The Risks of Post-Quantum Cryptography in a Quantum Future

In the world of quantum, one of the most talked-about topics is undoubtedly quantum-resistant algorithms. Also known as Post-Quantum Cryptography (PQC), these algorithms are based on mathematically complex problems that assure the confidentiality, integrity, and authentication of transmissions, even against future quantum computers. In theory. The National Institute of Standards and Technology (NIST) has initiated a process to standardize one or more PQC algorithms, to develop a cryptographic system that is secure against both quantum and classical computers.

These efforts notwithstanding, Quantropi believes that PQC algorithms alone won’t be enough to fully protect the world’s networks and data from the fast-approaching quantum threat.

Here’s why.

Security Challenges in Post-Quantum Cryptography

PKI (Public Key Infrastructure) and PQC do not claim to be unbreakable, they are intractable. Classical PKI relies on math puzzles that take classical computers a very long time to solve; so long that the encrypted information would be useless by the time it is broken (we’re talking billions of years). Quantum computers can solve the math problems currently used by PKI in seconds.

PQC takes the PKI approach by extending intractability to cover quantum computers using math puzzles that cannot be broken by two known quantum algorithms: Shor's and Grover's). The challenge is there may be new quantum algorithms and processes that will break even PQC math puzzles (which were only designed to resist Shor's and Grover's algorithms). But you cannot design PQC to resist yet-to-be discovered algorithms and processes… so it becomes a game of cat and mouse which will quickly become very expensive and would require increased computational and power capacity. The result, a never-ending arms race between Crypto math puzzles and quantum computers. While the digital economy would not be totally defenseless with PQC, stakeholders would never know when it was broken (and they would always have to be looking).

One recent paper Two quantum Ising algorithms for the Shortest Vector Problem: one for now and one for later supports this view. It describes a new adiabatic quantum process and Ising algorithm that can solve the Shortest Vector Problem (SVP) and break the security of seemingly “quantum-intractable” Post-Quantum Cryptography. SVP is a complex mathematical problem that is the foundation for many PQC algorithms. These algorithms were developed to resist Shore’s and Grover’s algorithms and extend intractability from classic PKI to quantum computers. Lattice crypto is one such at-risk algorithm family that, ironically enough, is a top contender for NIST certification.

At Quantropi, we believe that the only way to counter quantum is with quantum. For example, our proprietary Quantum Entropy Expansion and Propagation (QEEP) solution provides a new, innovative alternative for securing data against the quantum threat. QEEP™ achieves key distribution in perfect secrecy so you never have to worry that your keys will be broken somewhere down the road. No mathematical weaknesses, only unbreakable quantum – that’s QEEP.

Post-Quantum Cryptography and the Issues with Crypto Agility

PQC supporters argue they can address the above challenges by adopting “crypto agile” solutions, i.e. switch between Post-Quantum Cryptography families if one is suddenly broken. Sure, crypto agility sounds great, but even this approach has fundamental problems. One is the lack of forward secrecy. Bad actors are constantly intercepting and storing encrypted communications today and decrypting them later. Thus, even if lattice-based Post-Quantum Cryptography is used to send some sensitive information, if it gets intercepted (and stored) today, it won’t matter whether or not you change to another crypto tomorrow. It will be too late. Once a quantum computer becomes commercially available, the intercepted information can be decrypted.

Another issue is that currently, we have very little insight into quantum algorithms and what’s possible in the future. We’re now closer than we’ve ever been to seeing commercially available quantum computers, and practitioners are looking for practical new algorithms. This future quantum computer will compute/operate in a high-dimensional space, but our current efforts to defend our systems and data with PQC happen in lower dimensions. This is the core problem. Moreover, lattice-based Post-Quantum Cryptography has already been broken, and as the SVP paper shows, other algorithms may soon be discovered that could break the current security claims of PQC.

In short, Crypto agility has its merits, however, in cases where information is highly sensitive or needs to remain secret for longer periods of time, more weight is put on the requirement of forward secrecy.

In short, crypto agility is not a solution, and it never will be.

Fighting Quantum with Quantum: Quantum Entropy Expansion and Propagation aka QEEP

Unlike PQC, Quantum Entropy Expansion and Propagation™ (QEEP) provides guaranteed unbreakable security and perfect secrecy in key distribution over any distance. QEEP™ derives its security from the uncertainty principle, not from mathematical puzzles. And it can work on today’s Internet infrastructure which provides a cost-effective and straightforward upgrade path to quantum security. While the debates around PQC’s real-world applicability continue to rage on, QEEP™ already provides a high-entropy, high-speed, and affordable solution against tomorrow’s quantum threats today.

For technical details, check out our white paper: Quantum Entropy Expansion and Propagation Overview.

Leave a Reply

Your email address will not be published. Required fields are marked *

Our Channels


Follow Us


News, updates, and our take on quantum communications and the quantum threat.

Related Posts

1545 Carling Ave, Suite 620

Ottawa, Canada