- Quantum computers threaten classical schemes such as RSA and ECC, driving the adoption of post-quantum cryptography standards led by NIST.
- The FIPS 203, 204 and 205 standards, along with the future FIPS 206, are based on Kyber, Dilithium, SPHINCS+ and FALCON for encryption and digital signatures resistant to quantum attacks.
- Migrating to PQC requires cryptographic inventory, crypto agility, and pilot projects, supported by specialized consulting and real-world cases such as post-quantum encrypted mail.
- Companies, governments, and technology providers must begin the transition now to prevent the "harvest now, decrypt later" tactic from compromising sensitive data in the long term.
The arrival of quantum computers is no longer science fiction: giant strides are being made every year, and when they reach the so-called quantum computers, they will be ready for the next stage. cryptographic relevanceMany of the security systems we use daily will become obsolete. This will affect everything from email and online banking to critical infrastructure and government systems.
The problem is that classic schemes like RSA and ECCThe systems that have protected our communications for decades are not prepared to withstand attacks from a powerful quantum computer. That's why the U.S. National Institute of Standards and Technology (NIST) has taken a key step: the publication of the first standards for post-quantum cryptography, based on algorithms such as Ascon, Kyber, Dilithium, FALCON and SPHINCS+, which will be the basis of the encryption of the future.
Why quantum computing challenges current encryption
Modern public-key cryptography relies on mathematical problems that are very difficult for a classic computer to solvebut relatively simple for a quantum computer with sufficient capacity and error correction. This is the case with the factorization of large numbers in RSA or the discrete logarithm problem in ECC.
In practice, a classic attacker cannot, in a reasonable amount of time, factor a 2048-bit RSA key or break the security of standard elliptic curves. However, quantum algorithms, such as the famous Shor algorithm, allow us to exploit the power of quantum computing to break down these problems in a time that makes a massive attack viable.
Currently, quantum computers only outperform classical computers in very specific tasks and with many limitations. But the industry already has clear roadmapsFor example, IBM plans a first error-correcting quantum system around 2029, capable of performing hundreds of millions of quantum operations, and anticipates exceeding one billion quantum operations by 2033, and other signs such as advances in quantum computing in China.
When those machines achieve cryptographic relevance, they will be able to break the most commonly used encryption algorithms today, such as RSA or certain elliptic curve schemes, jeopardizing historical, present, and future data. And here another serious problem arises: the criminals' tactic known as "harvest now, decrypt later."
The "harvest now, decipher later" strategy
Instead of trying to break robust encryption today, many attackers are focusing on steal and store encrypted data that will still be valuable in 10, 15 or 20 years: medical records, trade secrets, government or financial information, etc.
Their strategy is simple: when they have sufficiently powerful quantum computers, they will be able to decipher that historical informationEven though the encryption at that moment is considered secure against traditional attacks, that window of opportunity between theft and decryption is what makes it so urgent to begin migrating to post-quantum algorithms now, and not when the problem is already upon us.
Furthermore, the replacement of classical cryptography with post-quantum schemes will not be immediate. It will require replace protocols, libraries, hardwarecertificates and legacy systems on millions of devices and services: web servers, VPNmail systems, IoT, corporate PKIs, government infrastructures, etc.
The role of NIST and the birth of new post-quantum standards
Aware of the threat, NIST launched a global call in 2016 for cryptography experts to propose new public-key algorithms resistant to quantum attacks69 proposals were received for different use cases, which were subjected to several rounds of public evaluation.
In 2022, after an intensive screening process, NIST selected a first group of finalist algorithms: CRYSTALS-Kyber for encryption and key encapsulation, and three digital signature algorithms: CRYSTALS-Dilithium, FALCON and SPHINCS+Since then, these schemes have been subject to continuous scrutiny by the scientific community.
The result of that work is the publication of the world's first post-quantum cryptography standards: FIPS 203, 204, and 205, along with a future FIPS 206. These documents establish the formal specifications of the algorithms that will be used to secure communications and identity authentication in the post-quantum era.
The FIPS 203, 204, 205 standards and the upcoming 206
NIST has concluded for now three post-quantum norms, with a fourth one underway, each focused on a specific use case and based on different families of algorithms to diversify risk:
The standard FIPS 203 ML-KEM is defined as a key encapsulation mechanism derived from the CRYSTALS-Kyber algorithm. It is a scheme of encryption based on modular lattices (module-lattice) providing post-quantum securityreasonable key sizes and good performance, making it the top candidate for general encryption and key establishment on the Internet.
