In a recent post I talked briefly about cryptography. This time, I want to take a deeper dive into what cryptography really is — and why quantum computers might break the systems we currently rely on. If that happens, it’s not just a nerdy problem: it could impact the core of cybersecurity — confidentiality, integrity, and availability (the CIA triad).
What Is Quantum Computing?
Maybe you’ve heard the term quantum computers tossed around. In case you haven’t: where traditional computers use bits (0s and 1s), quantum computers use qubits — based on quantum particles. These can be in a state of superposition, meaning not just 0 or 1, but somewhere in between.
Because of this, quantum computers can perform certain types of calculations way faster than traditional ones. That doesn’t mean they’re better at everything, but for specific math problems (like factoring large primes), they have a massive advantage.
At the time of writing, quantum computers aren’t yet powerful enough to break modern cryptography. But once we reach what’s called a Cryptographically Relevant Quantum Computer (CRQC), that could change fast.
🧩 What Is Quantum-Safe Cryptography?
Quantum-safe (or post-quantum) cryptography is about designing algorithms that are secure even against quantum attacks. To understand that, let’s quickly go over the main types of cryptography we use today:
- Symmetric cryptography: Uses the same key to encrypt and decrypt data. Also used for signing and verifying. Examples: AES, 3DES, ChaCha20
- Asymmetric cryptography: Uses a public key and a private key. Examples: RSA, ECDSA, Diffie-Hellman
- Hashing: No key involved — it converts data into a unique hash. Some examples are: MD5, SHA-256, SHA-512, SHA-1
Where Quantum Computing Hits Hard
- Symmetric: Quantum computers using Grover’s algorithm can reduce brute-force time by half. So a 128-bit key that would take 2^128 guesses now only takes 2^64.
- Solution: Start doubleling the key lengths, for isntance a 128-bit key normaly takes 2^128 tries to crack, Grover’s algorithm halfs this to 2^64.
- Asymmetric: More critical. Shor’s algorithm can break RSA and ECC by factoring large numbers or solving discrete logs — fast.
- Solution: For now the only solution is to implent a new algorithm. This will introduce new type of keys that are safe against the quantumcomputers.
- Hashing: Hash functions like SHA-256 are still relatively safe. No major quantum-breaking attack exists for them yet. But it’s good to watch developments here too.
🚀 What’s Next? New Algorithms
NIST launched a standardization project for post-quantum cryptography in 2016. In 2022, they announced the first selected algorithms:
- CRYSTALS-Kyber (key exchange)
- CRYSTALS-Dilithium (digital signatures)
- Others in the pipeline: Falcon, SPHINCS+, BIKE (still under review)
- Digital signatures: ML-DSA (FIPS 204), SLH-DSA (FIPS 205), FN-DSA (FIPS, in development)
🔄 Cryptoagility: Be ready to switch
One important concept is cryptoagility — the ability of a system to switch cryptographic algorithms easily when needed. Instead of hardcoding a specific algorithm, systems should be designed to allow switching with minimal effort. This is key as quantum-safe algorithms evolve and mature.
Cryptoagility helps protect you from:
- New vulnerabilities discovered later
- Deprecation of current standards
- Needing to replace everything last-minute
Starting now means you avoid a panic later.
Real-World Challenges
Migrating to post-quantum crypto isn’t just a software update:
- Larger key sizes = more bandwidth/storage
- Slower performance in some cases
- Hardware upgrades may be needed
- Supply chains must update too
- “Store now, decrypt later” means past data might be at risk if stolen now 🕵️
A smart move? Start using hybrid cryptography — combining traditional and quantum-safe methods to ease the transition.
✍️ Final thoughts
Not everything on this blog needs to be about hacking. A big part of my cybersecurity journey is also about gaining a better understanding of potential future risks. Learning about quantum computers and the threat they might pose helps me understand how critical infrastructure works — and where its weak points may lie. Even if it takes years, preparing now makes you part of the wave instead of scrambling behind it. Secure the future, not just the present.