Introducing the 2024 PKI & Digital Trust Report     | Download the Report

Post-Quantum Cryptography: A Primer

There’s a lot of pressure (and noise) for businesses to get “quantum ready.” But what even is post-quantum cryptography (PQC), and what does getting ready look like? This guide addresses your most pressing questions on a topic that’s keeping security leaders up at night: what PQC is,  how it works, and most importantly, why and how organizations should start preparing for “Q Day” today.

laptop cpu

“Q Day” is coming

Post-quantum cryptography will introduce new challenges and opportunities for nations and enterprises.

Rumblings about quantum computing have been building momentum in the enterprise IT and security space for years. For the unfamiliar, experts sounding the alarm for a decade-away event may seem like somebody standing on the street corner dressed in nothing but a sandwich board that says, “The end is nigh!” 

But they’re not wrong — “Q Day,” the day quantum computers can render all current encryption methods meaningless, is coming. Transitioning to a quantum-capable world may be the most significant OS upgrade in the history of humanity. It will bring massive opportunities in everything from climate modeling to medical research, business intelligence, and new geopolitical threats. That’s why governments worldwide are investing in the quantum arms race.

If you’re reading this, you’ve probably at least heard the term “quantum.” Even Hollywood has had its go with it. Movies like Ant Man: Quantumania (2023), Interstellar (2014), and Oppenheimer (2023) all play with the idea of quantum physics. 

These physics boggle the mind, but they allow for new, exponentially more powerful ways of computing. Put most simply, quantum computing can solve much more complex problems much faster. 

On the other hand, quantum computing stands to overpower the widely used security protocols (aka cryptographic algorithms) we currently use to secure the internet, enterprises, military technology, and more. It has the potential to essentially nullify the infrastructure of any current-day security strategy.

There’s a lot of pressure (and noise) for businesses to get “quantum ready.” But what even is quantum computing, and what does getting ready look like? Let’s explore.

A primer on cryptography & PKI

Modern encryption uses digital keys and certificates to ensure only the intended recipient can decode the information. Collectively, this is known as public key infrastructure (PKI).

Today, PKI is the trust fabric of the digital world, allowing us to authenticate connections, encrypt data as it’s shared across networks, and digitally sign software and documents. These core elements of security could be undermined if the mathematical algorithms used to encrypt and decrypt data could be cracked by a powerful computer. 

Over time, different types of encryption have emerged that use more complex mathematical algorithms (like elliptic curve cryptography) to make encrypted messages harder to decrypt. 

Like passwords, encryption methods that use more complicated and variable characters (or “bits”) are more secure. For example, it takes today’s hacking software about a day to crack a seven-character password that contains only numbers and lowercase letters. A seven-character password that uses capital letters takes around 40 days to break. An eight-letter password takes a few years to crack. 

It would take millions upon millions of years for today’s computers to crack a message with RSA encryption, which is commonly used in today’s PKI and uses 2,048 bits for each key.

How quantum computing works and how it’s different

Post-quantum cryptography will function entirely different from today's cryptographic tools.

Today’s computers use binary “bits” composed of ones and zeros. Quantum computers process information using qubits, which aren’t ones or zeros, but the physical movements and positions of photons and electrons. You might think of a quartz watch, which uses the vibration of the quartz to regulate the electronic oscillator that keeps time. 

The thing about these sub-atomic elements that unlock this vast computing power and capture the imagination of Hollywood is their probabilistic nature. They can represent many things at once. A quantum computer using qubits can consider several possibilities and calculations simultaneously rather than consider them one at a time. This lets them factor large numbers much faster than a traditional computer — fast enough to crack modern encryption algorithms. 

The more qubits powering a quantum computer, the faster it can perform. In 2021, the University of Science and Technology of China demonstrated a 66-qubit processor, which conducted a calculation in 1.2 hours that would have taken today’s supercomputers eight years to solve.

So how many qubits is enough?

The number of qubits a quantum computer needs to crack RSA encryption keys has been a set of moving goalposts. Experts based their initial predictions on quantum computers’ usage of the Shor algorithm to decrypt RSA keys. Using this algorithm, a quantum computer would need hundreds of thousands (or millions) of qubits to break RSA encryption. 

We’re about a century away from reliably building such computers.

