Post-quantum cryptography (PQC) refers to cryptographic systems that are secure against attacks from quantum computers. Unlike current encryption standards (RSA, ECDSA, DH) which rely on mathematical problems that quantum computers can solve efficiently, PQC algorithms use mathematical structures believed to resist quantum attacks.
In August 2024, NIST published the first three PQC standards: FIPS 203 (ML-KEM / CRYSTALS-Kyber) for key encapsulation, FIPS 204 (ML-DSA / CRYSTALS-Dilithium) for digital signatures, and FIPS 205 (SLH-DSA / SPHINCS+) for hash-based signatures.
The five main families of PQC:
- Lattice-based: CRYSTALS-Kyber, CRYSTALS-Dilithium (used by BMIC)
- Hash-based: SPHINCS+, XMSS
- Code-based: Classic McEliece
- Multivariate: Rainbow (broken), GeMSS
- Isogeny-based: SIKE (broken in 2022)
Why crypto needs PQC now: The "harvest now, decrypt later" threat means attackers can record encrypted blockchain data today and decrypt it when quantum computers become powerful enough. Blockchain transactions are permanent and public — making crypto uniquely vulnerable.