Content
What is the quantum risk and its impact on data security?What are the implications of data sensitivity vs time?When will quantum computing pose a threat to encryption methods?Which protocols and certificates may become vulnerable in the post-quantum era?How can enterprises prepare data security strategies for the post-quantum era?Do current cloud platforms support post-quantum algorithms?Why is data classification important in the context of post-quantum readiness?What features does Fortanix DSM offer for key lifecycle management in PQC implementation?How does Fortanix DSM facilitate integration with leading applications in PQC implementation?What is Quantum Cryptography? How Does Quantum Cryptography Work? What is the Role of Quantum Properties in Ensuring Data Security? What are the Differences Between Quantum Cryptography and Traditional Cryptography What is Quantum-Safe Cryptography? What is Difference Between Quantum Cryptography and Quantum Safe Cryptography?How Will Quantum Computing Affect Cryptography? Why is Quantum Safe Cryptography Needed? How Quantum Resistant Encryption Works and What are the types of Post Quantum Cryptography (PQC) Algorithms? What are the Opportunities of Moving to Post-Quantum Cryptography? What are the Challenges of Moving to Post-Quantum Cryptography? What is the purpose of post-quantum cryptography? How does quantum key distribution work? What is quantum key distribution? What is quantum-proof encryption? How does a quantum encryption algorithm work? What is hybrid post-quantum cryptography? What are the four types of post-quantum encryption algorithms? Are AES and SHA still safe in a post-quantum world? What does quantum cryptography vs post-quantum cryptography mean? What are the challenges with PQC transition? What are the steps to PQC migration?

PQC

What is the quantum risk and its impact on data security?

The strength of data encryption depends on the algorithm used to protect it. The effectiveness of encryption relies on the algorithm's robustness against potential attacks.

Quantum risk refers to the threat of quantum computing, which could compromise encryption methods like RSA and Elliptic Curve Cryptography. This poses a challenge to the foundation of current data security practices.

What are the implications of data sensitivity vs time?

The "Harvest now, decrypt later" concept suggests that attackers can harvest data until technology catches up, even if it is currently adequately encrypted. It raises questions about the long-term sensitivity of data, especially considering evolving threats and technology advancements. 

When will quantum computing pose a threat to encryption methods?

While no concrete date exists, strong indicators suggest that the post-quantum era may begin between 2023 and 2030. This shift could render many public key-based protocols vulnerable to eavesdropping and disclosure of data that is encrypted with today's algorithms.

Which protocols and certificates may become vulnerable in the post-quantum era?

TLS/SSL, IPSEC, SSH, Internet of Things (IoT), digital signing, and code signing will become susceptible to quantum attacks. Root Certificate Authorities (CAs), data retention requirements, code signing certificates, and document signing solutions may also face vulnerabilities.

How can enterprises prepare data security strategies for the post-quantum era?

The first step is to have a comprehensive inventory (enumeration) of sensitive data and existing encryption strategies. Enterprises may need help with key sprawl, involving multiple Key Management Solutions (KMS) per cloud platform, legacy Hardware Security Modules (HSMs), and decentralized key generation and storage practices.

The next step involves assessing which encryption strategies need updating and determining the suitable algorithms. NIST still needs to provide a comprehensive list of final candidates. Remediation and key lifecycle management are essential aspects of this process.

Do current cloud platforms support post-quantum algorithms?

No, as of now, cloud platforms do not yet support post-quantum algorithms. Updating a data service to use a new key involves ensuring compatibility with both the service and the KMS/HSM, which adds complexity to the transition process.

Why is data classification important in the context of post-quantum readiness?

Data classification is essential for identifying critical infrastructure and systems that require a transition to post quantum cryptography algorithms. This prioritization is necessary to protect sensitive data assets from the 'harvest now, decrypt later' attack model, reducing the risk of exposure.

What features does Fortanix DSM offer for key lifecycle management in PQC implementation?

Fortanix DSM features a REST API-based architecture, a key discovery toolset, key metadata handling, and reporting and auditing capabilities. These functionalities enable automated and comprehensive management of a key estate, simplifying the implementation of a PQC transition strategy.

How does Fortanix DSM facilitate integration with leading applications in PQC implementation?

Fortanix DSM offers easy integration with all leading applications, including databases, PKIs, and data signing, both on-premises and popular cloud platforms. This ensures a seamless and efficient transition to PQC across diverse application landscapes.

What is Quantum Cryptography?

Quantum cryptography secures communication using the laws of quantum physics. Unlike traditional encryption, which depends on hard math problems, quantum cryptography makes eavesdropping detectable by design.

A key method is Quantum Key Distribution (QKD), where two parties exchange encryption keys using photons. If someone tries to intercept the photons, their quantum state changes, alerting the sender and receiver to the intrusion.

