← Back

Post-Quantum Cryptography

Preparing for the Quantum Computing Era

⚠️ The Quantum Threat

Quantum computers running Shor's algorithm can break RSA, ECC, and Diffie-Hellman.
"Harvest now, decrypt later" attacks are already happening.

❌ Broken by Quantum

RSA

Based on integer factorization

Broken by Shor's algorithm

ECC / ECDSA

Based on elliptic curve discrete log

Broken by Shor's algorithm

Diffie-Hellman

Based on discrete logarithm

Broken by Shor's algorithm

✅ Quantum-Resistant

ML-KEM (Kyber)

Lattice-based key encapsulation

NIST Standard 2024

ML-DSA (Dilithium)

Lattice-based digital signatures

NIST Standard 2024

SLH-DSA (SPHINCS+)

Hash-based signatures

NIST Standard 2024

Lattice Problem Visualization

Finding the shortest vector in high-dimensional lattices is hard even for quantum computers

📐

SVP (Shortest Vector)

Find the shortest non-zero vector in the lattice. Computationally hard in high dimensions.

🎯

CVP (Closest Vector)

Find the lattice point closest to a given target point. No known quantum speedup.

🔐

LWE (Learning With Errors)

Recover secret from noisy linear equations. Basis for Kyber and Dilithium.

PQC Timeline

2016 NIST begins Post-Quantum Cryptography standardization
2022 NIST selects Kyber, Dilithium, Falcon, SPHINCS+
2024 NIST publishes ML-KEM, ML-DSA, SLH-DSA standards
2030+ Expected migration deadline for critical systems

Why Lattices?

Lattice problems have been studied for centuries and remain hard even for quantum computers. Unlike factoring (which Shor's algorithm solves efficiently), no quantum algorithm provides significant speedup for lattice problems.

Key advantages: Fast operations, reasonable key sizes, well-understood security reductions.

Trade-off: Larger keys than ECC (but smaller than RSA at equivalent security).