Eliminate blind spots in your SSL/TLS encrypted traffic.

Learn More

    What is Quantum-safe Cryptography?

    2 Apr 2022

    What is Quantum-safe Cryptography?

    Read time: 10 minutes

    Quantum computing is a field of study that focuses on the development of computer-based technologies centred around quantum theory principles. To perform specific computational tasks, quantum computing employs a combination of bits. All of this is done at a much higher efficiency than their traditional counterparts. The development of quantum computers represents a significant advancement in computing capability, with massive performance gains for specific use cases.

    Quantum bits, or qubits, can be in the state of both 1 and 0 simultaneously, which in turn provides much of the quantum computer’s processing power. Due to this, a fully functioning quantum computer could break the majority of classical encryption algorithms in days, and in some cases even hours.

    Quantum-safe cryptography

    Post-quantum cryptography, also known as quantum-safe cryptography, refers to research efforts aimed at identifying cryptographic primitives resistant to attacks from classical and quantum computers. The ultimate goal of these efforts is to find cryptographic algorithms that are not vulnerable to any cryptographic attacks by conventional or quantum computers, thereby allowing robust security of information assets in post-quantum world.
    It is widely known that in the absence of quantum-safe cryptography, serious security issues will arise such as: transmitted information through public channels could be vulnerable to eavesdropping, encrypted data could be stored for later decryption considering the power of a quantum-computer. Threats arising from quantum computing will target various sectors such as Finance and Healthcare owing to the monetary benefits majorly which can easily be derived from cryptographic vulnerabilities.
    Majority of the cryptographic hashes (such as SHA2, SHA3, BLAKE2), MAC algorithms (such as HMAC and CMAK), key-derivation functions (bcrypt, Scrypt, Argon2) are basically quantum-safe and are slightly affected by quantum computing. Symmetric ciphers such as AES-256, Twofish-256 are also considered to be quantum-safe. In this case the recommended key length is 256-bits or more.
    However, widely used public-key cryptosystem which includes RSA, DSA, ECDSA, EdDSA, DHKE, ECDH, ElGamal are quantum-broken.

    Following table compares the effective key strength of some popularly used cryptographic algorithms in classical and quantum-computers.

    Algorithm Key Length Effective key strength
    Classical computer Quantum computer
    RSA-1024 1024-bits 80-bits 0-bits
    RSA-2048 2048-bits 112-bits 0-bits
    ECC-256 256-bits 128-bits 0-bits
    ECC-384 384-bits 256-bits 0-bits
    AES-128 128-bits 128-bits 64-bits
    AES-256 256-bits 256-bits 128-bits

    Progress in Quantum-safe cryptography

    The possibility of a single quantum-safe algorithm suitable for all applications is quite unlikely. Many algorithms have been proposed till date but there is a large variation observed in the performance characteristics when compared with conventional public key cryptography as quantum safe algorithms use a larger key size therefore require a higher network bandwidth.
    The National Institute of Standards and Technology (NIST) has started a process to standardise quantum-safe algorithms for key agreement and digital signatures. Since 2016, the institute has been working on creating quantum-safe algorithms capable of resisting threats posed by the quantum computers. The field of candidate algorithms has been narrowed down and draft standards are expected to roll out in 2022-24.

    Migration to quantum-safe cryptography

    Transitioning to new cryptography is complicated and will take a significant amount of time and money. Fortunately, organisations have some time before quantum-computers are implemented on a large scale. As per NCSC, ‘Organisations that manage their own cryptographic infrastructure should factor quantum-safe transition into their long-term plans and conduct investigatory work to identify which of their systems will be high priority for transition. Priority systems could be those that process sensitive personal data, or the parts of the public-key infrastructure that have certificate expiry dates far into the future and would be hardest to replace.’
    Here, crypto-agility might play a key role for organisations in transiting to quantum-safe cryptography as it the ability of a security system to switch between algorithms and cryptographic primitives without impacting the rest of the infrastructure. It is important for corporate leaders to start planning now for a smooth transition to a quantum-resistant security.


    We must recognise that quantum computing indeed poses a serious threat to conventional information security systems. Organisations are recommended to plan a robust and secure transition to quantum-safe cryptography to mitigate any quantum threats. It is advisable to follow security best practices until NIST quantum-safe standards are available.

    Want to learn from HSM Experts

    We train some of the biggest names in the industry through virtual & Live Classes

    Get a Free Quote for your HSM training

    Free Downloads for Encryption consulting services