Post-Quantum Cryptography

Post-Quantum Cryptography — Why You Must Act Now

Security · Compliance · 10 min read

The Quantum Threat to Cryptography

Every RSA, ECC, and Diffie-Hellman cryptographic system currently securing the internet is vulnerable to a sufficiently powerful quantum computer running Shor's algorithm. Shor's solves integer factorisation and discrete logarithm problems — the mathematical foundations of RSA and ECC — in polynomial time. This is exponentially faster than the best classical algorithms.

"Harvest Now, Decrypt Later". Adversaries are already collecting encrypted data today — TLS traffic, VPN tunnels, confidential communications — to decrypt them once quantum computers are powerful enough. If you transmit anything confidential, you are already under attack. The harvest is happening now.

The Timeline

NIST estimates that RSA-2048 could be broken by a sufficiently large fault-tolerant quantum computer within 10–15 years. CISA, NSA, and major national cybersecurity agencies are all mandating PQC migration timelines starting now. The US government has mandated all federal agencies complete PQC migration by 2030.

NIST Post-Quantum Standards — FIPS 203 and 204

NIST finalised two post-quantum standards in 2024:

  • FIPS 203 — ML-KEM (Kyber): Key encapsulation mechanism. Replaces RSA and ECDH for key exchange. Based on Module Learning With Errors (MLWE) lattice problem.
  • FIPS 204 — ML-DSA (Dilithium): Digital signature algorithm. Replaces RSA-PSS and ECDSA for signing. Based on Module Learning With Errors and Module Short Integer Solution.
ML-DSA-65: Public key 1952 bytes | Signature 3293 bytes | Security: 128-bit quantum

Q-MUMMA is already FIPS 204 compliant. All Q-MUMMA results are signed with ML-DSA-65. Our Vajra L1 blockchain uses ML-DSA-65 natively — ECDSA has been completely removed from our stack. We do not wait for 2030.

Your Migration Checklist

  • Audit all TLS certificates — identify RSA/ECC key sizes
  • Audit all API authentication — JWT RS256? Migrate to Ed448 then ML-DSA-65
  • Audit SSH keys — replace RSA 4096 with ML-DSA-65 or Ed25519
  • Audit code signing and build pipelines
  • Audit all stored encrypted data — re-encrypt with hybrid classical+PQC
  • Audit third-party dependencies — are your vendors migrating?

Q-MUMMA's PQC Infrastructure Scan does all of this automatically in under 60 seconds — 14 layers of automated scanning.

PQC Scan API → Our Security Architecture →