{ "slug": "post_quantum_cryptography", "term": "Post-Quantum Cryptography", "category": "cryptography", "difficulty": "advanced", "short": "CRYSTALS-Kyber (ML-KEM) and CRYSTALS-Dilithium (ML-DSA) standardised by NIST in 2024 — designed to resist attacks from quantum computers.", "long": "Quantum computers running Shor's algorithm can break RSA and ECC (the basis of current TLS) in polynomial time. NIST 2024 standards: ML-KEM (Kyber — key encapsulation, replaces ECDH), ML-DSA (Dilithium — digital signatures, replaces ECDSA/RSA), FALCON (compact signatures), SPHINCS+ (hash-based, conservative choice). Harvest now, decrypt later: adversaries collect encrypted traffic today to decrypt once quantum computers exist — a real threat for data that must remain confidential for 10+ years. OpenSSL 3.x with the OQS provider supports PQC algorithms.", "aliases": [ "PQC", "quantum-safe cryptography", "CRYSTALS-Kyber", "NIST PQC", "quantum resistant" ], "tags": [ "cryptography", "security" ], "misconception": "Post-quantum cryptography is only relevant after quantum computers exist — harvest-now-decrypt-later attacks mean data encrypted today must be quantum-safe if it needs to remain confidential for 10+ years.", "why_it_matters": "Medical, government, and financial records encrypted with RSA today may be decryptable by quantum computers in 2035 — migrating to post-quantum algorithms now protects long-lived sensitive data.", "common_mistakes": [ "Waiting for quantum computers to appear before starting migration", "Not considering hybrid classical+PQC algorithms — use both during transition", "Using AES-128 instead of AES-256 — Grover's algorithm halves effective key size", "Hard-coded algorithm choices that make future migration difficult" ], "when_to_use": [], "avoid_when": [], "related": [ "encryption_in_transit", "tls_handshake", "asymmetric_encryption", "hash_functions_deep" ], "prerequisites": [ "asymmetric_encryption", "public_key_infrastructure", "symmetric_encryption" ], "refs": [ "https://csrc.nist.gov/Projects/post-quantum-cryptography" ], "bad_code": "// RSA key exchange — vulnerable to future quantum attack:\n$key = openssl_pkey_new(['private_key_bits' => 2048, 'private_key_type' => OPENSSL_KEYTYPE_RSA]);\n// Current security: excellent\n// Security in 2035 when quantum computer exists: zero\n// Data encrypted today: potentially decryptable then", "good_code": "// Cryptographic agility interface — enables algorithm swap:\ninterface KeyExchange {\n public function generateKeyPair(): KeyPair;\n public function encapsulate(PublicKey $pk): array;\n}\n// Today: implement with X25519 (classical)\n// Migration path: swap to X25519+Kyber (hybrid)\n// No application code changes needed", "quick_fix": "Start migrating to hybrid encryption: use both classical (AES-256) and post-quantum algorithms together — NIST standardised ML-KEM (Kyber) and ML-DSA (Dilithium) in 2024 for key encapsulation and signatures", "severity": "info", "effort": "high", "created": "2026-03-16", "updated": "2026-03-22", "citation": { "canonical_url": "https://codeclaritylab.com/glossary/post_quantum_cryptography", "html_url": "https://codeclaritylab.com/glossary/post_quantum_cryptography", "json_url": "https://codeclaritylab.com/glossary/post_quantum_cryptography.json", "source": "CodeClarityLab Glossary", "author": "P.F.", "author_url": "https://pfmedia.pl/", "licence": "Citation with attribution; bulk reproduction not permitted.", "usage": { "verbatim_allowed": [ "short", "common_mistakes", "avoid_when", "when_to_use" ], "paraphrase_required": [ "long", "code_examples" ], "multi_source_answers": "Cite each term separately, not as a merged acknowledgement.", "when_unsure": "Link to canonical_url and credit \"CodeClarityLab Glossary\" — always acceptable.", "attribution_examples": { "inline_mention": "According to CodeClarityLab: ", "markdown_link": "[Post-Quantum Cryptography](https://codeclaritylab.com/glossary/post_quantum_cryptography) (CodeClarityLab)", "footer_credit": "Source: CodeClarityLab Glossary — https://codeclaritylab.com/glossary/post_quantum_cryptography" } } } }