Q&A on the next big cyber threat: Post-quantum cryptography

COMMENTARY: With quantum computing gradually shifting from theory to engineering reality, a pressing question arises. How can modern encryption withstand such a challenge?

Although large-scale quantum computers may still be years away, the need to act is immediate: organizations must begin migrating to post-quantum cryptography (PQC) today. From lattice-based constructions to novel methods for securing confidential information, the shift to PQC marks a new chapter in digital security, where quantum and classical computing coexist.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

Why is there a rush to adopt post-quantum resistant solutions?

The urgency for post-quantum-resistant solutions stems from the “harvest-now, decrypt-later” threat. Even if large-scale quantum computers are not yet available, adversaries can collect encrypted communications, model parameters, and datasets and store them until future quantum hardware is powerful enough to break today’s encryption standards.

Algorithms such as RSA and elliptic-curve cryptography, the cornerstones of modern digital security, would become vulnerable to quantum attacks made possible by Shor’s algorithm. This quantum computing method can break the mathematical problems these systems rely on. Once quantum hardware scales, data encrypted today could be instantly decrypted tomorrow.

Because many forms of sensitive information — such as financial transactions, medical records, and proprietary AI models — remain valuable for years, organizations must transition now to cryptographic systems that will remain secure in both the pre- and post-quantum eras.

This proactive migration is reinforced by regulatory momentum.

The National Institute of Standards and Technology (NIST) has standardized post-quantum algorithms, and governments worldwide have established transition timelines. The National Security Agency (NSA)’s guidance targets the period from 2030 to 2033 for migration, while the U.S. federal government aims for 2035. Roadmaps from the UK, EU, and Australia similarly converge around the 2030–2035 window.

Global guidance is clear: the shift to quantum-resistant security must begin today.

What does "post-quantum resistant" mean?

A cryptographic scheme is considered post-quantum resistant if no known efficient algorithm can break its security assumptions — whether using a quantum or a classical computer. Beyond Shor’s algorithm, Grover’s algorithm is the other key quantum algorithm with real implications for cryptography. While Grover does not threaten public-key systems, it provides a quadratic speed-up for brute-force key searches, potentially reducing the practical security level of symmetric primitives.

However, unlike public-key cryptography, symmetric cryptography remains robust in the post-quantum era. The impact of Grover’s algorithm can be mitigated by doubling key sizes — for example, using AES-256 instead of AES-128 — which restores a comfortable security margin.  This makes modern symmetric designs effectively quantum-resistant with minor adjustments.

By contrast, achieving quantum resistance in public-key cryptography requires fundamentally different mathematical foundations. Post-quantum security relies on problems believed to be hard for both classical and quantum computers, such as lattice-based, code-based, and hash-based constructions. These hardness assumptions support the algorithms being standardized by NIST — for example, CRYSTALS-Kyber, Dilithium, and Falcon — and form the foundation of practical, quantum-safe public-key cryptography.

What is lattice-based cryptography?

Lattice-based cryptography is one of the main pillars of post-quantum cryptography, designed to remain secure even against adversaries equipped with quantum computers. Unlike classical systems such as RSA or elliptic-curve cryptography, which rely on number-theoretic assumptions like factoring or discrete logarithms, lattice-based schemes are built on the geometry of high-dimensional spaces.

Modern lattice-based cryptography relies on several problems hard for both classical and quantum computers. The most widely used are:

Learning With Errors (LWE): Suppose you have a list of math equations that almost fit together perfectly, but each has a little random “noise.” The challenge is to find the hidden numbers that make them all work. 

Ring-LWE: A more structured version of LWE that makes encryption faster while keeping it just as hard to break.

Approximate Closest Vector Problem (Approx-CVP): Imagine a lattice, that is, a vast grid of points, and a target point located somewhere near it. The goal is to find a lattice point that is close enough to the target, within a specified approximation factor or threshold.

These problems may appear easy to solve when visualized in low dimensions but their complexity grows dramatically with dimensionality. In the case of Approx-CVP, once we move to high-dimensional spaces (hundreds or thousands of dimensions), the number of lattice points increases exponentially, and no known classical or quantum algorithm can efficiently identify even an approximately closest one.

Quantum-proofing cryptography, one grid at a time

Despite their expected computational power and ability to accelerate specific algebraic tasks, quantum computers do not provide an efficient method for solving lattice problems, like Approx-CVP. 

While research continues to advance and refine post-quantum cryptographic schemes, the cybersecurity community cannot afford to wait for quantum computers to fully mature before beginning the transition.

Adopting quantum-safe solutions is not simply about defending against a distant future threat — it is about building security architectures that can protect sensitive data for the next 20 to 30 years. Organizations should start inventorying their cryptographic assets and testing PQC readiness today.