In BB84, a common QKD protocol, a sender (Alice) sends polarized photons to a receiver (Bob). Bob measures them randomly and later compares notes with Alice to keep only the correctly measured ones. If errors appear due to eavesdropping, they discard the key and try again.

QKD is secure in theory, but real-world challenges like distance limits and hardware requirements make it difficult to deploy widely.

How Does Quantum Cryptography Work?

Quantum cryptography secures communication by applying the principles of quantum mechanics. Unlike traditional encryption, which depends on mathematical problems that can eventually be solved with enough computing power, quantum cryptography relies on the physical behaviour of quantum particles.

This makes it resistant to attacks, even from future quantum computers. The most well-known application is quantum key distribution (QKD), which allows two parties to securely exchange encryption keys while detecting any eavesdropping attempts. The strength of quantum cryptography comes from how quantum systems behave differently from classical systems when observed or measured.

One of the foundational principles behind quantum cryptography is superposition. In classical computing, information is stored as bits, which can be either 0 or 1. Quantum systems, on the other hand, use quantum bits, or qubits, which can exist in multiple states simultaneously. For example, a photon can be polarized in different directions at the same time.

This means that information encoded in quantum states is inherently different from traditional data storage, making it harder to intercept or manipulate without detection. But superposition alone does not explain how quantum cryptography achieves security—this is where the concept of quantum measurement comes in.

In quantum mechanics, the act of measuring a quantum system changes its state. If an eavesdropper tries to intercept a quantum transmission, they must measure the quantum states being sent.

However, this very act of measurement disturbs the system, introducing detectable changes. This property allows the intended recipient to immediately recognize any interference. This is fundamentally different from classical encryption, where an attacker could copy data undetected.

But what if an attacker tries to clone the quantum data before modifying it? This brings us to another key principle: the no-cloning theorem.

The no-cloning theorem states that it is impossible to create an exact copy of an unknown quantum state. In classical computing, copying data is straightforward and does not alter the original.

In quantum systems, however, any attempt to duplicate a quantum state without knowing its exact properties will fail, as the process of copying itself disturbs the system. This guarantees that an attacker cannot secretly copy and resend intercepted quantum data without introducing detectable errors. When combined with quantum measurement, this makes quantum cryptography an effective way to protect information.

Another concept that has potential applications in quantum cryptography is entanglement. When two quantum particles become entangled, their states remain connected no matter how far apart they are. Measuring one particle instantly affects the other, even if they are separated by vast distances.

While entanglement is not necessary for basic quantum key distribution, it has the potential to enable more advanced cryptographic techniques, such as secure quantum teleportation and long-distance communication.

All of these principles—superposition, quantum measurement, no-cloning, and entanglement—work together to make quantum cryptography fundamentally different from classical encryption. While practical implementations are still developing, quantum cryptography offers a level of security that traditional methods cannot achieve. It not only prevents attackers from decrypting messages with brute force but also makes their presence known if they attempt to interfere.

What is the Role of Quantum Properties in Ensuring Data Security?

Quantum mechanics changes the way we think about data security by introducing principles that classical cryptography cannot match. These principles come from the laws that govern particles at the smallest scales.

One of the biggest advantages is the ability to generate truly random numbers. Classical computers use algorithms to create random numbers, but these are only "pseudo-random" because they follow a pattern. Quantum mechanics allows for randomness that has no underlying formula, making it impossible to predict or reproduce. This makes cryptographic keys stronger and harder to break.

Quantum mechanics also makes eavesdropping detectable. When a quantum key is transmitted, any attempt to intercept or measure it will disturb its state. These changes can be spotted during the key exchange process. If an attacker tries to listen in, the sender and receiver will know. This is a major difference from classical cryptography, where an attacker can quietly copy encrypted messages without being noticed.

Another key advantage is that intercepted data becomes useless. In classical cryptography, an attacker can steal encrypted data and try to break it later. With quantum cryptography, any attempt to read the data changes it. The message is no longer intact, and the attacker gets nothing.

These properties make quantum-based security different from traditional methods. While still in development, quantum cryptography offers ways to protect sensitive data that classical systems cannot.

What are the Differences Between Quantum Cryptography and Traditional Cryptography

Cryptography has traditionally relied on mathematical problems to protect information. Methods like RSA, Diffie-Hellman, and elliptic curve cryptography work by using functions that are difficult to reverse without a secret key. However, with the development of quantum computing, these systems face new risks. Quantum cryptography takes a different approach by using the principles of physics instead of mathematical complexity.

