Review: Post Quantum Encryption

Are you ready for the Quantum Computing era?

The landscape of cybersecurity is constantly evolving, and one of the most significant shifts on the horizon is the rise of quantum computing. Quantum computers have the potential to break current encryption algorithms, making our sensitive data vulnerable. It's a race against time, and the time to prepare for post-quantum cryptography (PQC) is now.

What’s Going On With Quantum Computers and Security?

Quantum computers sound like science fiction, but they are real and coming fast.

The big issue?

Quantum computers could break the encryption that protects our private data today. That means what’s safe now could be “easy pickings” later—unless we change how we protect our data.

What’s the Big Deal About “Harvest Now, Decrypt Later”?

Hackers and spies may already be collecting encrypted data today, planning to crack it when quantum computers get strong enough. This is called the “harvest now, decrypt later” threat.

It’s a race to get ready—so organizations, governments, and standards groups are moving fast to upgrade our security before quantum computers become mainstream.

What Is Post-Quantum Cryptography (PQC)?

Post-Quantum Cryptography (PQC) is the next generation of encryption. It uses clever mathematical tricks that even quantum computers can’t easily solve. PQC will:

• Keep data safe.

• Meet new rules and regulations.

• Protect secrets for the long-term.

The U.S. National Institute of Standards and Technology (NIST) has picked new algorithms they believe are safe from quantum attacks, like ML-KEM for encrypting data and ML-DSA for digital signatures.

What’s Changing and When?

Organizations like NIST and major governments say businesses need to switch to post-quantum security soon:

• 2025: New firmware and software signing should use quantum-safe standards. (Here we are)

• 2030: Browsers and more will drop “old” insecure encryption. (Hilariously only 5 years)

So, even if quantum computers aren’t here yet, the world is already preparing.

What Are Quantum-Safe Algorithms?

Quantum-safe (or quantum-resistant) algorithms are cryptographic methods believed to remain secure even when quantum computers are available. Unlike current encryption like RSA or ECC, which are susceptible to quantum attacks (such as Shor’s algorithm), these new algorithms are built on math problems that even quantum computers cannot solve efficiently.

Main Types of Quantum-Safe Algorithms

1. Lattice-Based Cryptography

   • How it works: Relies on the difficulty of certain lattice problems (like the “shortest vector problem”) which are hard for both classical and quantum computers.

   • Examples: Kyber (ML-KEM, for encryption/key exchange), NTRU, CRYSTALS-Dilithium (ML-DSA, for signatures).

   • Why it matters: Lattice-based algorithms are the current front-runners for many uses and are among NIST’s PQC standards for key exchange and signatures.

2. Hash-Based Cryptography

   • How it works: Uses secure hash functions for digital signatures, instead of mathematics vulnerable to quantum attacks.

   • Examples: XMSS (eXtended Merkle Signature Scheme), LMS (Leighton-Micali Signature).

   • Why it matters: Especially robust for digital signatures, great for things like firmware/software updates and secure boot.

3. Code-Based Cryptography

   • How it works: Based on the difficulty of decoding random linear codes, a tough problem for any computer.

   • Examples: McEliece cryptosystem, Niederreiter.

   • Why it matters: Has stood the test of time and so far no one (classical or quantum) has found practical attacks.

4. Multivariate-Polynomial Cryptography

   • How it works: Relies on solving systems of multivariate polynomial equations over finite fields, which is computationally hard.

   • Examples: Rainbow (though recently found to have vulnerabilities), UOV (Unbalanced Oil and Vinegar).

   • Why it matters: Useful particularly for digital signatures.

5. Isogeny-Based Cryptography

   • How it works: Uses isogenies between elliptic curves—a very challenging math problem for quantum computers.

   • Examples: SIKE (though recently broken), SIDH.

   • Why it matters: Promising but under active research as some recent schemes have been broken.

Symmetric Key Algorithms

• Symmetric algorithms like AES are mostly considered quantum-safe with longer keys. Quantum computers can only “halve” their security (Grover’s algorithm), so using AES-256 is considered very strong for the foreseeable future.

What About Quantum Key Distribution (QKD)?

While PQC is about designing new “classical” cryptographic algorithms that are resistant to attacks from quantum computers, Quantum Key Distribution (QKD) is a completely different approach: it uses the laws of quantum physics itself to secure communication.

What is QKD?

Quantum Key Distribution is a method for two parties to create and share a secret encryption key over an insecure network, using quantum particles (typically photons). T

How does it work?

• QKD uses individual photons (particles of light) to encode key information.

• Any attempt to eavesdrop on the quantum channel will disturb the photons’ state, alerting the legitimate users that their communication isn’t private.

• Once a secure key is shared, it can be used with standard symmetric encryption (like AES) to encrypt real data.

QKD vs Post-Quantum Cryptography (PQC)

Is QKD the Future?

QKD is scientifically amazing, but it’s not a replacement for PQC for most practical problems. It needs:

• Special optical hardware and secure channels between each pair of users;

• Careful management of key material;

• It currently works best over limited distances and often only in specialized environments (like linking banks in a city).

Summary

• PQC: Upgrade your algorithms (software solution), works everywhere today, future-proof against quantum attacks.

• QKD: Uses special quantum hardware to detect eavesdropping and distribute keys, mainly suited to specialized, high-value links.

Should You Care?

For most organizations, deploying PQC is the practical and mandatory step. QKD may eventually be deployed in niche environments where absolutely maximum security is required and the infrastructure budget is very large (military, top financial networks).

What Should Organizations Do NOW?

1. Update key exchanges first: Start using quantum-safe algorithms to protect communications.

2. Don’t panic about certificates: You can phase in quantum-safe certificates as standards mature.

3. Make your setup “crypto agile”: Choose hardware and software that can be updated easily if an algorithm is cracked.

4. Keep an inventory: Know what tech you use and how sensitive your data is—it’ll help you plan the upgrade.

5. Test and experiment: Try PQC tools in your systems, see what works, and watch for new standards.

---

Bottom Line

Quantum computers aren’t science fiction any more—they’re coming. Cybersecurity needs a massive upgrade to stay ahead. Start testing PQC, follow government guidelines, and get your organization moving before your secrets are at risk!

---

References

1. “What is post-quantum cryptography (PQC)?” Cloudflare Learning

2. “What is Post-Quantum Cryptography?” Palo Alto Networks

3. “wolfHSM with PQC: Preparing Hardware Security Modules for the Post-Quantum Era” YouTube

4. “Post-Quantum TLS 1.3 Over UART” YouTube

5. Quantum Economic Development Consortium (QED-C). A guide to a quantum-safe organization. Arlington, VA: SRI International, July 2022. https://quantumconsortium.org/publication/a-guide-to-a-quantum-safe-organization/.