CIFER LogoCIFER
Back to all articles
post-quantumcryptographyNISTfuture-security

Post-Quantum Cryptography: Preparing for the Quantum Threat

Understanding the quantum computing threat to current encryption and how post-quantum algorithms will protect your data in the future.

CIFER Security Team4 min read

Quantum computers pose an existential threat to the encryption that protects virtually all digital communication today. While large-scale quantum computers don't exist yet, the threat is already real — and organizations need to prepare now.

The "Harvest Now, Decrypt Later" Attack

Here's the uncomfortable truth: adversaries are already collecting encrypted data today with plans to decrypt it once quantum computers become available. This is known as "harvest now, decrypt later" or HNDL.

Consider data that needs to remain confidential for:

  • 10 years — Financial records
  • 25 years — Medical records
  • 50+ years — Government secrets, intellectual property

If quantum computers arrive within these timeframes (many experts predict 10-15 years), that data is already compromised.

What Makes Quantum Computers Dangerous?

Shor's Algorithm

Quantum computers can run Shor's algorithm, which efficiently solves:

  • Integer factorization — Breaks RSA encryption
  • Discrete logarithm — Breaks Diffie-Hellman key exchange
  • Elliptic curve discrete logarithm — Breaks ECDSA, ECDH

Security comparison:

  • RSA-2048: Classical ~112 bits → Quantum 0 bits
  • ECDSA-256: Classical ~128 bits → Quantum 0 bits
  • AES-256: Classical ~256 bits → Quantum ~128 bits

Grover's Algorithm

Grover's algorithm provides a quadratic speedup for searching, which means:

  • AES-128 effectively becomes AES-64 (breakable)
  • AES-256 effectively becomes AES-128 (still secure)

This is why symmetric key sizes should be doubled for post-quantum security.

NIST Post-Quantum Standards

In 2024, NIST finalized its first post-quantum cryptographic standards:

ML-KEM (CRYSTALS-Kyber)

A key encapsulation mechanism based on lattice problems:

Key sizes:
- ML-KEM-512:  Public key 800 bytes,  Ciphertext 768 bytes
- ML-KEM-768:  Public key 1184 bytes, Ciphertext 1088 bytes
- ML-KEM-1024: Public key 1568 bytes, Ciphertext 1568 bytes

Use case: Replacing Diffie-Hellman for key exchange

ML-DSA (CRYSTALS-Dilithium)

A digital signature scheme also based on lattices:

Key sizes:
- ML-DSA-44: Public key 1312 bytes, Signature 2420 bytes
- ML-DSA-65: Public key 1952 bytes, Signature 3293 bytes
- ML-DSA-87: Public key 2592 bytes, Signature 4595 bytes

Use case: Replacing RSA/ECDSA for digital signatures

SLH-DSA (SPHINCS+)

A hash-based signature scheme with different security assumptions:

Key sizes (varies by parameter set):
- Public keys: 32-64 bytes
- Signatures: 7,856-49,856 bytes

Use case: Conservative backup to lattice-based schemes

Migration Challenges

Larger Key Sizes

Post-quantum algorithms require significantly larger keys and signatures:

Key size comparison:

  • RSA-2048: Public key 256 bytes, Signature 256 bytes
  • ECDSA-P256: Public key 64 bytes, Signature 64 bytes
  • ML-KEM-768: Public key 1,184 bytes, Ciphertext 1,088 bytes
  • ML-DSA-65: Public key 1,952 bytes, Signature 3,293 bytes

This impacts:

  • Network bandwidth
  • Storage requirements
  • Handshake performance
  • Embedded devices with limited resources

Hybrid Approaches

During the transition, many organizations will use hybrid cryptography:

// Hybrid key exchange example
const classicalKey = await ecdh.deriveKey(peerPublicKey);
const postQuantumKey = await mlkem.decapsulate(ciphertext);

// Combine both keys
const finalKey = hkdf(
  concat(classicalKey, postQuantumKey),
  'hybrid-key-derivation'
);

This provides protection against both classical and quantum attacks during the uncertainty period.

CIFER's Post-Quantum Readiness

At CIFER, we're preparing for the quantum future:

Current Capabilities

  • Hybrid encryption — Classical + post-quantum algorithms available
  • Algorithm agility — Easy migration without application changes
  • Hardware acceleration — TEE-optimized PQC implementations

Migration Path

  1. Phase 1 (Now): Hybrid mode available for early adopters
  2. Phase 2 (2025): Default hybrid mode for new deployments
  3. Phase 3 (2026+): Post-quantum-only mode for high-security use cases

Action Items for Organizations

Immediate Steps

  1. Inventory your cryptography — Know what algorithms you use where
  2. Assess data longevity — What data needs protection for 10+ years?
  3. Test PQC compatibility — Ensure your systems handle larger keys

Medium-Term (1-2 Years)

  1. Deploy hybrid solutions — Start using PQC alongside classical crypto
  2. Update protocols — Migrate to TLS 1.3 with PQC support
  3. Train your team — Build PQC expertise

Long-Term (3-5 Years)

  1. Full PQC transition — Phase out vulnerable algorithms
  2. Continuous monitoring — Track quantum computing advances
  3. Regular reassessment — Adjust timeline as needed

Conclusion

The quantum threat is not science fiction — it's a matter of when, not if. Organizations that begin preparing now will have a smooth transition, while those that wait may face costly emergency migrations or, worse, compromised data.

Post-quantum cryptography is complex, but you don't have to navigate it alone. CIFER's architecture is designed for cryptographic agility, making the transition seamless for our customers.

Concerned about quantum threats to your data? Contact us to discuss your post-quantum migration strategy.

Back to all articlesGet in touch