However, Chinese researchers have combined different algorithms to crack RSA encryption with only 372 qubits. Quantum computers with a few hundred qubits are well within reach — but this pairing of algorithms hasn’t proven to work at scale.

Whether quantum computers become capable of cracking RSA encryption tomorrow or 10 years from now, the transition to new encryption algorithms is already in motion.

Think about the transition from gas to electric vehicles. Manufacturers aren’t shifting to EVs because sooner or later, the Earth will run out of oil, because we don’t know when that day will come They’re transitioning because consumers are changing, regulations are changing, and adapting to those changes puts them at a competitive advantage.

The same can be said about quantum readiness. Quantum-resistant algorithms are like a new, better fuel source. To take advantage of them, businesses must augment their digital “vehicles” (PKI, hardware security modules, servers, etc.) to accommodate this new source. To adapt, organizations must thoroughly examine and restructure their IT ecosystem, and that takes more time and effort than most organizations would anticipate.

Quantum-resistant algorithms offer better protection

Quantum computers aren’t just faster; they offer an entirely different way of computing. Other cryptographic algorithms out there can resist quantum computing. Switching to these algorithms will challenge public, private, and governmental digital infrastructure custodians, including enterprise businesses like yours. 

Researching and testing which quantum-resistant encryption algorithms will be best has been the domain of government agencies worldwide.

NIST post-quantum cryptography

In 2016, the National Institute of Standards and Technology (NIST) began its efforts to develop quantum-resistant algorithms. It solicited experts from dozens of countries to submit algorithms for consideration, and ultimately ended up with 69 candidate algorithms. NIST invited experts to analyze and attempt to crack these algorithms to narrow the field. 

By July 5, 2022, the NIST post-quantum cryptography standardization process arrived at four quantum safe public key encryption and digital signature algorithms to draft standards around. They hope to release their final recommendations and formal standards by 2024

Other state-sponsored research organizations around the world are doing the same.

The quantum computing arms race

Many nations and organizations are researching post-quantum cryptography

China, Germany, Canada, the U.S., India, and Japan are leading the way in quantum research, though several others have quantum programs. Israel, Australia, the Netherlands, and Russia number just a few.

The race is often framed as an almost dead heat between the U.S. and China.

  • The U.S. has a greater private sector ecosystem for cultivating quantum innovation. The U.S. outpaces the rest of the world in private equity-backed quantum computing companies. Around 15 public companies and nearly 80 startups are pursuing quantum computing research and development.
  • China has a head start in the race. The Chinese government has continuously funded quantum research efforts, especially in its universities. China has achieved more advanced quantum communication technologies, launching the first quantum satellite to transmit information without traditional encryption in 2016.

But the U.S. is catching up in terms of government investment since the passage of 2018’s National Quantum Initiative. The U.S. has also tried collaborating with the United Kingdom, Australia, and Japan.

In the private sector, a few big names lead the way

IBM and Microsoft are perhaps the longest-running quantum researchers. IBM is shooting to release the first quantum processor with over 1,000 qubits in 2023. Microsoft is working on a new type of qubit while leveraging its Azure cloud platform to offer organizations access to quantum resources.

Google, D-Wave, Quantum Computing Inc (QCI), Intel, Rigetti, and Xanadu are focusing on nearer-term quantum applications and supporting hardware. QCI and Xanadu are striving to make quantum computing more accessible to the enterprise world. Lockheed Martin, Volkswagen, NASA’s Ames research center, and others already use D-Wave’s quantum annealing process.

Other big names like Amazon and Toshiba are also working to make strides in quantum computing.

So… Should you think about this now?


Make no mistake, quantum computing is merely an engineering challenge at this point. It’s only a matter of time before researchers find a way to make and scale quantum computers that can take down modern encryption.

A breakthrough that moves this inflection point closer could happen at any time. That’s why the buzz around quantum can sometimes seem a bit frantic. We don’t know if it’s five or 30 years away. 

Businesses must get the ball rolling on their post-quantum strategies for a few compelling reasons. 

Quantum preparedness will be a more significant undertaking than digital transformation.

This isn’t the world’s first shift to new cryptographic standards and algorithms. Such shifts are always painful. Some industries are still struggling to migrate to standards like AES or SHA-2, which have existed for a decade. 

