Solutions
Concrete steps can be taken now
The following cryptographic methods are recommended by the Australian Signals Directorate (ASD) and have been standardised by the United States' National Institute of Science and Technology (NIST), having remained unbroken after more than eight years of testing by the world's leading experts. There is no known algorithm, conventional or quantum, which can break them but nor is there mathematical proof that they are unbreakable. This means they might be broken in the future. Encryption methods have been broken unexpectedly before and recent progress in solving module lattice problems indicates the importance of remaining vigilant.
Module Lattice Key Encapsulation Mechanism (ML-KEM): Also known as Crystals Kyber, this cryptographic protocol uses the difficulty of finding the smallest generating vectors of a many dimensional lattice to provide secure key exchange and encrypt data. Its NIST standard is designated Federal Information Processing Standard (FIPS) 203.
Module Lattice - Digital Signature Algorithm (ML-DSA): Originally known as Crystals Dilithium, this lattice-based encryption uses the smallest keys of any post-quantum algorithm, making it ideal for digitally signing documents to demonstrate their origin with non-repudiation, meaning that it is difficult for the originator of the document to deny being the source. Its NIST standard is FIPS 204.
Backup key encapsulation Hamming Quasi-Cyclic (BHQC): No standard set yet (coming soon!!) but will serve as backup if lattice-based encryptions are broken.
StateLess Hash-based Digital Signature Algorithm (SLH-DSA): This is based on the hash-based method SPHINCS+. Designated NIST standard FIPS 205, it is used to detect unauthorised modifications to data and also to provide proof-of-origin with non-repudiation.
Replacing vulnerable encryption methods with secure ones is not the only option. Alternatives to encryption and mathematically unbreakable ciphers are also available. They each have their own strengths and weaknesses to consider when upgrading your organisation's encryption.
Embedded key cryptography: This encryption inserts keys inside each message which are only detectable by those who received the preceding message. This leaves no underlying pattern for a hacker to break, making it provably unbreakable.
Data tokenization: Replaces sensitive data with tokens pointing to the data which is kept in a super-secure facility until it is needed. Already in wide use to ensure data privacy.
Quantum Key Distribution (QKD): Uses quantum physics to share keys without eavesdropping by third parties. The rules of quantum physics make it impossible for a third party to intercept and copy the key without detection. This method was not included in the new standards because it requires specialised physical equipment and is not backwards compatible.
There is, thankfully, a growing awareness of the quantum decryption issue within the computing industry and many hardware, software and service providers, including open source, are incorporating post-quantum cryptography into their products and services. Furthermore, the default encryption for the world wide web will be post-quantum from later this year.
This means that organisations with generic computing needs and only non-specialised IT equipment may not need to spend time and money on technical details best left to specialists. While considerations of compatibility and compromised performance remain, compliance with post-quantum encryption standards might be achieved by strategically upgrading applications and operating systems.
In order to get the best outcome it is important to consider all options. While we must move away from standard cryptography, swapping in post-quantum cryptography is not necessarily the only option. There are key-free encryption methods available and popular operating systems and cloud-based services have post-quantum options available, or plan to in the near future.
Knowing what's available and when will allow us to find you an optimal path to post-quantum crypto-safety.
Click the buttons above to learn more:
Keywords: #cyber security, #post-quantum cybersecurity
Copyrights 2025 | Schrocat Security™ | Terms & Conditions