Post-quantum cryptography (PQC) is a set of cryptographic algorithms that are designed to resist attack by quantum computers, which will be much more powerful than classical computers.
After reading this article you will be able to:
Copy article link
Post-quantum cryptography (PQC) refers to cryptographic algorithms designed to be secure against an attack by a powerful quantum computer. Although large-scale quantum computers are still in development, "harvest now, decrypt later" (HNDL) threats mean that organizations must start planning for a quantum-safe future today.
PQC aims to ensure confidential data remains secure even when extremely powerful quantum computers make current encryption methods obsolete. If encryption is like putting private information in a bank vault, then PQC is like a stronger door for the bank vault, a door that remains locked even when bank robbers have access to more advanced tools.
The U.S. National Institute of Standards and Technology (NIST) has finalized its initial set of post-quantum cryptographic standards:
Additional algorithms are under development as researchers continue to work on creating cryptographic methods that will remain secure well into the future.
Outdated encryption protocols like TLS 1.1 and TLS 1.2 do not use PQC algorithms for their digital signatures and key exchanges, potentially putting data at risk.
Today, encryption is widely used to protect information from those who should not have access to it. Basically, encryption scrambles data so that it is unreadable except by parties that have the key for unscrambling it. Encryption can protect digital data both in transit, as it moves from one place to another, and at rest, when it is stored on a hard disk. But quantum computers, once operational, could undo many widely deployed encryption methods.
Just as modern encryption protects data in transit and at rest from classical computing attacks, post-quantum cryptography ensures that when future quantum computers gain the ability to break current encryption standards (e.g., RSA, Elliptic Curve), sensitive data will remain secure. PQC is therefore essential for shielding data from malicious parties, for complying with future data regulations, and for safeguarding online data privacy protections like TLS.
Most modern encryption — including RSA and Elliptic Curve Cryptography (ECC) — relies on mathematical problems that are believed to be extraordinarily hard for classical computers to solve, like factoring large integers or computing discrete logarithms. However, by harnessing quantum phenomena like superposition and entanglement, quantum computers can run algorithms that factor large integers exponentially faster than classical computers. They will be able to solve problems that classical computers, practically speaking, cannot.
Even if quantum hardware is not yet advanced enough to do so, adversaries can record encrypted traffic now and decrypt it later when quantum technology improves. This is often referred to as harvest now, decrypt later, or HNDL.
Quantum timeline: Experts predict that cryptographically relevant quantum computers (CRQC) — those capable of breaking current public-key algorithms — may only be 10-15 years away, though research breakthroughs could accelerate this. Implementing PQC in every system could take almost this long.
Long-term data sensitivity: Encrypted communications captured now can be stored until quantum decryption is possible. For organizations needing multi-decade confidentiality (e.g., financial institutions, governments), waiting until quantum computers exist would be too late. An example that affects everyone is the prospect of every password ever used becoming fully visible. And then consider how few people regularly change their passwords.
Regulatory compliance: Various governments and standards bodies are rolling out guidelines, encouraging quantum readiness by as early as 2025-2026 for some agencies. For instance, the US government issued an executive order in January 2025 requiring federal agencies to begin preparing for PQC.
A key exchange is how two parties (e.g., a website and a web browser) agree on a shared secret key for encrypting their communication. Post-quantum key exchanges are built on quantum-resistant problems that quantum computers (and classical computers) are not expected to solve in a feasible amount of time. This ensures session confidentiality so that if passive attackers intercept the data, they cannot decrypt it later — even with quantum capabilities.
ML-KEM is an NIST-approved post-quantum cryptography algorithm that uses a post-quantum key exchange. (Diffie-Hellman is not a post-quantum key exchange.)
Digital certificates (e.g., X.509 or SSL certificates) verify who you are connecting to, preventing impersonation or tampering. Post-quantum certificates use quantum-safe signature algorithms (like ML-DSA/Dilithium, SLH-DSA/SPHINCS+). This helps ensure that the parties in a digital connection are authenticated, and that data integrity is not violated.
Currently, post-quantum certificates are much larger in size than typical certificates, causing performance or compatibility issues with some network devices. Organizations and browsers often focus on post-quantum key exchange first, planning to introduce post-quantum certificates as the technology matures and standards stabilize.
This tactic involves intercepting and recording encrypted traffic today for future decryption once a quantum computer can break existing cryptographic algorithms. While large quantum computers do not yet exist, the interception of high-value data is happening now. This data can also impact authentication, as it could contain tokens and passwords.
Post-quantum algorithms can produce larger handshake messages, which may:
Modernized networks and cloud-based optimizations (such as large numbers of distributed points of presence) can help reduce or nearly eliminate these challenges in real-world usage.
To summarize, Cloudflare already deploys post-quantum cryptography at scale and can help any organization transition smoothly. Get in touch with Cloudflare to learn how to safeguard infrastructure against quantum attacks — before they become reality.
Or, learn more about Cloudflare's latest efforts to prepare for quantum computing's threat to encryption methods on the Cloudflare blog.