Today, organizations use more digital identities than ever before. No one-size-fits-all post-quantum cryptography scheme exists, so each organization must carefully evaluate its current and future use cases. 

Manufacturers must account for products with longer lifecycles. 

Satellites, vehicles, medical devices, smart appliances, and other connected technologies that rely on encryption have long lifespans. Even if you could wait to implement quantum-resistant algorithms until quantum threats materialize, there would still be products in the field using the old quantum-susceptible cryptography. 

Taking steps toward quantum-resistant cryptography now will help ensure the products you sell today will be secure when quantum arrives.

Attackers aren’t waiting.

Stealing encrypted data is useless to hackers now, but they’re betting it won’t be for long. In anticipation of quantum capabilities, attackers are stealing encrypted information in hopes they will be able to decrypt it later.  

These “harvest now, decrypt later” attacks have enormous implications for enterprise and national security. And there’s plenty of cross-over. A study by HP showed that enterprises ranked as the most common target of nation-state cyber attacks.

Once malicious actors can crack RSA encryption, which serves as the backbone of the entire internet, every organization will be under threat without proper preparation.

How to prepare for post-quantum cryptography

Organizations should start preparing for post-quantum cryptography now.


The enterprise world remains in a holding pattern until governments select quantum-resistant cryptographic algorithms to use and draft standards and guidelines around those algorithms. 

In the meantime, organizations can position themselves for a smoother, faster, more effective migration by building crypto-agility within their organization as it exists today. Crypto-agility refers to an organization’s ability to quickly switch between algorithms, cryptographic primitives, and other methods of encryption. 

Get buy-in and commitment from leadership.

Sometimes, it can be difficult to see past the next board meeting, the next quarter, or the organization’s end-of-year targets. However, the migration to post-quantum cryptography will take years to truly achieve. Organizations must shore up their security gaps and hygiene. As they select tools for today’s needs (like zero trust), they should consider whether these tools will also support the quantum environment of the future.

Take stock of your current state.

Work to understand and map how your organization uses PKI and encryption today. Inventory the devices connected to your systems, what security measures they employ, where encryption is used in your networks, and what data is most vulnerable and valuable. 

Keyfactor’s 2023 State of Machine Identity Report shows just how complex it can be for organizations to gain complete visibility into the state of their machine identities and certificates. 

  • The average organization uses over 250,000 certificates at any given time and nine certificate authorities.
  • 62% of respondents didn’t know exactly how many keys and certificates they had. 
  • 74% said they’re deploying more keys and certificates, and 72% said increasing volume burdens their teams.

The average organization is already on its back foot in managing PKI and certificates. This often stems from a need for centralized ownership and management, spurring various departments to find certificate solutions with no guidelines or boundaries besides ease of use. 

Establishing a centralized hub for discovering, tracking, and managing certificate lifecycles is an excellent first step in gaining control over your certificate landscape.

Enable automation and bulk actions.

Manually tracking and re-issuing certificates doesn’t scale as the volume of certificates increases and new demands emerge. A centralized certificate lifecycle management hub can automate the discovery and re-issuance of certificates. It can also enable bulk issuance and revocation of certificates. 

With these capabilities, when post-quantum algorithms become available, organizations can swap out existing certificates with new certificates that support those algorithms in one fell swoop. 

Start testing and preparing for quantum cryptography.

Quantum-resistant algorithms will present challenges with compatibility and interoperability. The earlier you can begin testing, the better.

At Keyfactor, our PQC Playground gives you hands-on experience with quantum-resistant public key cryptographic assets and systems like post-quantum certificate authorities and certificates. These resources come with a free 30-day test drive that helps get your post-quantum strategy off the ground.

  • Keyfactor Command lets you assess your organization’s PKI and certificate management security.
  • EJBCA lets you create a quantum-ready CA and issue post-quantum certificates in your lab environment (until algorithms are production-ready).
  • SignServer lets you start signing artifacts with post-quantum algorithms in your lab environment to test for compatibility.
  • Bouncy Castle lets you build and test apps with quantum-capable cryptographic APIs. 

To learn more and to stay current with all things post-quantum cryptography, check out Keyfactor’s post-quantum Lab.

Have questions about the transition to post-quantum security? See how Keyfactor can help you prepare for what's ahead.