Network Security
Post-Quantum Cryptography
Post-quantum cryptography is the development and adoption of cryptographic algorithms designed to remain secure against attacks by powerful quantum computers, which could break much of the asymmetric cryptography that secures today's communications.
In plain terms
Post-quantum cryptography is the new generation of encryption built to survive quantum computers. A powerful enough quantum machine could break the math behind today’s public-key cryptography, so researchers have designed replacement algorithms that even quantum computers cannot easily defeat.
Post-quantum cryptography is the field concerned with developing and deploying cryptographic algorithms that remain secure even against adversaries equipped with powerful quantum computers. It exists because quantum computing threatens the mathematical foundations of much of the asymmetric cryptography in use today. While large-scale quantum computers capable of this do not currently exist, the potential impact is severe enough, and the timelines uncertain enough, that designing, standardizing, and beginning to adopt quantum-resistant algorithms is treated as a present priority rather than a distant concern.
The threat comes from specific quantum algorithms. A quantum algorithm could efficiently solve the integer factorization and discrete logarithm problems that underpin widely used asymmetric algorithms such as RSA and Diffie-Hellman, meaning a sufficiently powerful quantum computer could break them and recover private keys. This would compromise the confidentiality of key exchanges, the trust provided by digital signatures and certificates, and much of the secure communication that relies on these algorithms. Symmetric cryptography and hash functions are less affected, since quantum attacks against them effectively reduce their strength rather than breaking them, and larger keys or output sizes restore the margin. The asymmetric algorithms are therefore the urgent focus.
A particularly important reason to act before quantum computers arrive is the harvest-now-decrypt-later threat. An adversary can record encrypted traffic or store encrypted data today and simply wait until quantum computers become capable enough to decrypt it. This means data with long-term confidentiality requirements is effectively at risk now, even though the decryption capability does not yet exist, because the protected data captured today could be exposed years later. For information that must remain confidential for a long time, the prudent response is to migrate to quantum-resistant protection sooner rather than waiting for quantum computers to materialize.
Post-quantum cryptography is built on mathematical problems believed to be hard even for quantum computers, drawn from areas different from factoring and discrete logarithms. Research has explored several families of such problems, and standardization efforts have selected algorithms for key establishment and for digital signatures based on these quantum-resistant foundations. The goal is to provide drop-in replacements for the vulnerable asymmetric algorithms so that protocols like TLS can continue to provide key exchange and authentication securely in a quantum era. These standardized algorithms are the basis for the migration now beginning across the technology industry.
Migrating to post-quantum cryptography is a substantial undertaking, which is why it is being approached deliberately. The vulnerable algorithms are embedded in countless protocols, products, certificates, and systems, and replacing them touches a vast amount of infrastructure. Migration involves inventorying where vulnerable cryptography is used, ensuring systems can support new algorithms, and transitioning carefully, often using hybrid approaches that combine a classical and a post-quantum algorithm so that security holds as long as either remains unbroken. The concept of cryptographic agility, designing systems so algorithms can be changed without major redesign, is central to making this and future transitions manageable.
The timeline and urgency involve genuine uncertainty, which shapes how organizations plan. No one knows exactly when, or whether, quantum computers powerful enough to break current cryptography will exist, but the combination of the harvest-now-decrypt-later risk, the long life of some data and systems, and the time required to migrate means waiting for certainty is itself a risk. Standards bodies and security authorities have therefore encouraged organizations to begin preparing now, particularly for long-lived secrets and critical infrastructure, by understanding their cryptographic dependencies and planning a transition.
In practice, post-quantum cryptography is the response to the prospect that quantum computers could break the asymmetric algorithms securing today’s communications, providing new algorithms designed to resist quantum attack. It matters now because adversaries can harvest encrypted data today to decrypt later, because migration across vast infrastructure takes time, and because some data must stay secret for decades. Understanding post-quantum cryptography clarifies why the field is actively standardizing and adopting quantum-resistant algorithms, why cryptographic agility is valuable, and why preparing for a quantum future is a current security concern rather than a purely hypothetical one.