One major difference between the two is how they ensure security. Traditional cryptography is based on the idea that solving certain mathematical problems takes an extremely long time with current computers. However, quantum computers, using algorithms like Shor’s, could solve these problems much faster, making many existing encryption methods weaker. Quantum cryptography does not depend on computation at all. Instead, it uses the laws of physics to make sure that data remains secure. Because of this, its security does not rely on assumptions about computing power, making it resistant to both classical and quantum attacks.

Another key difference is how each system handles security risks. Traditional cryptographic keys are made up of mathematical values, which means they can eventually be cracked if an attacker has enough computing power. As computers become more advanced, these keys may need to be made longer or replaced with new encryption methods. In quantum cryptography, specifically quantum key distribution (QKD), encryption keys are transmitted using individual particles of light, called photons. If someone tries to intercept the transmission, the act of measuring the photons changes their state, making the intrusion immediately noticeable. This makes quantum key distribution secure against eavesdropping.

There is also a difference in how these systems are implemented. Traditional cryptography is software-based and can be used in almost any digital system. It is widely deployed and does not require any special equipment. Quantum cryptography, on the other hand, requires specialized hardware, such as fibre optic networks and photon detectors, to function properly. This makes it more challenging to adopt on a large scale with current technology. While researchers are working on improving quantum networks, it will take time before these systems become widely available.

In summary, traditional cryptography relies on mathematical problems that could eventually be solved by quantum computers, while quantum cryptography is based on the physical properties of particles, making it secure against such threats. However, practical limitations mean that quantum cryptography is not yet a replacement for traditional encryption but rather a complement to it.

What is Quantum-Safe Cryptography?

Quantum-safe cryptography, also known as post-quantum or quantum-resistant cryptography, refers to cryptographic algorithms specifically designed to withstand potential attacks by both quantum and classical computers. These algorithms secure sensitive data, communications, and authentication processes in a future where large-scale quantum computers, capable of easily breaking current cryptographic systems, become operational. 

What is Difference Between Quantum Cryptography and Quantum Safe Cryptography?

Quantum cryptography and quantum-safe cryptography are not the same. They serve different purposes and rely on different principles.

Quantum cryptography uses the principles of quantum mechanics to secure communication. The most well-known example is Quantum Key Distribution (QKD), which enables two parties to share encryption keys in a way that any eavesdropping attempt will be detectable. QKD relies on the behaviour of quantum particles, like photons, to establish secure keys. However, QKD is not practical for widespread use due to hardware limitations and distance constraints.

Quantum-safe cryptography (or post-quantum cryptography) is about creating encryption methods that can resist attacks from quantum computers. It does not rely on quantum mechanics but instead uses mathematical problems that even quantum computers cannot solve efficiently. Lattice-based, hash-based, and code-based cryptography are examples of this.

How Will Quantum Computing Affect Cryptography?

Quantum computing is set to change cryptography in profound ways, and it's important to understand both perspectives of how this will happen.

First, let's focus on how quantum computing will break current cryptographic systems. Most of today's encryption algorithms, like RSA and ECC (Elliptic Curve Cryptography), rely on mathematical problems that are hard to solve with classical computers. For example, RSA encryption is based on the difficulty of factoring very large numbers. If you take a large number, say a product of two prime numbers, and try to figure out which two primes were multiplied to get that number, it becomes incredibly hard as the numbers get bigger. Classical computers struggle with this, so it's used to secure everything from emails to bank transactions.

However, quantum computers will change this. Using a quantum algorithm called Shor’s algorithm, a quantum computer can factor large numbers in a fraction of the time it would take a classical computer. In other words, what takes current computers years to break, quantum computers will be able to do almost instantly. This means that any encryption relying on the difficulty of factoring large numbers—like RSA—will be vulnerable to quantum attacks. The same goes for other encryption systems like ECC, which is based on the difficulty of solving certain mathematical problems, such as finding discrete logarithms. Quantum computers will have the ability to solve these problems quickly as well, making them a major threat to the security of current cryptographic systems.

To counter this, researchers are working on post-quantum cryptography (PQC), which involves designing new encryption methods that cannot be easily broken by quantum computers. These new algorithms focus on mathematical problems that quantum computers are not yet able to solve efficiently. For example, lattice-based cryptography is one approach that has shown promise as being quantum-resistant. Instead of relying on number factoring, lattice-based cryptography uses geometric objects that quantum computers struggle to solve. While PQC is still in development, it's essential for ensuring that our data remains secure when quantum computers become more powerful.

Now, let's look at the second way quantum computing will impact cryptography: the new cryptographic methods quantum mechanics can provide. Quantum computing isn’t just a threat; it also opens the door to new ways of securing data, particularly through quantum cryptography. One of the most well-known applications of quantum cryptography is quantum key distribution (QKD). In traditional cryptography, two parties need to exchange secret keys to encrypt and decrypt messages. With classical encryption, an attacker could potentially intercept the key during transmission. But with quantum key distribution, this problem is solved by the laws of quantum physics.

