Post-Quantum
Quantum computers are getting alot of attention right now in newspapers, on social media, and across various platforms, particularly due to concerns about their potential impact on security and traditional cryptography. However, there remains considerable uncertainty about the timeline for developing a fully functional, general-purpose quantum computer. Even greater uncertainty surrounds when quantum computers might be capable of breaking widely used cryptographic systems like RSA or ECDSA—the backbone of today's enterprise security landscape.Despite this uncertainty, now is an opportune time to begin planning and preparing to mitigate the potential impact of quantum computers, should they become a reality. A robust public key infrastructure must be agile enough to adapt swiftly to changes in the security landscape, as unexpected breakthroughs could emerge. One immediate threat to consider is the "harvest now, decrypt later" attack vector, where adversaries collect vast amounts of encrypted data today with the intent to decrypt it in the future using a quantum computer.
For several years, the National Institute of Standards and Technology (NIST) evaluated 82 initial submissions for post-quantum safe cryptography standards through multiple rounds, assessing them based on security, performance, and implementation feasibility. In 2024, NIST finalized and released its first three post-quantum encryption standards:
- FIPS 203 - Primary standard for general encryption, using ML-KEM (CRYSTALS-Kyber).
- FIPS 204 - Primary standard for digital signatures, using ML-DSA (CRYSTALS-Dilithium).
- FIPS 205 - Secondary standard for digital signatures, using SLH-DSA (Sphincs+).
Below is a table of the different key sizes for the three post-quantum encryption standards, along with classical RSA and ECDSA as a point of reference (Generated using Bouncy Castle PQC Java Provider 1.80):
| Algorithm | Public Key Size (bytes) | Private Key Size (bytes) |
|---|---|---|
| ML-KEM-512 (Kyber-512) | 822 | 1,632 |
| ML-KEM-768 (Kyber-768) | 1,206 | 2,400 |
| ML-KEM-1024 (Kyber-1024) | 1,590 | 3,168 |
| ML-DSA-44 (Dilithium-2) | 1,336 | 2,560 |
| ML-DSA-65 (Dilithium-3) | 1,976 | 4,032 |
| ML-DSA-87 (Dilithium-5) | 2,616 | 4,896 |
| SLH-DSA-SHA2-128f (Sphincs+ SHA256-128f) | 47 | 118 |
| SLH-DSA-SHA2-192f (Sphincs+ SHA256-192f) | 63 | 167 |
| SLH-DSA-SHA2-256f (Sphincs+ SHA256-256f) | 79 | 217 |
| RSA-2048 | 294 | 1,216 |
| RSA-4096 | 550 | 2,375 |
| ECDSA secp256r1 (P-256) | 91 | 67 |
| ECDSA secp384r1 (P-384) | 120 | 80 |
We closely monitor advancements in quantum computing, and our current key takeaways are:
- Prioritize crypto-agility — be ready to adapt quickly.
- Ensure initial certificate enrollment is secure and aim for fully automated renewal processes.
- Begin evaluating post-quantum-safe algorithms and their integration into your security framework.
- Consider adopting post-quantum-safe algorithms for data intended for long-term storage.