AI! Quantum! AI Quantum! Quantum Computing! Another new upgrade? A new form of AI? Will it be scary? How much is it gonna cost?
Take a breath.
I know that upgrading technologies like quantum computing comes with upgraded questions and concerns like data security, privacy, and much more. And it is true, once quantum computers practically come to life, sensitive data of individuals and organizations will be in jeopardy. But do not worry, these computers are decades away, and we have time to plan wisely instead of panicking. And one wise solution is post-quantum cryptography (PQC). In this blog, we will be discussing all about PQC, how it works, challenges and pitfalls, and what you need to prepare for it.
What is Post-Quantum Cryptography?
It is the transformative cryptography approach that is focused on making encryption, keys, and digital signature algorithms that remain secure from both classical and especially from future quantum computers.
Traditional or current cryptography systems can be easily broken by quantum computers using Shor’s algorithm. On the other hand, PQC applies math problems like lattice-based or hash-based logics, and these are hard to crack even with quantum computing.
What is Current Cryptography & How Quantum Computers Crack it?
Current cryptography works on complex mathematical logics that classical computers can not crack. They work on the difficulty of factorizing a large number into its prime factors, basically just a one-way function. You can easily multiply two big prime numbers, but it is almost impossible to reverse the math. It will take years for present computers to do this, especially for large keys. Let me tell you about some classical encryption algorithms
There are two main types of classical algorithms, including:
1. Symmetric-Key Cryptography

It is an encryption method where the key for encryption and decryption is the same. It is fast and efficient, making it a choice for large datasets, but it should be securely shared between parties dealing with it. Here are some of the symmetric key cryptographies.
Stream Ciphers
They work on a single bit/byte at any time; it begins with the stream cipher’s algorithm generating a pseudo-random keystream, combining the length of the plain text using XOR bitwise operations. And now, to decode the message, the receiver generates the key and applies XOR again to retrieve the original plaintext.
Rivest Cipher 4 (RC4), Salsa20, and Grain-128 are some of the commonly used stream ciphers.
Block Cipher
Block ciphers encrypt data in one fixed block size at a time. It always encrypts plain text into the same ciphertext when the same key is used. The output is a sequence of encrypted data in a specific order.
Some common block cipher algorithms are the Advanced Encryption Standard (AES), Data Encryption Standard (DES), and Triple Data Encryption Algorithm (Triple DES).
2. Public Key Cryptography (PKC) or Asymmetric Cryptography
In this method, a pair of keys is used, where one is a public key and the other is a private key. Anyone with the public key can encrypt messages, but only the receiver with the relevant private key can decrypt the message. It is impossible to figure out the decryption only with the knowledge of the encryption and the cryptographic algorithm. Here are some of the PCK Algorithms:

Rivest-Shamir-Adleman (RSA)
It is commonly used to secure communication and create digital signatures. Key generation happens using large integer prime numbers. Use a public key to encrypt and a private key to decrypt data. It may be slow compared to others, but it is strongly secured.
Elliptic Curve Cryptography (ECC)
It is made for resource-constrained devices like those with limited computing power or memory to encrypt internet traffic. The concept is based on mathematical properties of elliptic curves. Gaining popularity among mobile security and the Internet of Things (IoT).
Diffie-Hellman Key Exchange
It does not directly encrypt data but establishes a shared secret key for communication. Two
parties can generate a common secret key without ever exchanging it. It is often used in conjunction with other algorithms, like RSA, for key exchange. NIST/NSA proposed it as a method for key exchange.
Digital Signature Standard (DSS)
It is often used to secure mail and software user information. It is primarily for digital signatures. The sender sends a message with their private key, and the receiver verifies it with the sender’s public key.
Classical Cryptography vs Post-Quantum Cryptography
Here is a clear overview of the differences between classical public-key cryptography and post-quantum cryptography (PQC).
| Aspect | Classical Cryptography | PQC |
|---|---|---|
| Mathematical base | Based on factoring algorithms like RSA and discrete algorithms like ECC, Diffie-Hellman | Based on problems like lattices, hash functions, error-correcting codes, and multivariate equations |
| Vulnerability to quantum threats | Can be cracked using Shor’s algorithm on large-scale quantum computers | Designed to resist both classical and quantum attacks |
| Hardware requirements | Runs on classical computers | Runs on classical computers, no need for quantum hardware |
| Key sizes | Smaller keys (efficient storage) | Generally larger keys |
| Performance | Fast with high optimization | Often slower and more resource-heavy |
| Example | RSA, Elliptic Curve Cryptography, Diffie-Hellman | ML-KEM, ML-DSA, SLH-DSA |
How Does Quantum-Safe Encryption Work?
The shift in encryption methods is about the foundation of cryptography, which is mathematical problems too difficult for both classical and quantum computers to solve.
Here are some of the solutions:
Lattice-based Cryptography
A lattice here resembles a grid of graph paper having a set of points located at the crossings of a lattice of straight lines. The grid is not finite in any way, but the lattice describes a pattern that continues into the infinite. Its encryption power relies on the hard problem of finding the shortest vector in a high-dimensional grid. And it is extremely difficult for even quantum computers to do so.
They are best used for digital signatures & encryption/key encapsulation.
Some of the popular algorithms are CRYSTALS-Kyber (ML-KEM), CRYSTAL-Dilithium (ML-DSA), FALCON, and Frodo-KEM
Hash-based Cryptography
It relies on the properties of cryptographic hash functions. Since hash functions are already relatively resistant to quantum attacks, this method is considered a highly reliable and prudent choice for long-term security. Moreover, they are based on an array of hash strings, which are one-time signatures (OTS); they can only sign a predefined number of messages securely.
Best used for digital signatures.
Some of the popular examples are XMSS and the multi-tree variant XMSS-MT, LMS and the multi-tree variant HSS, and SPHINCS+.
Code-based Cryptography
This cryptography relies on the difficulty of decoding a general linear code, a problem that has been fighting against cryptanalysis since the 70s. In code-based cryptography, the encoder intentionally inputs flaws in the codeword, making decryption challenging. The receiver can decode it using secret knowledge called code structure, but an attacker without access to the code structure can not.
Best used for digital signatures and encryption/key encapsulation.
Popular examples include Classic McEliece, BIKE, and HQC.
Isogeny-based Cryptography
These belong to elliptic-curve cryptography; the security relies on finding the isogenies (rational maps between elliptic curves) between elliptic curves over finite fields.
It is best used in digital signatures.
SIKE (seen insecure as of 2022), CSI-FiSH, SIDH (seen insecure as of 2022), and SQISign are some examples of isogeny-based cryptography algorithms.
Multivariate-based Cryptography
These schemes are based on the difficult-to-solve systems of multivariate polynomials over a finite field. Each of the multivariate polynomials from the public key is gained by repeatedly and secretly composing affine transformations with a series of quadric polynomials (in a single variable). The pitfall of this cryptography is the length of the public key.
What do you mean by harvest now, decrypt later?
“Harvest Now, Decrypt Later” in simple words, which means steal your data today and read/decrypt it in the future when there will be powerful quantum computers. The attackers are gambling on Q-Day (a point of time when future quantum computers will be able to crack today’s widely used PKC). Adversaries say that if your data must remain confidential for decades or two, it is already vulnerable to future quantum decryption attacks.
Challenges & Solutions in Implementing PQC
Implementing PCQ and making it work effectively is not easy, as we are dealing with future tech. There are significant challenges regarding software, hardware, skills, supply chain, and more. But not to forget, we are working on it, and here are some solutions to the respective hurdles.
| Challenges | Solutions |
|---|---|
| PQC algorithms often have larger keys, which need more storage, bandwidth, and packet size. | You can solve this issue by using certificate compression, using protocols, and incorporating an upgraded network infrastructure. |
| It can lead to performance overload due to larger computation time and secure TLS connection setup. | Set benchmark algorithms and deploy optimized implementations. Also, have a hybrid approach mixing classical and PQC approaches at the start. |
| Legacy systems may not easily support PQC. | Make an asset inventory check and replace the required infrastructure gradually. |
| Many organizations are unaware of where to use cryptography in their systems. | Conduct a cryptography and risk check assessment. |
| Migration is complex as it can affect certificates, networks, software, and hardware. | Make use of gradual and phased migration plans and focus on high-risk systems first. |
| Lack of standardization, as different vendors can implement different PQC standards. | Follow the NIST-standardized algorithms and testing. |
| Lack of expertise and skills, as it is limited. | Offer training to your teams while collaborating with PQC specialists and vendors. |
What is Crypto-Agility?

Crypto-agility tells how fast systems can switch between encryption algorithms without needing massive changes to the underlying infrastructure. New security experts are focusing on vendors that support modular cryptographic libraries.
All this is important because, suppose a particular PQC algorithm could be flawed in five years down the line, the agile organizations can switch to a different NIST-approved standard overnight.
Why do you need Post Quantum Cryptography?
A report from Capgemini suggests that organizations are concerned about the rise of HNDL attacks. Also, one in six early adopters believes that Q-day will arrive within five years, while six in ten believe that it can hit anytime within a decade.
NIST has already standardized PQC algorithms in 2024. The preparations at leaps and bounds, showcasing the urgency and importance of quantum cryptography.
Wrap Up
PQC or post-quantum cryptography is no longer something to study for fascination, but it has become a need and demand for the upcoming years. With the successful arrival of quantum computers in the coming decades, all of the individual, organizational, and government-sensitive data will be under severe threat. Attackers are not waiting for the future but have already started working on plans like ‘harvest now, decrypt later’ to stay ahead of encryption. We discussed how classical cryptography works and what the base algorithms of PQC are. While there are substantial challenges in putting it to work, we have found solutions as discussed above.
Read Next: Quantum AI Explained: From Imagination To Reality
Frequently Asked Questions
Which companies are working on post-quantum cryptography?
Tech giants like IBM, Google, Microsoft, and AWS are working relentlessly to research security in quantum computing. Whereas companies like Thales, PQShield, Entrust, and ID Quantique are working to offer the best quantum-safe hardware, VPNs, and software.
What is Grover’s algorithm?
It is a quantum algorithm that can speed up the search in unsorted lists much faster than normal computers. It improves brute-force search efficiency and reduces symmetric encryption security by roughly half in bits.
Is AES 256 post-quantum?
AES-256 is post-quantum secure.