The key feature of QKD is that it uses quantum particles, like photons, to transmit the key. If an attacker tries to intercept the key during transmission, the quantum particles will be disturbed, alerting the sender and receiver to the presence of the intruder. This disturbance occurs because, according to quantum mechanics, the act of measuring a quantum particle changes its state. This makes it impossible for an eavesdropper to intercept the key without being detected. While QKD provides a secure way to exchange keys, it's not a replacement for traditional encryption; it only solves the problem of key distribution. Once the key is securely exchanged, conventional encryption algorithms still need to be used to encrypt and decrypt the data.

Quantum cryptography faces practical challenges. QKD, for example, requires specialized hardware and a clear line of communication between parties, which can make it difficult to implement on a large scale. It’s not yet ready to replace current encryption methods entirely, but it’s an example of how quantum mechanics can be used to strengthen cryptography in the future.

Why is Quantum Safe Cryptography Needed?

Quantum computers, though not yet advanced enough, could one day solve complex mathematical problems that would take classical computers trillions of years. This threatens the encryption methods used today to protect digital communication, financial transactions, and sensitive data.

For businesses, this could disrupt daily operations in ways that are hard to ignore. Secure online transactions, digital signatures, and authentication systems all rely on encryption. If quantum computers break current encryption, contracts, financial transfers, and confidential business communications could be exposed. An attacker could forge digital signatures, allowing unauthorized transactions or access to critical systems. This would create chaos, leading to financial losses, reputational damage, and legal complications.

On an individual level, personal data stored or transmitted today could be decrypted in the future. Medical records, tax filings, private conversations, and even biometric authentication systems depend on encryption. A future quantum attack could expose private information, leading to identity theft, fraud, or personal privacy violations. The "harvest now, decrypt later" approach means that even if quantum computers aren’t breaking encryption today, they could be used against encrypted data collected over the years.

To address this risk, organizations like the National Institute of Standards and Technology (NIST) are developing quantum-resistant encryption algorithms designed to secure data even in the presence of quantum computing power. Governments, financial institutions, healthcare providers, and businesses must prepare for this transition to ensure that digital security remains intact. Without quantum-resistant cryptography, both business operations and personal privacy could face serious threats in the coming years.

How Quantum Resistant Encryption Works and What are the types of Post Quantum Cryptography (PQC) Algorithms?

Quantum-resistant encryption, or post-quantum cryptography, protects data against the computational capabilities of future quantum computers. While current encryption methods depend on mathematical problems that are infeasible for classical computers to solve, quantum computers could exploit algorithms like Shor’s algorithm to break widely used cryptographic standards such as RSA, Diffie-Hellman, and elliptic curve cryptography.  

Different types of PQC algorithms rely on mathematical problems that are believed to be difficult even for quantum computers to solve. 

One major category of PQC algorithms is lattice-based cryptography. These systems rely on complex problems within multi-dimensional grids, known as lattices. One example is the Shortest Vector Problem (SVP), which involves finding the shortest nonzero vector in a lattice—something extremely difficult to compute efficiently. Techniques such as Learning with Errors (LWE) and Ring-LWE have been developed to build encryption schemes and digital signatures. The CRYSTALS-Kyber (for key exchange) and CRYSTALS-Dilithium (for digital signatures) are examples of standardized lattice-based cryptographic algorithms. These systems are considered strong candidates because they provide both security and scalability. 

Another type is hash-based cryptography, which relies on cryptographic hash functions to secure information. These techniques are mainly used for digital signatures, where the security is based on the strength of the hash function rather than number-based problems. A well-known example is XMSS (eXtended Merkle Signature Scheme). Hash-based signatures are straightforward and highly secure against quantum attacks, but they often require large key sizes and may have usage limitations, such as restricting the number of times a key can be used. 

Multivariate cryptography is another approach. It is based on solving systems of polynomial equations over finite fields—a problem that is believed to be hard even for quantum computers. One example is the Rainbow signature scheme, which has been explored as a quantum-resistant alternative. However, these algorithms can be complex and sometimes require high computational resources, making them challenging to implement efficiently. 

A well-established approach is code-based cryptography, which uses error-correcting codes to create secure encryption schemes. The most well-known example is the McEliece cryptosystem, which has withstood decades of cryptanalysis. While McEliece provides strong security, one drawback is that it requires very large keys, making implementation and storage more difficult. 

