Post-Quantum Cryptography
What is encrypted today must withstand quantum-era attacks
A sufficiently capable quantum computer would break today's widely used encryption schemes (such as RSA or ECC). Even though such machines are still years away, the threat is already actionable today: sensitive data that must stay confidential for a long time needs protecting now. The answer is not to wait, but to plan a migration to Post-Quantum Cryptography (PQC) and to build crypto-agility.
Crypto-agility is the ability to swap cryptographic schemes quickly and in a controlled way as new standards become available or existing ones are deemed insecure.
Anti-Pattern: Harvest now, decrypt later
Attackers are already collecting encrypted, highly sensitive data (e.g. state secrets, patient records, intellectual property), expecting to decrypt it in 5 to 10 years using quantum computers. Since this data often needs to remain confidential for decades, the threat is already real today. That makes PQC a question of planning now, not of the distant future.
What to Do Now
- Crypto Inventory: Comprehensive documentation of all encryption schemes, certificates, and keys in use across the organisation. What is not visible cannot be migrated.
- Embed Crypto-Agility: Design software so that cryptographic algorithms can be swapped via configuration rather than being hard-coded.
- Migrate to PQC: Move to the standardised quantum-safe schemes (see below), prioritised by protection requirement and data shelf life.
- Hybrid Encryption: Combine classical schemes with PQC schemes for added robustness during the transition phase.
- Quantum Key Distribution (QKD): Use physical quantum effects for key distribution, only for highly specialised applications. QKD is not absolute end-to-end security: it provides no authentication and should not be relied on as the sole protection, but combined with quantum-safe cryptography (NCSC).
The Finalised NIST Standards
In August 2024, the US NIST published the first finalised PQC standards, providing a migration-ready foundation:
- ML-KEM (FIPS 203): Key establishment based on module-lattice cryptography, derived from CRYSTALS-Kyber.
- ML-DSA (FIPS 204): Lattice-based digital signatures, derived from CRYSTALS-Dilithium.
- SLH-DSA (FIPS 205): Stateless hash-based signatures, derived from SPHINCS+, as a conservative alternative.
Regulatory Context
For regulated sectors (public sector, healthcare, finance), the migration is not optional. Germany's BSI and Switzerland's NCSC recommend starting migration planning early and using hybrid schemes (classical plus PQC) during the transition. Where data must remain confidential for decades (patient records, classified information), the migration is already a compliance question today, not a purely technical decision.
The Focus: Migration Planning, Not a Deadline
Preparing infrastructure for PQC often takes years. Embedding crypto-agility early means new schemes can be adopted as soon as they mature, without starting from scratch each time. Quantum resilience is the insurance policy for data that must remain confidential 20 years from now.
FAQ
Do we really need to deal with this right now?
Yes, if the data has a shelf life of more than 5 years. Preparing infrastructure for PQC often takes years, and the "harvest now, decrypt later" attack is already under way. The groundwork must be laid today.
Are there already standardised PQC schemes?
Yes. In 2024, NIST published the first finalised PQC standards (FIPS 203 ML-KEM, FIPS 204 ML-DSA, FIPS 205 SLH-DSA). Integration into existing architectures can begin now.
References
- NIST Post-Quantum Cryptography Standards (FIPS 203/204/205). The finalised US PQC standards (ML-KEM, ML-DSA, SLH-DSA). (2024). csrc.nist.gov/projects/post-quantum-cryptography
- BSI Quantum Computers and Post-Quantum Cryptography. Information from the German Federal Office for Information Security. www.bsi.bund.de
- Cloudflare Post-Quantum Cryptography Blog. Practical insights on deploying quantum-safe protocols on the internet. blog.cloudflare.com/tag/post-quantum/
Ask AI
These links open external AI services, the conversation and its content are sent to their providers.