5.7 POST-QUANTUM CRYPTOGRAPHY
The security of almost all modern cryptographic systems—both symmetric and asymmetric—relies on the computational difficulty of certain mathematical problems. Symmetric systems such as AES depend on the infeasibility of exhaustive key search, while asymmetric systems such as RSA and Diffie–Hellman rely on the difficulty of integer factorization or discrete-logarithm problems. However, the development of quantum computers threatens these assumptions, completing in minutes calculations that take years on classical machines.
Quantum computers operate on qubits that can represent superpositions of 0 and 1 simultaneously, enabling certain algorithms to achieve exponential or quadratic speed-ups compared to classical machines. Two theoretical quantum algorithms are of particular importance in cryptography: Shor’s algorithm, which efficiently factors large integers and computes discrete logarithms, and Grover’s algorithm, which provides a quadratic speed-up for brute-force key search. The former directly compromises public-key algorithms such as RSA, Diffie–Hellman, and elliptic-curve cryptography; the latter reduces the effective security of an n-bit symmetric key to approximately n/2 bits, because a quantum adversary can search the keyspace in roughly operations rather than .
To ensure long-term security (on the assumption that quantum computing may pose a cryptographic threat by 2030–2035), researchers have developed a new generation of cryptographic systems known collectively as post-quantum or quantum-resistant algorithms. These schemes are designed to remain secure even against an adversary equipped with a large-scale quantum computer, while remaining compatible with existing digital-communications infrastructures.
Back to reading