Finally, there is isogeny-based cryptography, which uses mathematical transformations, called isogenies, between elliptic curves. These methods were considered promising because they offered small key sizes while maintaining security. However, recent research has exposed vulnerabilities in some isogeny-based systems, meaning they require further study before they can be widely adopted. 

Each of these cryptographic techniques offers different trade-offs in terms of security, efficiency, and practicality. 

What are the Opportunities of Moving to Post-Quantum Cryptography?

One of the biggest reasons to switch is the risk of “harvest now, decrypt later” attacks. Hackers and state actors are already storing encrypted data, knowing that quantum computers will eventually let them crack it. This means data that looks secure today could be exposed in a few years. By switching to PQC, companies and governments can protect information before that window opens.

Another advantage of moving to PQC is that it forces organizations to take a hard look at their security setups. A lot of encryption systems are outdated or poorly managed. The shift to PQC isn’t just about swapping one algorithm for another—it’s a chance to fix weak spots, upgrade infrastructure, and rethink how encryption keys are handled. In many cases, that means better security overall, not just protection against quantum threats.

There’s also a strategic advantage. Governments and major industries—finance, healthcare, defence—are already working on the transition. Companies that start preparing now will be ahead of the curve when regulations start requiring PQC. Those that wait will scramble later, and that’s never a good position to be in.

Of course, there are challenges. Some PQC algorithms are slower and require more processing power. Rolling them out across an entire organization takes time. But the alternative—waiting until quantum computers are already breaking encryption—would be a disaster. The sooner companies start testing and planning, the smoother the transition will be.

This isn’t just another security update. It’s a shift in how we think about protecting data. The organizations that take it seriously now will be the ones that stay secure in the future.

What are the Challenges of Moving to Post-Quantum Cryptography?

Despite these opportunities, the transition to PQC presents significant challenges. One of the biggest obstacles is the complexity of migration. Most current encryption systems are deeply embedded in digital infrastructure, including databases, certificates, and internet protocols. Replacing them with quantum-resistant alternatives requires major upgrades, which take time, effort, and investment.

Another challenge is global coordination. Cryptographic systems are interconnected across industries and nations. If different regions adopt PQC at different speeds or implement incompatible solutions, it could create security gaps. Ensuring a smooth transition requires collaboration between governments, technology companies, and regulatory bodies.

Cost is another major factor. Developing and deploying Post Quantum Cryptography solutions requires specialized expertise and infrastructure. Large corporations and governments may have the resources to invest in quantum-resistant systems, but smaller organizations and under-resourced regions might struggle. This could lead to unequal access to security, making it important for policymakers and researchers to develop solutions that are widely accessible.

What is the purpose of post-quantum cryptography?

Post-quantum cryptography (PQC), as defined by NIST, is being developed to safeguard digital systems against the future threat of quantum computers — while remaining compatible with today’s infrastructure.  

Once mature, quantum computers will be capable of breaking widely used public-key cryptographic schemes such as RSA, Diffie–Hellman, and elliptic-curve cryptography through algorithms like Shor’s. To defend against this, PQC introduces new cryptographic techniques designed to withstand both classical and quantum attacks. 

However, the urgency goes beyond futureproofing. A growing concern is the "harvest now, decrypt later" threat model, in which adversaries collect encrypted data today with the intent to decrypt it once quantum capabilities mature.  

This makes the transition to quantum-resistant algorithms present-day priority — not a future problem. Delaying implementation risks exposing sensitive data retroactively. Organizations must act now to adopt PQC, ensuring long-term data security before the cryptographic window of safety closes. 

A central objective of the PQC initiative is to replace today’s vulnerable public-key cryptographic mechanisms with quantum-resistant alternatives. NIST is leading efforts to standardize new approaches—such as key encapsulation mechanisms (KEMs) and digital signature schemes—that can withstand quantum attacks while remaining compatible with existing protocols like TLS and VPNs. This ensures organizations can strengthen their security posture without overhauling their entire infrastructure. 

Recognizing that cryptographic transitions are complex and time-consuming, NIST launched its PQC standardization project in 2016. The process has included an open global competition, multiple rounds of peer-reviewed evaluation, and extensive public input, culminating in the development of future Federal Information Processing Standards (FIPS). By starting early and maintaining transparency, NIST is equipping organizations with the time, clarity, and tools needed to migrate securely and strategically keeping pace with the evolving quantum threat landscape. 

How does quantum key distribution work?

Quantum key distribution (QKD), according to NIST, is a method for creating shared secret keys by exploiting the peculiar behaviour of photons, tiny packets of light, transmitted over an optical channel.  

The process begins when Alice encodes bits of a key into the polarization states of individual photons and sends them to Bob. Bob, in turn, measures each incoming photon using a randomly chosen basis. After transmission, Alice and Bob compare notes over a separate classical channel, sharing only which measurement bases they used, never the actual bit values. They discard mismatched measurements and retain the rest as their shared secret key. 

