Quantum computing poses a new and serious threat to modern encryption. Powerful algorithms like Shor’s can factor large numbers (the foundation of RSA/ECC security) exponentially faster than classical computers. A sufficiently large quantum computer could break most current public-key systems in seconds or minutes. Even symmetric ciphers are weakened: Grover’s algorithm can give a quadratic speedup for brute-force searches, effectively halving key strength (for example, a 256-bit key could be broken with roughly 2^128 operations). Experts warn that cryptographically relevant quantum computers (CRQCs) may appear within a decade. In other words, adversaries might already be “harvesting” encrypted data today to decrypt in the future. The only long-term defense is to switch to quantum-resistant cryptography (also known as post-quantum cryptography, or PQC) – new algorithms built on mathematical problems that quantum computers cannot efficiently solve.
Post-quantum cryptography (PQC) refers to encryption methods designed to remain secure even in the face of quantum attacks. This is different from quantum cryptography (quantum key distribution), which uses quantum physics to exchange keys. PQC algorithms run on conventional hardware. A key family of PQC is lattice-based cryptography: for example, NIST’s finalists include CRYSTALS-Kyber (a key-encapsulation/encryption scheme) and CRYSTALS-Dilithium (a digital signature scheme). Other PQC families (hash-based, code-based, multivariate) rely on hard mathematical problems that current quantum algorithms are not known to break. Together, these provide post-quantum encryption that is believed to be “quantum-proof.”
- Lattice-based: Built on hard lattice problems. Examples: CRYSTALS-Kyber (encryption/KEM) and Dilithium (signatures).
- Hash-based signatures: Built from one-way hash chains. Example: the SPHINCS+ signature scheme.
- Code-based: Based on error-correcting code problems (e.g. variants of McEliece).
- Multivariate: Uses multivariate polynomial equations (some NIST candidates were in this class).
Each of these approaches yields quantum-resistant encryption, cryptographic problems for which no efficient quantum attack is known. They form the foundation of the new post-quantum encryption standards now being adopted.
Standards and Global Initiatives
Standards bodies and governments worldwide are racing to adopt PQC. In August 2024, NIST finalized its first post-quantum encryption standards. These define new FIPS-approved public-key encryption and signature algorithms based on Kyber and Dilithium. NIST emphasizes these standards are “ready for immediate use” and urges organizations to begin transitioning now, since full integration will take time. At the same time, NIST continues to evaluate additional PQC candidates as backup algorithms (planning more encryption and signature schemes in the next rounds).
In the U.S., the NSA’s 2022 CNSA 2.0 advisory (Commercial National Security Algorithm Suite 2.0, often abbreviated CSNA 2.0) updated national security guidelines to include quantum-resistant algorithms. It notes that the CNSA 2.0 algorithms “have been analyzed as secure against both classical and quantum computers”, and advises agencies to prepare for their adoption. For example, future federal guidance will require stateful hash-based signature schemes (per NIST SP 800-208) for code and firmware signing. Other regions are also taking action: for instance, in 2024–25 the European Commission published a coordinated roadmap for a synchronized transition to PQC across EU member states.
Preparing for a Quantum-Safe Future
Organizations today should adopt crypto-agility, designing systems so that cryptographic algorithms and keys can be rapidly changed as threats evolve. This means planning now for a future where the cryptographic landscape can shift. Key steps include:
- Inventory and classify assets: Catalog all uses of cryptography (TLS, VPNs, SSH, code signing, data protection, etc.) and note the lifetimes of each key or certificate. Focus on long-lived secrets (e.g. code-signing certificates, legacy PKI keys, archival data) which are especially vulnerable to “harvest now, decrypt later” attacks.
- Plan migration paths: For each system, determine how it can support quantum-resistant algorithms (for example, upgrading cryptographic libraries or configurations). Some organizations may choose to adopt a hybrid encryption approach during transition, using both classical and PQC algorithms in parallel, to verify compatibility and correctness and provide defense-in-depth security to misconfigurations and incorrect usage.
- Adopt PQC-ready tools: Choose cryptographic products that support future algorithms. Modern Hardware Security Modules (HSMs) and key management services should be able to import and manage PQC keys. For instance, Garantir’s enterprise cryptographic services already support both classical and post-quantum algorithms, making the shift smoother.
- Train staff and update policies: Educate IT and security teams about the quantum threat. Update security policies and standards to require quantum-resistant algorithms where appropriate (for example, code signing under CNSA 2.0). Stay informed on evolving guidance from NIST, NSA, EU, and other bodies, and revise compliance programs accordingly.
Beyond planning, organizations can start testing PQC today. Some vendors and open-source libraries now offer trial implementations of PQC algorithms (e.g. lattice-based encryption and signature libraries). While PQC keys and ciphertexts are larger and performance may differ from legacy schemes, early testing will reveal practical issues and ensure a smoother ultimate rollout.
Secure Your Future Today. Talk to our experts about post-quantum readiness.
Visit www.garantir.io or contact us at (858) 751-4865 & info@garantir.io.