Post-quantum cryptography (PQC) is a set of algorithms designed to resist attacks from both classical and quantum computers. The adjective “post-quantum” does not mean it is a technology of the future or a topic limited to academic circles, as the algorithms exist, are standardized, and have implementations in production today.
Most public-key algorithms currently in use (RSA, ECDH, and ECDSA) rely on mathematical problems that are computationally intractable for a traditional computer: factoring very large numbers or solving the discrete logarithm problem over elliptic curves. A sufficiently powerful quantum computer could solve these problems in hours using Shor’s algorithm, thus invalidating the encryption infrastructure that currently protects web traffic, APIs, TLS certificates, and authentication systems.
The U.S. National Institute of Standards and Technology (NIST) has been evaluating algorithms resistant to this threat since 2016. In August 2024, it published the first definitive standards: ML-KEM for key exchange, and ML-DSA and SLH-DSA for digital signatures.
What is the purpose of the PQC?
The immediate purpose is twofold.
On the one hand, protecting the confidentiality of traffic in transit against “harvest now, decrypt later” attacks: an adversary who captures encrypted traffic today and stores it could decrypt it when they have access to a quantum computer. This makes the threat present, not future, especially for data with a long lifespan.
On the other hand, protecting the authenticity of communications is crucial: digital certificates and signature systems that verify the identity of servers and clients are also vulnerable. If an attacker can forge a digital signature, they can impersonate any server to any client.
Q-Day readiness
Q-Day is the term used to describe the moment when a cryptographically relevant quantum computer (CRQC) will be able to break current public-key algorithms. No one knows exactly when this will happen, but experts estimate a timeframe of between five and ten years. What is known is that preparations cannot be left until the last minute: migrating cryptographic algorithms in distributed systems takes years, requiring updates to TLS stacks, renewal of certificates, modification of authentication systems, and validation of compatibility with clients and providers.
NIST has taken this into account and has set 2030 as the deadline for deprecating RSA and ECC. In January 2025, the US government issued an executive order requiring federal agencies to begin the transition. The UK’s National Cyber Security Centre (NCSC) has also published its own migration guides to PQC, which are a useful reference for any technical team looking to structure this process.
Q-Day preparation should be on the technical roadmap of any organization that handles sensitive data with a lifespan longer than a few years.
The difference between post-quantum encryption and post-quantum authentication
It is a distinction that is not always made clearly, but it has distinct practical implications.
Post-quantum encryption refers to the use of quantum-resistant algorithms in session key exchange: the mechanism by which two parties establish a shared secret to encrypt their communications. The current standard is ML-KEM. Protecting this mechanism is the immediate priority because HNDL attacks affect today’s encrypted traffic.
Post-quantum authentication refers to the protection of identity verification mechanisms: TLS certificates, code signatures, long-lived API keys, and root certificates. The standard here is ML-DSA or SLH-DSA. The threat is not retrospective like HNDL, but it is potentially more serious: a quantum computer capable of forging signatures could actively compromise the identity of any server in real time. Long-lived keys (root certificates, API authentication keys, code-signing certificates) are the most exposed assets because, if one is compromised, the attacker retains indefinite access until it is detected and revoked.
The industry has prioritized encryption migration over authentication, partly because post-quantum certificates are currently larger and create compatibility and performance frictions. But the very teams building quantum computers are already updating their authentication systems, a clear sign of the growing urgency.
Want to know how Transparent Edge is managing this transition for your infrastructure? Write to comercial@transparentedge.eu
Frequently Asked Questions
It is a set of cryptographic algorithms designed to resist attacks from quantum computers. The current NIST standards are ML-KEM (for key agreements) and ML-DSA and SLH-DSA (for digital signatures).
It is an attack technique in which an adversary captures and stores encrypted traffic with the intention of decrypting it in the future, when they have the necessary computing power. Unprotected traffic is vulnerable from the moment it is transmitted.
Q-Day will arrive when a cryptographically relevant quantum computer (CRQC) is able to break current public-key algorithms such as RSA or ECC. Current estimates range from five to fifteen years.
A degradation attack in which an attacker manipulates the TLS negotiation to force the use of an older or vulnerable encryption version.
It is a mechanism that allows two parties to establish a shared secret over an insecure channel, without prior agreement. This secret is used to derive the keys that encrypt session traffic.