The security of QKD is rooted in quantum principles, specifically, that measuring a quantum state inevitably disturbs it. If an eavesdropper (Eve) attempts to intercept the photons, her measurements introduce detectable errors. Alice and Bob can reveal some of their bits to estimate the error rate; if it exceeds a safe threshold, they know the key has been compromised and abort the protocol. When the error rate is acceptable, they proceed with error correction and privacy amplification to finalize a secure key. 

NIST’s experimental QKD systems demonstrate impressive speeds achieving rates up to one million bits per second between neighbouring lab buildings. This is because of precise timing and efficient detection of photon arrivals. Once established, this quantum-generated key can be used in traditional encryption methods like one-time pads or in conventional security protocols (e.g., TLS or IPsec) to secure communications. 

While QKD offers theoretically unbreakable key distribution, NIST also acknowledges practical challenges such as equipment cost, limited transmission distance, and vulnerability to implementation flaws in detectors. Nevertheless, it holds strong appeal for high-security scenarios where secure key exchange is essential, and infrastructure constraints are manageable. 

What is quantum key distribution?

As described by NIST, quantum key distribution (QKD) is a technique for securely generating and sharing encryption keys between two users using the principles of quantum mechanics. It does not transmit the key itself in the traditional sense. Instead, it transmits quantum states, typically via individual photons. These quantum particles behave in ways that prevent undetected eavesdropping. Any attempt to intercept the quantum states will disturb them, leaving behind a detectable trace of the intrusion. 

In a typical QKD setup, one user (Alice) prepares a sequence of photons in specific polarization states, representing bits of a random key. These photons are then sent to another user (Bob), who measures each one using randomly chosen bases. After the transmission, Alice and Bob use a public classical channel to compare their measurement bases (but not the actual bit values). Only the results where both were used on the same basis are kept; the rest are discarded. This process leaves them with a shared raw key. 

To secure the key, they take additional steps. First, they check a sample of their bits for discrepancies to estimate if the transmission was tampered with. If the error rate is too high, they know the transmission was compromised and discard the key. If the error rate is low, they proceed with error correction and privacy amplification to produce a final shared secret key that can be safely used for encryption. 

NIST has researched and demonstrated QKD systems, including high-speed implementations that achieve up to one million bits per second across short distances. These experiments confirm the feasibility of QKD for secure communications. 

Though QKD offers a strong theoretical security guarantee rooted in physics, NIST also notes that it comes with practical challenges, such as specialized hardware, distance limitations, and the risk of vulnerabilities in the implementation. Still, QKD is a promising approach for securing sensitive information in a future where traditional cryptography may no longer be reliable. 

What is quantum-proof encryption?

Post-quantum encryption, also known as “quantum-proof” cryptography, refers to cryptographic methods designed to remain secure even against powerful quantum computers. According to NIST, these new public-key systems are based on hard mathematical problems believed to resist both classical and quantum attacks—and are built to integrate into existing infrastructure with minimal disruption. 

In August 2024, NIST formally standardized the first quantum-resistant algorithms: 

MLKEM (FIPS 203) – a key encapsulation mechanism (formerly CRYSTALS-Kyber) 

MLDSA (FIPS 204) – a lattice-based digital signature scheme (formerly CRYSTALS-Dilithium) 

SLHDSA (FIPS 205) – a hash-based signature scheme (formerly SPHINCS+) 

These algorithms use lattice and hash-based constructions that even quantum computers would struggle to break.  

NIST’s multi-year global evaluation process began in 2016 and was designed to give organizations the time and confidence to adopt these standards. 

Migrating now is critical to defend against “harvest now, decrypt later” threats, where adversaries collect encrypted data today to decrypt once quantum capabilities emerge. These algorithms are production-ready, and additional options like HQC may follow as future safeguards. 

How does a quantum encryption algorithm work?

Quantum‑proof encryption algorithms will protect with the rise of powerful quantum computers threatening to unravel today's standard cryptosystems. NIST's journey began in 2016 when experts worldwide submitted dozens of proposals. Through a rigorous, multi-round evaluation, four finalists emerged. Three lattice-based (CRYSTALS‑Kyber for encryption, CRYSTALS‑Dilithium and FALCON for signatures) and one hash-based (SPHINCS+)  

These algorithms are based on hard mathematical puzzles believed to resist quantum attacks. For example, ML‑KEM (the new name for CRYSTALS‑Kyber, standardized as FIPS 203) relies on the module-learning-with-errors problem, a lattice-based challenge that's intractable even for quantum computers. 

