Inferensys

Glossary

Post-Quantum Cryptography (PQC)

Cryptographic algorithms designed to be secure against an attack by a cryptographically relevant quantum computer, intended to replace current public-key cryptosystems.
Isolated secure server room with network cables physically disconnected, minimal lighting, security-focused environment.
CRYPTOGRAPHIC MODERNIZATION

What is Post-Quantum Cryptography (PQC)?

Post-quantum cryptography refers to cryptographic algorithms, typically public-key algorithms, designed to secure data against attacks from both classical and cryptographically relevant quantum computers.

Post-quantum cryptography (PQC) is the development of cryptographic primitives that run on conventional hardware but are mathematically structured to resist Shor's algorithm and other quantum attacks. Unlike quantum key distribution (QKD), which relies on physical properties, PQC is a software-based solution intended to replace vulnerable RSA and Elliptic Curve Cryptography (ECC) in existing communication protocols and digital signatures.

The National Institute of Standards and Technology (NIST) is leading the standardization effort, selecting algorithms based on lattice-based, hash-based, and code-based mathematical problems. The primary goal is to ensure cryptographic agility, allowing sovereign cloud architectures to seamlessly swap algorithms before a cryptographically relevant quantum computer renders current public-key infrastructure obsolete.

CRYPTOGRAPHIC AGILITY

Key Features of PQC Algorithms

Post-quantum cryptography is not a monolith; it comprises distinct mathematical families, each with unique security properties, performance profiles, and implementation trade-offs. Understanding these categories is essential for building a defense-in-depth strategy against cryptographically relevant quantum computers.

01

Lattice-Based Cryptography

Relies on the hardness of solving mathematical problems on high-dimensional lattices, such as the Learning With Errors (LWE) and Short Integer Solution (SIS) problems. These schemes are currently the most promising candidates for general-purpose encryption and digital signatures.

  • Key Algorithms: CRYSTALS-Kyber (encryption), CRYSTALS-Dilithium (signatures), Falcon.
  • Advantage: Small key sizes relative to other PQC families and fast computation speed.
  • Mechanism: Security is based on adding small, carefully crafted noise to linear equations, making the system unsolvable for both classical and quantum computers.
NIST PQC Standard
CRYSTALS-Kyber selected for KEM
02

Hash-Based Signatures

Constructs digital signature schemes exclusively from the security of cryptographic hash functions. This family offers a very high security margin because its mathematical foundation is extremely well-understood and independent of number-theoretic assumptions.

  • Key Algorithms: SPHINCS+, XMSS (eXtended Merkle Signature Scheme), LMS (Leighton-Micali Signature).
  • Advantage: The most conservative, well-understood security proofs; no reliance on novel mathematical hardness assumptions.
  • Constraint: Primarily stateful (XMSS/LMS), requiring careful management of a one-time key state to prevent catastrophic failure. SPHINCS+ is stateless but has larger signatures.
Stateless
SPHINCS+ property
03

Code-Based Cryptography

Based on the difficulty of decoding a general linear code, a problem proven to be NP-hard. This family has a long history of resisting cryptanalysis, with the original McEliece cryptosystem remaining unbroken since 1978.

  • Key Algorithm: Classic McEliece.
  • Advantage: Extremely high confidence in long-term security; the fastest encapsulation and decapsulation operations.
  • Constraint: Very large public keys (hundreds of kilobytes to over a megabyte), making it unsuitable for bandwidth-constrained environments but viable for static key distribution.
~1 MB
Classic McEliece public key size
04

Multivariate Cryptography

Security relies on the difficulty of solving systems of multivariate quadratic polynomial equations over finite fields, a problem known to be NP-hard. These schemes are typically optimized for signature generation rather than encryption.

  • Key Algorithms: Rainbow (cracked), GeMSS, UOV (Unbalanced Oil and Vinegar).
  • Advantage: Produces very short signatures with fast verification.
  • Status: Several prominent candidates have been broken during the NIST evaluation process, highlighting the need for cryptographic agility to swap algorithms if vulnerabilities are discovered.
Broken
Rainbow round 4 status
05

Isogeny-Based Cryptography

Uses the mathematical properties of maps between elliptic curves, known as isogenies. The core hard problem is finding an explicit isogeny between two supersingular elliptic curves.

  • Key Algorithm: SIKE (Supersingular Isogeny Key Encapsulation).
  • Advantage: Offers the smallest key sizes of any post-quantum key encapsulation mechanism.
  • Status: SIKE was completely broken in 2022 using a classical attack on a single-core computer in under an hour, demonstrating the critical importance of ongoing cryptanalysis before standardization.
< 1 hour
Time to break SIKE classically
POST-QUANTUM CRYPTOGRAPHY

Frequently Asked Questions

Essential questions about the cryptographic transition designed to protect sovereign infrastructure from cryptographically relevant quantum computers.

Post-Quantum Cryptography (PQC) is the development of cryptographic algorithms—specifically for public-key encryption, key encapsulation mechanisms (KEMs), and digital signatures—that are designed to be secure against an attack by a cryptographically relevant quantum computer (CRQC). Unlike current public-key systems such as RSA and Elliptic Curve Cryptography (ECC), which rely on the computational difficulty of integer factorization and discrete logarithm problems, PQC algorithms are built upon mathematical problems believed to be intractable for both classical and quantum adversaries. These underlying hard problems include lattice-based cryptography (e.g., Learning With Errors), code-based cryptography, multivariate polynomial cryptography, hash-based signatures, and isogeny-based cryptography. The mechanism involves constructing trapdoor functions from these problems, where performing the private operation is easy, but deriving the private key from the public key remains computationally infeasible even with Shor's algorithm running on a large-scale quantum computer.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.