explainer

What is Post-Quantum Cryptography?

A beginner's guide to understanding post-quantum cryptography, why it matters, and what's being done about it.

#explainer #pqc #nist #beginner
FO

FUD or Fact Team

The editorial team behind FUD or Fact, dedicated to separating quantum computing hype from reality.

Post-quantum cryptography (PQC) refers to cryptographic algorithms that are designed to be secure against attacks by both classical and quantum computers.

Why Do We Need It?

Current public-key cryptography (RSA, ECC, Diffie-Hellman) relies on mathematical problems that are hard for classical computers but can be efficiently solved by quantum computers using Shor’s algorithm.

The NIST Standardization

NIST has been running a multi-year competition to select and standardize post-quantum algorithms. In August 2024, they published three new standards:

ML-KEM (FIPS 203)

Based on the Module-Lattice Key Encapsulation Mechanism (formerly CRYSTALS-Kyber). Used for key exchange.

ML-DSA (FIPS 204)

Based on the Module-Lattice Digital Signature Algorithm (formerly CRYSTALS-Dilithium). Used for digital signatures.

SLH-DSA (FIPS 205)

Based on SPHINCS+. A hash-based signature scheme with different security assumptions.

When Should You Migrate?

The answer depends on your threat model:

  • High-value, long-term secrets: Start now (harvest now, decrypt later attacks)
  • General enterprise: Begin planning, pilot projects in 2025-2026
  • Consumer applications: Follow platform/library updates

Getting Started

  1. Inventory your cryptographic usage
  2. Identify high-priority systems
  3. Test PQC algorithms in non-production environments
  4. Plan for hybrid deployments (classical + PQC)
  5. Monitor NIST and industry guidance

The transition to post-quantum cryptography is a marathon, not a sprint. Start planning now.

Stay Informed

Get our weekly digest of quantum computing news, fact-checks, and expert analysis delivered to your inbox.

No spam. Unsubscribe anytime.