Digital signature algorithms like ML‑DSA (CRYSTALS‑Dilithium, FIPS 204) use similar lattice foundations, while SLH‑DSA (SPHINCS+, FIPS 205) rests on hash-based constructs, adding diversity in cryptographic approaches. 

NIST finalized the first suite of post‑quantum standards in August 2024, positioning Kyber (ML‑KEM) as its primary choice for key encapsulation, with Dilithium and SPHINCS+ handling digital signatures. 

These selections are ready for deployment, offering security against classical and quantum attackers. 

Recognizing that migration to new cryptography takes time and weaknesses may still emerge, NIST also designated HQC, a code‑based KEM, as a backup from its fourth round of PQC candidates. A draft standard is expected in late 2026, and the final release in 2027. 

A quantum‑proof encryption algorithm uses hard-to-solve math, such as lattices or codes, to wrap a symmetric key (key encapsulation) or sign data. During a handshake, parties exchange public parameters, derive a shared secret, and then use that secret with fast symmetric encryption. Neither classical nor quantum adversaries can feasibly compute the secret even if intercepted. 

In short, quantum-proof encryption replaces vulnerable public-key methods with algorithms built on problems that quantum computers can't crack. NIST has standardized a strong initial toolkit, backed by Kyber, Dilithium, SPHINCS+, and continues to plan for backup options like HQC. These tools are designed for a smooth transition into secure, quantum-resilient communications. 

What is hybrid post-quantum cryptography?

Hybrid post-quantum cryptography is a transition strategy where we combine traditional algorithms (like RSA or ECC) with post-quantum algorithms (like Kyber) in the same operation. It’s like adding a second lock on your door — if one is ever broken, the other still keeps you safe.This approach is especially useful in environments where complete replacement of legacy crypto isn’t feasible yet. For example, a TLS 1.3 connection might use both X25519 and Kyber to agree on a shared key. Even if a quantum computer could break one of them in the future, the hybrid still holds strong. 

What are the four types of post-quantum encryption algorithms?

According to NIST, postquantum cryptography contains four principal algorithmic families designed to resist attacks by quantum and classical computers. These families each rely on distinct mathematical structures, offering diversity in cryptographic defenses  

1. Latticebased cryptography 

Grounded in the hardness of solving lattice problems, such as finding the shortest or closest vector in a high-dimensional grid, this family supports several NIST selections: CRYSTALS Kyber (used for encryption/KEM), CRYSTALS Dilithium and Falcon (both digital-signature schemes)  

2. Hashbased cryptography 

Built solely on the security of hash functions, this family is suited for digital signatures. SPHINCS⁺ is NIST’s chosen member, offering strong, stateless security rooted in well-understood hashing principles. 

3. Codebased cryptography 

Leveraging the difficulty of decoding general error-correcting codes, this family includes algorithms like Classic McEliece, BIKE, HQC, and SIKE (though SIKE faced setbacks). These are currently under consideration in NIST’s fourth standardization round. 

4. Multivariatepolynomial cryptography 

Based on the challenge of solving systems of multivariate quadratic equations over finite fields, this family was among NIST’s initial candidates for signatures (e.g., Rainbow, GeMSS). While none have been finalized yet, they exemplify an alternative cryptographic foundation  

Each family has a unique kind of mathematical problem. If one approach is weakened, others can still provide secure options. This mix of options supports cryptographic agility and long-term resilience in a postquantum future. 

Are AES and SHA still safe in a post-quantum world?

Yes — symmetric algorithms like AES and SHA-2/SHA-3 are still considered safe, with some caveats.Quantum computers don’t completely break symmetric encryption, but they do make brute-force attacks faster using something called Grover’s algorithm.To stay ahead, the recommendation is simple: 
Use AES-512 instead of AES-128 or 256. Opt for SHA-3 when possible. 

What does quantum cryptography vs post-quantum cryptography mean?

According to NIST, quantum cryptography and post-quantum cryptography refer to two fundamentally different approaches to securing data in the context of quantum computing. They address different problems using very different tools. 

Quantum cryptography uses the principles of quantum mechanics to perform cryptographic tasks, most notably quantum key distribution (QKD). In QKD, the key idea is to transmit quantum states (like single photons) between two parties. Because quantum states can't be measured without disturbance, any eavesdropping attempt becomes detectable. NIST has demonstrated high-speed QKD systems across short distances, showing that they can deliver theoretically unbreakable key exchanges if the quantum hardware works as intended. But QKD has practical challenges: limited range, high cost, and vulnerability to device-level flaws. It requires specialized infrastructure and is feasible only for niche, high-security environments. 

