What Is Post-Quantum Encryption (And Why Should You Care?)

In this article, we go over what post-quantum encryption is, why it matters, and what it means for everyday people and organizations.

Current cryptographic algorithms like RSA or ECC resemble a padlock that can be snapped shut effortlessly, but would take a master locksmith millions of years to crack its combination.

You can think of the master locksmith as a classical computer that, despite being super fast, is unable to factor huge numbers (different combinations) quickly.

This process of encoding information serves as the backbone of the world’s entire digital security ecosystem nowadays.

Imagine you have a library with 10,000 books. While a classical computer would read one page of one book at a time, a quantum computer would read every page of every book instantaneously (superposition).

Instead of working with bits that are either 0 or 1, quantum systems use qubits, which can exist in multiple states simultaneously. As a result, this specialized and unique architecture makes executing Shor’s Algorithm feasible.

Shor’s Algorithm is a mathematical shortcut that factors large numbers at unprecedented speeds. In short, it makes a modern supercomputer look like an ancient counting instrument.

Though quantum computers relevant to cryptography haven’t reached our desks yet, experts estimate they may be available within the next 5 or 15 years.

When that time comes, it means a total bypass of current security standards.

Cryptographically relevant quantum computers aren’t yet available, but bad actors are already rolling out the Harvest Now Decrypt Later (HNDL) strategy.

This tactic consists of collecting encrypted data today (using malicious software, insider leaks, and others), planning to decrypt it as soon as quantum computers are advanced enough and widely available.

Since different types of information may change over time, bad actors are already targeting government agencies and large organizations that hold data with a long shelf life.

That includes classified government intelligence, social security numbers, lifelong medical records, and high-stakes business information – data that can later be used for fraud and identity theft. To put it simply, any data that needs to be kept out of the public eye for the next decade is already at risk.

Similar to traditional encryption, Post-Quantum Cryptography (PQC) is also based on complex mathematical problems but introduces new cryptographic algorithms engineered to resist attacks from both classical and quantum computers.

Even though the name PQC might imply that it’s quantum technology, it isn’t. It runs on today’s hardware, and you can think of it as a ‘software patch’ for laptops, desktops, and smartphones for the quantum age. You’ll also see it mentioned as quantum resistant cryptography.

Essentially, PQC replaces current encryption equations that are easy for quantum computers to solve with mathematical challenges so complex that even quantum computers struggle to handle.

That includes different mathematical approaches, such as:

• Lattice-based cryptography: It’s like finding a needle in a haystack.
• Hash-based cryptography: It’s like turning a cake into its ingredients.
• Multivariate cryptography: It’s like untangling a ball of 10,000 different fishing lines.

In 2024, the National Institute of Standards and Technology (NIST) released the first three PQC standards: FIPS 203/ML-KEM, FIPS 204/ML-DSA, and FIPS 205/SLH-DSA, which use lattice- and hash-based modules.

It presents a verified and trustworthy roadmap for the technology sector, guaranteeing quantum-proof defenses as we make our journey towards a quantum future.

Giants of the internet like Google and Cloudflare are already integrating post-quantum encryption into their systems, underscoring the need to take quantum-proof defenses seriously.

If these companies, which are responsible for handling the most sensitive data in the world, validate the threat that may arise with Q-day (or Quantum Apocalypse), so do you.

It’s fundamental that you avoid taking a ‘wait and see’ stance to deter the possibility of being a victim in the post-quantum world.

As an everyday internet user, most apps you’re using will eventually upgrade their software with post-quantum encryption, which means you don’t have to do much.

However, we still recommend that you read blog posts and change logs to see whether your services are already on top of it or if they plan to address it. If not, you should switch to providers who are actively preparing for the quantum future.

Internxt is an excellent example of a cloud storage and internet security service that has already built post-quantum encryption into its core product.

As a business or IT team, start conducting a cryptographic audit to identify which systems rely on vulnerable RSA or ECC encryption. Then you should prioritize securing information with a long shelf-life by following NIST’s migration to PQC guides.

Migrating to global encryption standards can take years, so the only way for large organizations to stay ahead of the curve is to start preparing for migration today.

Quantum computing may still be on the horizon, but the shift to a quantum-resistant world needs to begin now.

While the HNDL threat is real and is ongoing, there are already tools and guides to fight it. The main takeaway is that you should start your transition to services with quantum-resistant encryption as soon as possible, as this is the only way to ensure your sensitive data remains protected for the next century and beyond.

Software like Internxt has already made the transition, and others are following suit, so beware of what apps you’re using to survive the Q-day.