What is Cryptography?

At its core, cryptography is the practice of using math to protect information so that:

• Only authorized parties can read it (confidentiality)

• You can be sure where it came from (authenticity)

• And it hasn’t been changed (integrity)

This is typically done using algorithms that scramble (encrypt) and unscramble (decrypt) data using keys. Most of today’s cryptography relies on math problems that are hard to solve with current computers. Some of those are (a) factoring large numbers (used in RSA), and (B) finding discrete logarithms (used in Diffie-Hellman and elliptic curve cryptography).

These problems take an impractical amount of time to solve with even the fastest modern computers, so they become the hard problems that protect your data.

What is a quantum computer?

A quantum computer uses the rules of quantum physics to process information in a fundamentally different way than classical computers. It can represent many possible answers simultaneously using qubits. It can also solve certain problems exponentially faster. This makes them powerful, but also dangerous for certain types of cryptography.

So, what’s the problem?

Quantum computers (if scaled up) can break the hard problems that current cryptography relies on. For example, Shor’s algorithm (a quantum algorithm) can efficiently factor large numbers, breaking RSA. It can also break elliptic curve cryptography and Diffie-Hellman key exchange. This means that once powerful quantum computers are available, much of today’s cryptographic infrastructure becomes insecure.

What is post-quantum cryptography (PQC) and Why do we need it?

Post-quantum cryptography is the design of cryptographic algorithms that are secure even against quantum computers. PQC algorithms run on classical computers (no quantum hardware needed). They’re built on math problems that quantum computers can’t solve efficiently (like lattice problems, code-based problems, multivariate equations, etc.). They’re intended to replace or complement existing systems before quantum computers become practical.

The U.S. National Institute of Standards and Technology (NIST) is standardizing PQC algorithms now.

The Last Word

Organizations need to prepare and migrate to post-quantum systems, especially for long-term secrets (e.g., government data, medical records, software updates). Why? Because, data can be recorded or stolen (e.g., through data breaches) and decrypted later when quantum computers arrive. Aka "harvest now", "decrypt later".