Post-quantum cryptography (PQC), in contrast, does not rely on quantum physics at all. Instead, it refers to conventional cryptographic algorithms designed to be secure against quantum attackers. PQC algorithms run on today’s classical computers but are built from mathematical problems that are believed to be hard for quantum computers to solve. Examples include lattice-based schemes like CRYSTALSKyber (now standardized as MLKEM under FIPS 203) and hash-based schemes like SPHINCS+. 

While quantum cryptography builds new security tools from physics, post-quantum cryptography rebuilds existing tools using more challenging math. NIST focuses on standardizing PQC algorithms for broad adoption—algorithms that are easy to integrate into existing protocols and infrastructure without waiting for quantum hardware. 

In short: 

  • Quantum cryptography uses quantum tech to protect data (like QKD). 
  • Post-quantum cryptography uses classical algorithms designed to withstand quantum attacks. 

NIST prioritizes PQC for general adoption due to its practicality, scalability, and compatibility with today’s systems, while continuing to explore quantum cryptography for specialized use cases. 

What are the challenges with PQC transition?

1. Lack of Cryptographic Visibility 

Most organizations do not have a complete picture of where and how cryptography is used across their systems. Encryption keys may be scattered across cloud accounts, on-prem environments, databases, file systems, and applications. Often, there is no centralized inventory. Without this foundational visibility, teams struggle to even begin planning their transition. 

2. Legacy Infrastructure and Outdated Components 

Older IT systems often use undocumented or obsolete cryptographic libraries. These components may not support new algorithms. Modifying them could lead to broken workflows or security gaps. In some cases, no one currently in the organization fully understands how these systems are integrated. 

3. Inflexible Hardware Security Modules (HSMs) 

Traditional HSMs were built before PQC standards existed. As a result, they may not support quantum-safe algorithms or allow easy software updates. This creates a hardware bottleneck. Replacing or upgrading HSMs can be expensive and operationally risky. 

4. Disruption Risk and Complexity 

PQC migration affects every layer of an organization’s infrastructure. TLS communications, VPNs, certificates, application code, DevOps pipelines, and compliance reporting all come into play. Coordinating changes across teams, systems, and vendors increases the chances of disruption and missed dependencies. 

5. Long Timelines and Compliance Pressure 

Becoming PQC-ready takes time. Most organizations require at least 3 to 5 years. Some industries already face regulatory deadlines. Without a structured approach, teams may fall behind. Sensitive data could be exposed to future quantum attacks. The risks are not only technical, but also operational and reputational. 

What are the steps to PQC migration?

Fortanix defines a four-step approach to help organizations make the shift to post-quantum cryptography without added complexity or disruption.

Step 1: Discover

Begin by identifying where cryptography is used across your environment. This includes cloud deployments, containers, on-prem systems, databases, keystores, source code, and network infrastructure. The goal is to create a complete inventory. You need to know what algorithms are in use, where keys reside, and which systems rely on them. Fortanix supports both high-level summaries and deep, granular key-level insights.

Step 2: Assess

Once cryptographic assets are discovered, the next step is to assess PQC readiness. This involves identifying which keys, certificates, and encryption schemes are vulnerable because they use algorithms like RSA or ECC. Fortanix provides detailed metrics to help understand risks across cloud platforms, file systems, applications, and databases. This step translates raw discovery data into prioritized action.

Step 3: Plan Transition

With a clear understanding of current cryptographic posture, the organization can build a roadmap. Fortanix provides a PQC Lab with sample libraries and test environments where quantum-safe algorithms can be explored. Teams can track PQC readiness across different environments through a central dashboard. Integration with tools like ServiceNow and Jira helps embed the roadmap into IT operations. Fortanix DSM can host encryption keys and offers algorithms that are compliant with NIST and CNSA 2.0 standards.

Step 4: Be Crypto-agile

Cryptographic standards will continue to evolve. Being crypto-agile means organizations must be able to update algorithms and policies without reengineering core infrastructure. Fortanix enables this through a software-defined platform built on Confidential Computing. Regular scans can be scheduled, changes applied quickly, and updates rolled out without hardware upgrades or application rewrites. This makes long-term adaptability possible with minimal disruption. PQC

Fortanix-logo

4.6

star-ratingsgartner-logo

As of August 2025

SOC-2 Type-2ISO 27001FIPSGartner LogoPCI DSS Compliant

US

Europe

India

Singapore

3910 Freedom Circle, Suite 104,
Santa Clara CA 95054

+1 408-214 - 4760|info@fortanix.com

High Tech Campus 5,
5656 AE Eindhoven, The Netherlands

+31850608282

UrbanVault 460,First Floor,C S TOWERS,17th Cross Rd, 4th Sector,HSR Layout, Bengaluru,Karnataka 560102

+91 080-41749241

T30 Cecil St. #19-08 Prudential Tower,Singapore 049712