Post-Quantum Cryptography: CRYSTALS-Kyber and Dilithium

Current public-key cryptography — RSA, ECC, and Diffie-Hellman — relies on mathematical problems that are computationally infeasible for classical computers. RSA's security rests on the difficulty of factoring large integers; ECC's security rests on the elliptic curve discrete logarithm problem. A sufficiently powerful quantum computer running Shor's algorithm can solve both problems in polynomial time, effectively breaking all widely deployed public-key cryptography. While such a quantum computer does not exist today, the threat is taken seriously enough that NIST began standardizing quantum-resistant alternatives in 2016.

Nation-state adversaries may be collecting encrypted internet traffic today with the intention of decrypting it once quantum computers become available — a strategy called 'harvest now, decrypt later' or SNDL (Store Now, Decrypt Later). Data with long-term sensitivity (classified government secrets, financial records, medical data) is at particular risk because it may still be sensitive when quantum computers arrive. This is why organizations are urged to migrate to post-quantum cryptography (PQC) before quantum computers exist, not after, since the transition is complex and time-consuming.