a necessary evolution of security practice. Organizations that begin migration now will be far better prepared than those who wait for quantum computers to become an imminent threat. --- *Next: Exploring the convergence of biology and technology—from AI-designed organisms to bio-digital materials.* --- *This content is available at [kelexine.is-a.dev/blog/post-quantum-cryptography-2025](https://kelexine.is-a.dev/blog/post-quantum-cryptography-2025)*