Inferensys

Glossary

Post-Quantum Cryptography

Post-quantum cryptography (PQC) refers to cryptographic algorithms designed to be secure against attacks by both classical and quantum computers, protecting against the future threat of cryptographically-relevant quantum computers.
Isolated secure server room with network cables physically disconnected, minimal lighting, security-focused environment.
QUANTUM-RESISTANT CRYPTOGRAPHY

What is Post-Quantum Cryptography?

Post-quantum cryptography (PQC) is the field of cryptographic algorithms designed to be secure against attacks from both classical and quantum computers.

Post-quantum cryptography (PQC), also called quantum-resistant cryptography, comprises cryptographic algorithms designed to be secure against cryptanalytic attacks by a quantum computer. Unlike current public-key cryptosystems like RSA and ECC, which rely on the difficulty of integer factorization or discrete logarithms—problems a large-scale quantum computer could solve efficiently using Shor's algorithm—PQC algorithms are based on mathematical problems believed to be hard for both classical and quantum machines. The goal is a cryptographic transition to algorithms that will protect long-term data confidentiality and integrity in a future quantum computing era.

The development and standardization of PQC is led by institutions like NIST, which has selected algorithms such as CRYSTALS-Kyber for key encapsulation and CRYSTALS-Dilithium for digital signatures. These algorithms are based on structured lattices, a leading post-quantum candidate. Other approaches include hash-based, code-based, and multivariate cryptography. For privacy-preserving retrieval systems, PQC is critical for securing the long-term confidentiality of encrypted vector indices and ensuring that sensitive data retrieved for RAG pipelines remains protected against future quantum adversaries.

NIST STANDARDIZED & CANDIDATE ALGORITHMS

Key Post-Quantum Cryptography Algorithm Families

Post-quantum cryptography (PQC) comprises several distinct mathematical families, each offering a different approach to creating cryptographic primitives resistant to attacks by quantum computers. The U.S. National Institute of Standards and Technology (NIST) has led a multi-year standardization process to identify the most secure and practical algorithms.

03

Multivariate Cryptography

Multivariate cryptography is based on the hardness of solving systems of multivariate quadratic equations over finite fields. Security stems from the NP-completeness of the Multivariate Quadratic (MQ) problem.

  • Primary Use Case: Digital signatures.
  • NIST Candidate: Several algorithms like Rainbow were finalists, though none were selected for standardization in the latest round due to cryptanalytic advances.
  • Key Characteristics: Can produce very small signatures and offer fast verification, but often has large public keys. Recent attacks have reduced confidence in some schemes.
04

Hash-Based Cryptography

Hash-based signatures derive their security solely from the cryptographic collision-resistance of an underlying hash function (like SHA-2 or SHA-3). They use few-time or stateful mechanisms to sign many messages.

  • Primary Use Case: Digital signatures, especially for long-term security.
  • NIST Standard: SPHINCS+ (a stateless hash-based signature selected as a backup standard).
  • Key Characteristics: Security is well-understood and reduces directly to hash function security. They are conservative and considered a strong fallback option, though signature sizes are typically larger than other families.
05

Isogeny-Based Cryptography

Isogeny-based cryptography uses the mathematical theory of elliptic curves and the computational difficulty of finding an isogeny (a special kind of map) between two supersingular elliptic curves. Supersingular Isogeny Diffie-Hellman (SIDH/SIKE) was a prominent example.

  • Primary Use Case: Key exchange.
  • Current Status: A key recovery attack using a "glue-and-split" theorem was published in 2022, effectively breaking the SIDH/SIKE family. This highlights the relative youth and associated risks of this mathematical approach compared to more established families.
06

Symmetric Cryptography & Hash Functions

Symmetric cryptography (e.g., AES) and cryptographic hash functions (e.g., SHA-256, SHA-3) are generally considered quantum-resistant, but with reduced effective security. Grover's quantum search algorithm provides a quadratic speedup, effectively halving the security level in bits.

