The race to post-quantum encryption

New cryptographic standards are emerging, but transitioning to post-quantum cryptography is a slow and complex process. Daniel Shiu at Arqit helps untangle the complex web of post-quantum cryptography

 

In August 2024, NIST announced three new post-quantum encryption standards, aiming to set a global benchmark for future cyber-security. NIST’s list of post-quantum encryption algorithms marked a major step in protecting sensitive data from the potential power of quantum computers, which could one day break today’s encryption and expose everything from personal data to state secrets. 

 

The NIST standards set out a global framework for future-proofing cyber-security, but significant challenges remain, and organisations need to navigate the change carefully.

 

Transitioning to new cryptographic algorithms can take decades, and the process leaves businesses exposed in the interim. We need only look at MD5 and SHA-1, which remained in use long after being declared vulnerable. And with regulators in the US, EU and Australia now pushing for quantum-safe standards by 2030, enterprises must move now to identify and replace vulnerable cryptography.

 

NIST’s PQE algorithms: key considerations

In contrast to many current encryption methods, which may be vulnerable to quantum computing’s novel mathematical capabilities, NIST’s recommended algorithms offer a higher level of protection by using structures that are much more difficult for quantum computers to break. 

 

ML-KEM, ML-DSA and SLH-DSA are designed for asymmetric encryption, which involves using a pair of keys, where one is public and one is private. ML-KEM (Modular Lattice Key Encapsulation Mechanism) and ML-DSA (Modular Lattice Digital Signature Algorithm) are both based on lattice-based cryptography, which is recognised as one of the strongest approaches to post-quantum security. SLH-DSA (Stateless Hash-Based Digital Signature Algorithm) is slightly different and is founded on the SPHINCS+ hashing mechanism. 

 

In terms of the challenges facing organisations transitioning to NIST’s post-quantum encryption standards, the algorithms may not be as efficient or cost-effective as the encryption methods currently in use. This can lead to increased operational costs, particularly for those that need to update extensive infrastructure. 

 

The transition itself involves updating a significant amount of infrastructure, and a range of technical and operational challenges will inevitably arise along the way. This includes interoperability issues between legacy and new systems. Organisations will need to be prepared for potential downtime and other operational challenges as the new standards are implemented. Migration is also a complex, gradual process which demands investment in time and resources. 

 

The development and selection of NIST’s list of algorithms was thorough, though not without its setbacks. For example, it only took a weekend and a standard laptop to breach earlier candidates RAINBOW and SIKE, which were previously thought to be quantum secure. The final list represented the best of what is currently available.

 

While the algorithms have been rigorously tested, there are of course no guarantees that they won’t face challenges in the future. Adopting them is a proactive step towards safeguarding risks, but ongoing research is crucial. Organisations should stay informed about any developments in this regard. 

 

The global PQE landscape 

Further complicating the race to secure data against quantum threats is the fact that the post-quantum encryption landscape is becoming increasingly fragmented and politically charged. While awareness of the urgent need for post-quantum security has been rapidly building — with 2025 hailed the Year of Quantum — this has so far failed to result in a unified global effort when it comes to standards. 

 

Indeed, while the US has finalised three NIST-approved PQE algorithms, Europe has so far withheld endorsement, favouring more conservative options such as Frodo and Classic McEliece. China has recently rejected US-led standards in favour of its own and South Korea has selected four algorithms, including HAETAE, for national cryptographic use. Meanwhile, Russia and Ukraine are each backing their own competing PQE algorithms.

 

PQE is fast becoming another geopolitical battleground, as achieving global consensus is proving extremely difficult. A fragmented PQE landscape introduces significant interoperability concerns into the mix, and makes symmetric cryptography all the more important as a viable global alternative in the transition. 

 

Symmetric Key Agreements (SKAs) have become the ‘gold standard’ for post-quantum encryption and should be considered alongside standards such as NIST’s. They use a single key shared between two parties to encrypt and decrypt data, making them simpler and more resistant to quantum attacks compared to asymmetric encryption. 

 

SKAs also offer flexibility, supporting a wider range of algorithms, and can be easily integrated into existing systems, providing immediate protection against threats such as man-in-the-middle attacks. 

 

Ultimately, the security risks posed by quantum computers won’t just emerge after ‘Q-Day’. Hackers are already engaging in ’Harvest Now, Decrypt Later’ (HNDL) attacks to target sensitive encrypted data, with the view to decrypt them once the quantum computing capabilities are available. And while work is underway to adopt NIST’s post-quantum cryptography standards or other competing algorithms globally, businesses are vulnerable in the meantime. 

 

Against this backdrop, organisations navigating the race to post-quantum encryption are faced with much complexity. SKA technology is set to play a vital role in mitigating quantum risks as part of an effective quantum security strategy while allowing for a flexible integration with existing network infrastructure. 

 

Backed by NIST, and proven in projects with Intel and Sparkle, SKAs are ready for deployment today. Pairing them with NIST’s new standards offers organisations a stronger, layered defence against both current and future quantum threats.

 

---

 

Daniel Shiu is Chief Cryptographer at Arqit

 

Main image courtesy of iStockPhoto.com and luchezar