For its part, FIPS 204 ML-DSA is specified as an evolution of the CRYSTALS-Dilithium algorithm. It is a scheme of digital signature also based on gridsDesigned to be the primary standard for signing software, documents, or messages, it offers significantly faster verification speeds than many traditional algorithms in exchange for slightly larger keys and signatures, which is crucial for high-volume validation infrastructures.
The standard FIPS 205 SLH-DSA is included, which is based on the SPHINCS+ family. It is a scheme of stateless digital signature, based on hash functionsIts great advantage is that it is based on a mathematical foundation different from that of grids, which makes it a valuable backup alternative if at any point a theoretical weakness is discovered in grid-based schemes.
In addition, NIST has announced that it is working on a fourth standard, FIPS 206, based on the FALCON algorithm (FN-DSA). This scheme of digital signature based on NTRU and Fast Fourier Transform It stands out for producing very compact signatures, making it especially interesting for devices with bandwidth limitations or storage.
Ascon and his role in modern cryptography
Although the media spotlight has been on Kyber, Dilithium, FALCON and SPHINCS+, the post-quantum ecosystem also includes algorithms such as Ascon, selected by NIST in another process as a lightweight cryptography standard for resource-constrained environments.
Ascon is designed for Encrypt and authenticate data on IoT devices, sensors, and embedded systems and other environments where computing power and energy consumption are very low. It's not a post-quantum public-key scheme like Kyber or Dilithium, but a lightweight symmetric algorithm, yet it's part of the same movement: adapting cryptography to current and future security challenges, including the quantum era.
IBM and industry: key drivers of post-quantum algorithms
Many of the algorithms standardized by NIST come from projects in which IBM has played a leading roleML-KEM (Kyber) and ML-DSA (Dilithium) were developed in collaboration with industry and academic partners. ML-KEM (Kyber) and ML-DSA (Dilithium) were developed by teams that included IBM researchers, and SPHINCS+ was co-developed by an expert who later joined the company.
The FALCON algorithm (FN-DSA), selected to be the future fourth post-quantum standard, also comes from a team with IBM participation. This involvement is not merely theoretical: the company is integrating the Post-quantum cryptography in real-world products such as IBM z16, IBM Cloud and other infrastructure and consulting services.
IBM has also defined a roadmap called IBM Quantum Safe, which structures the transition to quantum security in three phases: discovery (identifying and mapping cryptographic assets), observation (monitoring and assessing risks) and transformation (migrating to post-quantum algorithms and strengthening cryptographic governance).
Within that strategy, it has introduced the concept of Cryptography Bill of Materials (CBOM)A cryptographic bill of materials (BOM) is a kind of document outlining the algorithms, parameters, libraries, and keys used by a system or software. This transparency is vital for managing migration and maintaining regulatory compliance in an environment where algorithms are frequently updated.
Global impact of new algorithms: governments, companies and browsers
The publication of these standards by NIST marks a turning point for the ciberseguridad. Hereinafter, governments, large companies, browsers and Certification Authorities (CAs) They have clear references on which algorithms they should adopt to prepare for quantum computers.
The new schemes are designed to protect both data that travels over public networks (for example, when we connect to a website or use an API) and digital signatures that authenticate identities and softwareThis includes TLS certificates, update signatures, code signatures, IoT device certificates, server identities, and much more.
However, it's not all good news. Currently, many CAs still do not have compatible hardware security modules (HSMs) With these new algorithms, and frameworks like the CA/B Forum (which regulates web certificates) are still working on how to integrate post-quantum cryptography in an orderly way.
This implies that there will be a long transition period in which both will coexist. classical and post-quantum algorithmsas well as hybrid certificates, dual-layer negotiation protocols, and bridging solutions. Coordination among manufacturers, software vendors, browsers, and regulatory bodies will be key to preventing unexpected vulnerabilities.
How post-quantum cryptography is being tested in real-world cases
Beyond the laboratories, some organizations have already begun experimenting with integrating these algorithms into production or pre-production services. One striking example is the encrypted email provider. Tutanota, who has developed a prototype email encryption system using CRYSTALS-Kyber and CRYSTALS-Dilithium.
Within the framework of the research project PQMailIn a joint study conducted with the L3S research institute at Leibniz University Hannover, the second-round NIST candidate algorithms were evaluated for security, resource consumption, and performance. Following the tests, the CRYSTALS family was selected, which demonstrated better balance between key/signature size and speed, maintaining a level of security equivalent to at least 128 classic bits.