  • Impact: A 128-bit symmetric key, secure against classical brute-force (2^128 operations), provides ~64 bits of security against a quantum adversary using Grover's algorithm (2^64 operations).
  • Mitigation Strategy: The standard recommendation is to double the key size. For long-term post-quantum security, use AES-256 and SHA-384 or SHA-512.
CRYPTOGRAPHIC VULNERABILITY

How Quantum Computers Threaten Current Cryptography

The advent of scalable quantum computing presents an existential threat to the public-key cryptographic systems that secure global digital infrastructure, necessitating a transition to quantum-resistant algorithms.

Shor's algorithm, a quantum computing method, can efficiently solve the integer factorization and discrete logarithm problems that underpin RSA and Elliptic Curve Cryptography (ECC). This capability would allow a sufficiently powerful quantum computer to derive a private key from its corresponding public key, breaking the asymmetric encryption and digital signatures that protect internet communications, financial transactions, and digital identities. The threat is not immediate but is considered a 'harvest now, decrypt later' risk, where encrypted data intercepted today could be decrypted once a cryptographically relevant quantum computer is built.

In contrast, symmetric cryptography like AES and hash functions are more resilient, requiring only a doubling of key size (e.g., moving to AES-256) due to the quadratic speedup offered by Grover's algorithm. The primary defense is post-quantum cryptography (PQC), a class of algorithms based on mathematical problems believed to be hard for both classical and quantum computers, such as lattice-based, code-based, hash-based, and multivariate cryptography. Standardization efforts, led by NIST, are finalizing PQC algorithms to replace vulnerable protocols before quantum computers become a practical threat.

CRYPTOGRAPHIC PARADIGM COMPARISON

Post-Quantum vs. Classical Public-Key Cryptography

A comparison of the foundational security assumptions, mathematical structures, and operational characteristics of classical public-key algorithms (vulnerable to quantum attack) and post-quantum cryptographic (PQC) algorithms designed to be quantum-resistant.

Cryptographic Feature / MetricClassical Public-Key Cryptography (e.g., RSA, ECC, DH)Post-Quantum Cryptography (PQC) (e.g., Lattice-based, Code-based)

Underlying Hard Problem

Integer Factorization (RSA), Discrete Logarithm (ECC, DH)

Shortest Vector Problem (Lattices), Syndrome Decoding (Codes), Multivariate Equations

Security Against Quantum Computers (Shor's Algorithm)

Security Against Classical Computers

Typical Public Key Size

~256 bytes (ECC) to ~4 KB (RSA-4096)

~1 KB to ~1 MB (varies by algorithm and security level)

Typical Signature Size

~64 bytes (ECDSA) to ~512 bytes (RSA-4096)

~1 KB to ~50 KB (varies by algorithm)

Key Establishment Mechanism

Diffie-Hellman (finite field or elliptic curve)

Key Encapsulation Mechanisms (KEMs) like Kyber, FrodoKEM

Computational Performance (Relative)

Fast (optimized for decades)

Slower (2-100x overhead, algorithm-dependent)

Standardization Status

NIST FIPS 186-5, etc. (Mature)

NIST PQC Standardization (Finalists selected, transitioning)

Primary Use Case Today

TLS/SSL, SSH, digital signatures, VPNs

Pilot projects, long-term data encryption, crypto-agility preparation

CRYPTOGRAPHIC MIGRATION

Key Challenges in Migrating to Post-Quantum Cryptography

Transitioning to post-quantum cryptography (PQC) is a complex, multi-year engineering project. It involves more than just swapping algorithms; it requires a complete overhaul of cryptographic infrastructure, protocols, and operational practices to defend against future quantum attacks.

01

Algorithm Selection & Standardization

The primary challenge is selecting which post-quantum cryptographic algorithms to adopt. The National Institute of Standards and Technology (NIST) is leading global standardization, having selected CRYSTALS-Kyber for general encryption and CRYSTALS-Dilithium, FALCON, and SPHINCS+ for digital signatures. However, final standards are still being finalized, and early implementations may require updates. Organizations must evaluate candidates based on:

  • Performance characteristics (key size, speed, memory usage).
  • Security assurances and resistance to both classical and quantum attacks.
  • Implementation maturity and availability in common cryptographic libraries.
02

