Understanding how post-quantum cryptography works

Quantum computing forces a fundamental rethink of how public-key cryptography is designed. Once the mathematical assumptions behind RSA, Diffie–Hellman, and elliptic-curve cryptography no longer hold, the question is not whether change is needed, but what replaces them.

Post-quantum cryptography addresses this by redesigning public-key algorithms around different classes of mathematical problems, after it became clear that the assumptions underpinning widely used public-key schemes no longer hold against quantum-capable adversaries. These alternative problems are not known to be efficiently solvable by either classical or quantum computers, which makes them suitable candidates for long-term security in a post-quantum world.

Rather than being a theoretical construct, post-quantum cryptography defines a concrete set of algorithms that can be deployed on today’s systems. The challenge lies in understanding how these algorithms differ from classical approaches, and what that means for existing cryptographic designs.

PQC runs on classical systems

A common misconception is that post-quantum cryptography requires quantum hardware. It does not. PQC algorithms are designed to run on standard CPUs, servers, network devices, and endpoints. From an infrastructure perspective, nothing changes physically.

The impact sits in software and protocols: cryptographic libraries, TLS handshakes, certificates, key management systems, and signature formats. This distinction matters operationally. Organisations are not preparing for quantum computers in their data centres. They are preparing their cryptography for a world where adversaries may have access to quantum capabilities.

Core families of post-quantum algorithms

Research over the past two decades has produced several classes of quantum-resistant algorithms. Each family is based on a different type of hard mathematical problem, with different trade-offs in performance, key size, and operational suitability.

Lattice-based cryptography

Lattice-based schemes rely on problems in high-dimensional lattices, such as Learning With Errors (LWE). These problems involve finding hidden structures in noisy mathematical systems, which have proven difficult for both classical and quantum approaches.

Most of the algorithms selected by NIST in its first round of PQC standardisation fall into this category. CRYSTALS–Kyber is used for key establishment, while CRYSTALS–Dilithium and FALCON are used for digital signatures. Lattice-based cryptography currently forms the backbone of practical PQC deployment.

Code-based cryptography

Code-based cryptography uses error-correcting codes. The classic example is McEliece, which has remained secure for decades despite extensive analysis. These schemes are well understood but often involve very large public keys, which limits where they can be used efficiently.

Hash-based signatures

Hash-based signature schemes rely only on the security properties of cryptographic hash functions. SPHINCS+, one of NIST’s standardised signature algorithms, falls into this category. These schemes avoid algebraic structures altogether, which makes their security assumptions relatively simple, at the cost of larger signatures and higher computation overhead.

Multivariate and isogeny-based approaches

Other approaches, such as multivariate polynomial systems and isogeny-based cryptography, have been explored extensively. Some have been broken during cryptanalysis, most notably SIKE, which demonstrated that ongoing scrutiny remains necessary. These families are still relevant from a research perspective but are not part of the first wave of standardised algorithms.

What PQC replaces and what it does not

Post-quantum cryptography primarily targets public-key functions: key exchange, encryption of session keys, and digital signatures. These are the areas where quantum computing is expected to cause fundamental breakthroughs.

Symmetric cryptography and hash functions are affected differently. Quantum algorithms such as Grover’s algorithm reduce their effective security, but this is addressed by using larger key sizes and outputs. As a result, AES and modern hash functions remain usable with adjusted parameters.

In practice, most systems will combine post-quantum public-key algorithms with conventional symmetric encryption, just as they do today. The overall structure of protocols such as TLS remains familiar, even though the underlying key establishment and authentication mechanisms change.

Standardisation as a turning point

For many years, PQC was largely academic. That changed with the completion of NIST’s post-quantum cryptography programme. In 2024, NIST published its first set of PQC standards, covering both key establishment and digital signatures.

This milestone moved PQC from theory into implementation. Once algorithms are standardised, vendors can integrate them into products, protocols can evolve, and organisations can begin structured planning. This is why PQC is no longer framed as experimental or optional in security roadmaps.

From algorithm design to operational reality

Understanding how post-quantum cryptography works clarifies an important point. PQC is not a single algorithm or product. It is a replacement set for core public-key primitives that appear throughout modern infrastructure, particularly in certificate-based trust systems and key management platforms. In practice, this means organisations will need cryptographic agility at the PKI layer to introduce post-quantum algorithms alongside existing ones without disrupting services.

This has direct implications for real-world systems. Web traffic, software updates, identity platforms, and certificate-based trust all depend on public-key cryptography. Replacing those mechanisms is not a single switch but a staged transition that touches many layers of the stack.