Tutanota's plan is to implement a new post-quantum encryption protocol that it is applied transparently: users would not have to do anything, as the system would automatically migrate to the new algorithms, encrypting emails, contacts and calendars with schemes resistant to quantum attacks.
These types of projects demonstrate that post-quantum cryptography is not just an academic theory, but a technology that is already being integrated into real services, anticipating risks and validating the performance of these algorithms in practice.
Post-quantum cryptography (PQC) migration strategy
For many organizations, the question is no longer whether they should prepare for a post-quantum world, but how to address migration in an orderly mannerThere is no single recipe, but there are key steps that are repeated in all serious methodologies.
The first fundamental element is to build a crypto inventory or CBOM As comprehensively as possible: identify which algorithms, key sizes, protocols, certificates, and libraries are used in each system, application, and service. Without this comprehensive overview, planning a smooth transition is virtually impossible.
Once the environment has been mapped, it's time to... detect legacy systems that do not easily support new algorithms (due to hardware, firmware, outdated software, etc.). These systems will have to be updated, replaced, or encapsulated with intermediate solutions that allow the introduction of post-quantum cryptography without disrupting operations.
Another key step is prioritize the most critical assets and data (the “crown jewels”): highly sensitive information, mission-critical services, core components of the digital identity infrastructure, etc. These are the priority candidates for migration to post-quantum algorithms.
Next, you need to select which one PQC algorithms are the most suitable for each use case (e.g., Kyber for key establishment, Dilithium or FALCON for signatures, SPHINCS+ as an alternative) and set up lab or pilot environments to test their real-world behavior on the existing infrastructure.
Finally, the organization must deploy, monitor, and adjust the implementation, always maintaining a cryptoagility stance: ability to change algorithm, key size or signature scheme without having to redo the entire security architecture from scratch.
Consulting in encryption and quantum preparation
Due to the technical and organizational complexity of this change, specialized services have emerged consulting in post-quantum cryptography, offered by both large technology companies and expert firms in security and encryption.
These consulting firms usually start with a quantum threat assessment: analysis of the current state of the company's cryptographic infrastructure, review of key management policies, identification of gaps against security standards and regulations, and assessment of possible attack scenarios in a context with operational quantum computers.
They also help to design a quantum readiness roadmapThis defines the phases, priorities, pilot projects, timelines, and resources needed to migrate to post-quantum algorithms without disrupting business operations. In many cases, this involves combining technical changes (new algorithms, new HSMs, new libraries) with governance changes (policies, procedures, training).
Another essential building block is the development of the crypto agility within the organization. This includes choosing architectures and tools that allow for quick changes of CA, certificate type, or signing algorithm, automating the management of the key and certificate lifecycle, and maintaining ongoing compliance with industry standards.
Furthermore, these consulting firms typically work in the supplier evaluation and proof of concept (POC)They compare market solutions, map them against customer use cases, design test scenarios, and document results, facilitating informed decisions about which technologies to adopt.
At the same time, they help companies to keep up with the latest developments from NIST and other organizations, interpreting how new cryptographic standards, recommendations, and discoveries affect their specific environment, and adjusting the strategy when necessary.
Challenges and opportunities in the transition to a post-quantum world
The process that is now beginning is not without risks. Migrating on a large scale from widely tested algorithms like RSA to newer schemes involves technical, organizational and compliance challengesThere will be bugs, incompatibilities, borderline cases, and surprises.
For example, not all current IoT devices will be able to handle keys and largest signatures without impacting memory, processing time, or battery life. In other cases, critical systems with very old hardware could become locked if the transition strategy is not properly designed.
Furthermore, the prolonged coexistence of classical and post-quantum algorithms opens the door to poorly designed hybrid configurations where security is degraded to vulnerable schemes, either due to implementation error or misunderstanding of the protocols.
However, this transition is also an opportunity to modernize and streamline the cryptographic infrastructure Many organizations need to document what is currently "in the shadows," automate key and certificate management, and raise the overall level of security.
At the heart of it all are the new algorithms: Ascon, Kyber, Dilithium, FALCON, and SPHINCS+ are part of an evolving ecosystem that seeks to ensure that, when quantum computers achieve cryptographic relevance, our communications, data and identities remain protectedStarting to prepare now is not an exaggerated option, but a realistic way to get ahead of a technological change that, sooner or later, will arrive.
Passionate writer about the world of bytes and technology in general. I love sharing my knowledge through writing, and that's what I'll do on this blog, show you all the most interesting things about gadgets, software, hardware, tech trends, and more. My goal is to help you navigate the digital world in a simple and entertaining way.