Cryptographic Agility & Protocol Integration

Cryptographic agility—the ability to seamlessly update cryptographic algorithms within systems—is a critical but often overlooked requirement. Most legacy systems have algorithms hard-coded into protocols like TLS, SSH, and IPsec. Migrating to PQC requires:

  • Protocol redesign to support algorithm negotiation and hybrid modes (combining classical and PQC algorithms for transitional security).
  • Extensive testing of new cryptographic suites within complex network stacks to ensure interoperability and avoid breaking changes.
  • Updates to hardware security modules (HSMs) and other dedicated cryptographic hardware, which are notoriously difficult and slow to modify.
03

Performance & Operational Overhead

PQC algorithms generally have larger key sizes, signature sizes, and higher computational costs than their classical counterparts (e.g., RSA-2048, ECC P-256). This introduces significant operational overhead:

  • Increased bandwidth and storage: Larger keys and certificates increase TLS handshake size, X.509 certificate sizes, and the storage required for signed documents.
  • Higher computational latency: Slower signing/verification or encryption/decryption can impact application performance, especially in high-throughput or low-latency environments like content delivery networks or IoT devices.
  • Infrastructure scaling: Systems may require more powerful processors or increased server capacity to handle the same workload, directly impacting operational costs.
04

Long-Term Data Protection (Harvest Now, Decrypt Later)

The most urgent driver for PQC migration is the "Harvest Now, Decrypt Later" threat. A future cryptographically-relevant quantum computer could retroactively decrypt data that is encrypted today with classical algorithms and has been intercepted and stored by an adversary. This necessitates:

  • Identifying and prioritizing "long-lived" sensitive data: Intellectual property, state secrets, medical records, and financial data with decades-long confidentiality requirements must be re-encrypted with PQC or protected with quantum-safe key encapsulation before a quantum computer arrives.
  • Implementing hybrid encryption schemes in the interim, where data is protected by both a classical and a PQC algorithm, ensuring forward secrecy against the quantum threat.
05

Inventory & Dependency Management

Enterprises often lack a complete cryptographic inventory—a detailed map of where and how cryptography is used across thousands of applications, libraries, network devices, and embedded systems. This creates massive discovery challenges:

  • Identifying cryptographic dependencies in legacy code, third-party software, and proprietary systems.
  • Managing the software bill of materials (SBOM) to track vulnerable cryptographic libraries.
  • Coordinating upgrades across diverse teams (development, IT, security, product) and with external partners in the supply chain. A single weak link (e.g., an un-upgraded IoT device) can compromise the entire system's security posture.
06

Testing, Validation, and Compliance

Thorough testing is paramount, as new mathematical foundations (e.g., lattice-based, hash-based, code-based) may introduce subtle bugs or side-channel vulnerabilities absent in classical crypto. Key validation steps include:

  • Conformance testing against official NIST reference implementations and test vectors.
  • Interoperability testing between different vendors' PQC implementations.
  • Side-channel analysis to ensure implementations are resistant to timing, power, and fault injection attacks.
  • Updating compliance frameworks (e.g., FIPS 140-3, Common Criteria) and internal security policies to mandate and validate PQC usage, which is a lengthy process involving accredited labs.
POST-QUANTUM CRYPTOGRAPHY

Frequently Asked Questions

Post-quantum cryptography (PQC) comprises cryptographic algorithms designed to be secure against attacks from future quantum computers. This FAQ addresses its core mechanisms, timeline, and integration challenges for enterprise architects.

Post-quantum cryptography (PQC), also known as quantum-resistant cryptography, is a class of cryptographic algorithms designed to be secure against cryptanalytic attacks by both classical and quantum computers. The urgency stems from Shor's algorithm, a quantum algorithm that can efficiently solve the integer factorization and discrete logarithm problems, which would break widely deployed public-key cryptosystems like RSA, ECC (Elliptic Curve Cryptography), and Diffie-Hellman. While large-scale, fault-tolerant quantum computers capable of running Shor's algorithm are not yet a reality, the threat of "harvest now, decrypt later" attacks means sensitive data encrypted today with vulnerable algorithms could be decrypted in the future once quantum computers mature. This mandates a proactive migration to PQC standards.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.