What is post-quantum cryptography?

Post-quantum cryptography (PQC), also known as quantum-resistant cryptography or quantum-safe cryptography, refers to encryption algorithms that are resistant to attacks from quantum computers. Quantum computers are an emerging technology that use quantum physics, the laws that govern how the universe works at its smallest level. 

Today, most of the world’s data is protected by encryption algorithms based on complicated mathematical principles. A conventional computer without post-quantum cryptographic functions, sometimes called a “classical” computer, is not powerful enough to break through these encryption algorithms in a practical amount of time. For most conventional computers, it would take thousands of years.

Quantum computers could compromise or break current cryptography in a matter of seconds. 

Because quantum computers are not widely available, but could be in the near future, post-quantum cryptography is a rapidly emerging field. Scientists and engineers all over the world are working to create new algorithms and methods that would protect data from cyberattacks by regular computers today as well as the quantum computers of tomorrow. 

4 steps to prepare for PQC

Cryptography is the process of hiding information, often with the use of mathematical algorithms, so only the intended receiver can read it. For computers, cryptography involves developing coded algorithms to protect and obscure confidential information transmitted between places. Many of the core functions of institutions like governments, banks, and hospitals depend on similar encryption algorithms to protect their data’s integrity and confidentiality. 

Encryption algorithms transform data into an unreadable format and then decipher it using secret keys. These algorithms create “safes” for digital information. The main types of encryption algorithms are: 

Symmetric algorithms. These algorithms use the same key to lock and unlock data. If you think of a physical safe as an example, only you and your partner would have keys to access it. You use your key to lock a document inside, while your partner uses their identical key to unlock it. Symmetric algorithms work in a similar way, allowing someone to protect large amounts of data that’s typically kept in 1 location permanently (think of company files kept on servers). This process is sometimes called Advanced Encryption Standard (AES). 

Asymmetric algorithms. This process uses 2 different keys—a public key and a private key. Think of a public mailbox: Anyone can drop something in (with the mailbox slot representing the public key) while only the mail carrier with a specific key (the private key) can open it. The benefit of this process is people can send information securely to someone they haven’t met (like entering your credit card number to buy something online) without having to send them a secret key. These algorithms are part of the backbone of the internet. Common ones include Rivest-Shamir-Adleman (RSA) and elliptical curve cryptography (ECC).

Most modern security systems use a combination of symmetric and asymmetric algorithms. For example, an asymmetric algorithm (the public mail box) might be used to pass over the shared key necessary for accessing data protected by a symmetric algorithm.

Imagine if a conventional computer and a quantum computer were trying to guess the combination for a combination lock. A conventional computer would guess each combination individually until it finds the right answer. Now imagine if that combination lock had trillions of possible combinations. It would take a conventional computer a long time to try each combination. Our current encryption algorithms (though they’re way more complicated than a combination lock) are based on a similar idea for security. 

If we take the same analogy of the combination lock, a quantum computer could process trillions of possible combinations at once in order to quickly find the right key. It would be able to guess the shared, public, and private keys that protect our data. This massive leap in processing power means the mathematical locks we rely on today could be compromised in the future. 

Challenges for quantum computers

Current quantum computers, while powerful, have unique limitations. The slightest difference in temperature, vibration, or other environmental changes can disrupt quantum computers enough to prevent them from completing a function. The quantum computers of today also have to be kept in a vacuum chamber at a temperature colder than outer space, and they still don’t possess enough processing power to be cryptographically relevant. 

When will quantum computers be cryptographically relevant or able to completely break through our current cryptography? There’s no conclusive answer, but many estimates say it could happen in the next 10–15 years. Some estimates suggest it could be sooner than that, even as early as 2029. Still, there are current threats from quantum computers that people need to protect their data from.

Quantum computers aren’t widely accessible at the moment, and the ones that do exist are extremely complicated to maintain. Still, the possibility of what they could do in the future is spurring security threats now. A major threat is harvest now, decrypt later (HNDL) attacks, in which bad actors steal encrypted data with the intent of using quantum computers to decode the data in the near future. Medical information, bank account numbers, social security numbers, or other private government information tends to change infrequently. Therefore, the data stays valuable to bad actors over the long term. That’s why many organizations are already preparing for quantum computers and their effects on our data privacy and security. 

One way to prepare for HNDL attacks is to begin using “quantum-resistant algorithms.” The National Institute of Standards and Technology (NIST) has selected 4 quantum-resistant algorithms based on math problems that quantum computers (as well as today’s conventional computers) struggle to solve. By employing these new quantum-resistant algorithms, organizations can protect information that may be harvested by bad actors now and in the future. 

With the growing concern over what quantum computers could do, as well as current threats like HNDL attacks, industries and governments around the world are racing for solutions. Usually, it takes decades to widely implement any cryptography method. No one wants to standardize their security on algorithms that might ultimately prove less effective or secure. Many organizations look to NIST to provide PQC standards, as they have provided other encryption standards before.

In 2016, NIST kicked off the Post-Quantum Cryptography Project with the goal of experts from around the world creating and submitting algorithms that could prove intractable for classical and quantum computers. After an intensive and open process of testing and retesting, NIST released the first 3 finalized post-quantum encryption standards in 2024 and encouraged businesses to start implementing them as soon as possible. Many countries and security agencies such as the European Union Agency for Cybersecurity (ENISA), French National Cybersecurity Agency (ANSSI), and National Counterintelligence and Security Center (NCSC) are following NIST’s guidance. Some have already set deadlines for compliance.

Since 2022, Red Hat has been working on the requirements for post-quantum cryptography to help our customers protect their data against attacks and fulfill future regulatory requirements. Red Hat® Enterprise Linux®, the foundation of all of Red Hat products, is the starting point for integrated post-quantum cryptography capabilities. 

Red Hat Enterprise Linux 9.6 and 10 includes NIST-approved algorithms. Red Hat’s goal is to help customers develop, test, and prepare for post-quantum cryptography becoming part of every step in product development.

Learn more about preparing for PQC