Crypto-agility and post-quantum cryptography explained

Today's public key cryptography will be broken by tomorrow's quantum computers. Now what?

Rendering of a quantum computer

PQC Defined

Future-proof encryption ready for the next ten years

Post-quantum cryptography (PQC) refers to cryptographic algorithms that are believed to be safe from attacks by both today's classic computers and tomorrow's quantum computers.

Why care?

Quantum computers will destroy the internet if we don't prepare

The algorithms that sufficiently powerful quantum computers are capable of running can factor large integers and solve discrete logarithms efficiently. These are the hard problems that underlie the security we rely on in present-day public-key cryptography such as RSA and Elliptic Curve Cryptography.

In other words, quantum computers will break the security of the internet.

Anyone with a sufficiently powerful quantum computer will be able to rip the “s” off 🔓 https. At that point, every online transaction, login, banking interaction, communication, etc., will be compromised.


Quantum 101

Quantum computers explained


Quantum computers, first theorized about some 30 years ago, are now real. These computers utilize quantum mechanics at the level of photons or particles to perform calculations.

At the quantum level, these computers can utilize a property called superposition, where a piece of data can be a zero, a one, or a probabilistic overlay of both at the same time.

Quantum algorithms can leverage this property to efficiently solve hard problems that classic computers would take untold years to finish.

Quantum computers aren’t built with standard circuits and silicon, but how they’re built varies widely. One might leverage polarized photons to store state. Another might use molecular magnets, trapped ions, or superconductors. There are more than a dozen different approaches in use across existing proof-of-concept quantum computers.


All quantum computers suffer two fundamental problems: noise and scale.

Noise: the measurements being taken of spin, orientation, magnetic pole, etc., are at such a microscopic level that they can be disrupted by anything from temperature changes to vibrations, which can introduce errors.

Scale: while it’s possible to measure and manage a single photon on an individual level, it’s extremely difficult to manage billions of them. Making quantum computers more powerful means scaling them up in ways that are exceptionally challenging.


For now, quantum computers are giant things built by governments, large corporations, and universities and stored in rooms deep underground. It’ll be decades before they become a Christmas list item, if they ever do. Long before that happens, they’ll be a threat to our encryption standards.

Nostradamus predicts...

Quantum computers are close to being practical

As far as we know, quantum computers are not powerful enough today to outperform our existing classic computers. And they’re unable to break our public key cryptography. They’re real, but they remain weak and temperamental.

However, the pace of advancement is rapid, and there are numerous signals that governments may secretly be further along than we in the public know.

In the U.S., the White House has issued a National Security Memorandum instructing federal agencies to modernize the encryption protocols used on national security systems to defend against quantum computers. At the same time, the National Institute of Standards and Technology (NIST) is holding a Post-Quantum Cryptography (PQC) competition to select algorithms to replace those threatened by quantum computers.

Experts across the field are predicting that the breakthrough will come within the next ten years.

What's next?

Best practices have been static for 20 years, but that's about to change.

The algorithms we used in 2001 are the same ones we’re using today with only a few minor changes (goodbye MD5, hello SHA-3) and tweaks to key sizes. That won’t be the case for much longer.

When the PQC competition concludes, we’ll be caught between the tried-and-trusted algorithms that we use today and new algorithms that have not been scrutinized and attacked as long. There’s a lot of risk with these new standards as we saw when one of the finalists was broken by a classical computer.

This will lead to debate over new best practices, with some folks waiting, others embracing the new, and some working on hybrid schemes that come with their own tradeoffs.

Regardless, best practices around cryptography will evolve and change frequently over the next decade. That’s where crypto-agility comes in.

What is crypto-agility?

Crypto-agility is the ability to change your cryptographic choices without large projects

A crypto-agile organization does not have code or infrastructure that is tightly coupled to specific cryptographic algorithms and related choices like key sizes. Instead, code and infrastructure leverage tools that abstract away those decisions and allow them to be made via configuration and to be updated and changed over time.

In practice

Start migrating to crypto-agility now, as the problem is bigger than you think.

Experts are predicting Y2K levels of remediation once the inflection point is reached, but quantum computers aren’t the only possible trigger.

It has long been possible that a cryptanalytic breakthrough would render one of our trusted algorithms broken. It’s happened before with MD5 (a foundational building block in many algorithms), with DES, and even with the evolution of key sizes as computers get exponentially more powerful and new techniques reduce the number of cycles required to break smaller keys.

While it sounds easy, it can be extremely difficult to get the proper tools in place that allow you to adjust. Our SaaS Shield product is one way to make this easier. We abstract away your reliance on specific key management servers, algorithms, key sizes, etc., and we allow these to rotate at any time with simple configuration changes.

Talk to us to learn more.

Schedule a Consultation