Post-Quantum Cryptography Frequently Asked Questions

Post-quantum cryptography (PQC) refers to cryptographic algorithms that are believed to be secure against an attack by quantum computers. As quantum computing advances, it threatens many of our current encryption methods, particularly public key cryptography like RSA and ECC. PQC aims to develop cryptographic systems that remain secure even when quantum computers become powerful enough to break current standards.

Large-scale quantum computers could potentially break many of today's public-key cryptographic systems using Shor's algorithm, which efficiently solves the mathematical problems that underpin current public-key cryptography. The hardest problems for classical computers to solve (factoring large numbers and computing discrete logarithms) can be solved efficiently on a sufficiently powerful quantum computer, rendering systems like RSA, ECDSA, and Diffie-Hellman vulnerable.

Experts generally estimate that quantum computers capable of breaking 2048-bit RSA encryption might emerge within the next 10-20 years, although exact timelines remain uncertain. However, the 'harvest now, decrypt later' threat means that encrypted data transmitted today could be captured and stored until quantum computers become available to decrypt it, which is why organizations need to begin the transition to post-quantum cryptography now.

NIST has selected several finalist algorithms across different mathematical approaches: lattice-based cryptography (CRYSTALS-Kyber, CRYSTALS-Dilithium, FALCON), hash-based cryptography (SPHINCS+), and code-based cryptography. In July 2022, NIST announced that CRYSTALS-Kyber was selected for key establishment, while CRYSTALS-Dilithium, FALCON, and SPHINCS+ were selected for digital signatures. Additional candidates remain under consideration for future standardization.

No. While public-key (asymmetric) cryptography methods like RSA and ECC are vulnerable to quantum attacks, symmetric encryption algorithms like AES are less vulnerable. Quantum computers would reduce the security of symmetric algorithms, but this can be mitigated by using larger key sizes. Hash functions are similarly affected, requiring larger output sizes to maintain the same security level against quantum attacks.

Cryptographic agility refers to a system's ability to easily transition from one cryptographic algorithm to another without significant disruption or redesign. It's crucial for post-quantum readiness because it allows organizations to:

1) Replace vulnerable algorithms with quantum-resistant ones when standards become available.

2) Quickly respond to cryptographic vulnerabilities if discovered.

3) Support hybrid approaches during transition periods.

4) Minimize costs and disruption during cryptographic migrations.

No. Organizations should begin preparing now by:

1) Inventorying cryptographic assets and identifying vulnerable systems.

2) Implementing cryptographic agility in new and existing systems.

3) Developing migration roadmaps for critical systems.

4) Engage with vendors on their post-quantum plans.

While full implementation should await final standards, the preparatory work is substantial and should begin immediately to avoid rushed, costly transitions later.

A hybrid approach combines traditional cryptographic algorithms with post-quantum algorithms. This provides a defense-in-depth strategy during the transition period. If a vulnerability is found in either the classical or quantum-resistant algorithm, the other algorithm still provides protection. Many organizations plan to implement hybrid approaches during the initial transition phase to maximize security and ensure backward compatibility.

Post-quantum cryptographic algorithms generally require more computational resources than current algorithms. Key sizes and signature sizes are typically larger, which can impact bandwidth, storage, and processing time. The specific performance impact varies by algorithm and implementation. Early testing and benchmarking in your specific environment is essential to understand and mitigate these performance considerations.

Sectors with data requiring long-term confidentiality face the highest risk, including:

1) Government and defense (classified information).

2) Healthcare (patient records).

3) Financial services (transaction data).

4) Critical infrastructure.

5) Intellectual property-intensive industries.

Any organization handling data that must remain secure for 5+ years should prioritize post-quantum readiness.

The Qujata project provides testing frameworks, performance benchmarks, and migration tools to help organizations evaluate and implement post-quantum cryptographic solutions. By offering standardized measurement methods and compatibility testing, Qujata helps organizations compare different implementations, understand performance implications, and plan effective migration strategies tailored to their specific systems and security requirements.