Post-Quantum Cryptography
Also known as: PQC, Quantum-Resistant Cryptography, Quantum-Safe Cryptography
Post-quantum cryptography is the field of public-key algorithms designed to stay secure against attackers using quantum computers, specifically Shor's algorithm, which breaks RSA and elliptic-curve cryptography. PQC schemes rest on math problems such as lattices, codes, and hashes that have no known efficient quantum solution. In 2024 NIST published the first standards, FIPS 203, 204, and 205, formalizing lattice and hash-based replacements for today's vulnerable public-key crypto.
Post-quantum cryptography (PQC), also called quantum-resistant cryptography, exists because of one algorithm: Shor's algorithm. Running on a sufficiently large quantum computer, Shor's algorithm factors large integers and solves discrete logarithms in polynomial time, which collapses the security of RSA, Diffie-Hellman, ECDSA, and X25519 all at once. Every TLS handshake, every Signal-style key exchange, and most of the internet's public-key plumbing relies on exactly those problems.
PQC does not run on quantum computers; it is ordinary software that runs on the classical machines you already own. Its security comes from switching to math problems that quantum computers are not known to solve efficiently. The main families are lattice-based (the basis of ML-KEM-768 and ML-DSA), hash-based signatures (SLH-DSA), code-based, and multivariate schemes.
A separate quantum algorithm, Grover's algorithm, gives only a quadratic speedup against symmetric ciphers and hashes. It effectively halves their security level, so AES-256 retains a 128-bit margin and SHA-256 stays usable. Symmetric crypto does not need replacing, only larger keys; it is public-key crypto that PQC targets.
After a competition launched in December 2016 with 82 submissions, NIST published its first finalized standards on August 13, 2024: FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA). That marked the start of a global migration from classical to quantum-resistant public-key cryptography.
How it works
PQC replaces the hard problem under your key exchange and signatures. Classical schemes rely on factoring or discrete logs, which Shor's algorithm defeats. Lattice schemes like ML-KEM instead rely on Learning With Errors: recovering a secret hidden by small random noise in high-dimensional lattices, a problem with no known efficient quantum attack. A common deployment pattern is hybrid: run a classical algorithm and a PQC algorithm in parallel and combine both shared secrets, so the result is secure as long as either one holds. This hedges against PQC being young and any single scheme having an undiscovered flaw.
How RVNT uses Post-Quantum Cryptography
RVNT deploys post-quantum protection in hybrid form: its handshake combines classical X25519 with the lattice KEM ML-KEM-768, concatenating both shared secrets through HKDF-SHA256 so an attacker must break both the elliptic curve and the lattice. The symmetric layer is AES-256-GCM, which Grover's algorithm only weakens to a 128-bit margin. See post-quantum and hybrid key exchange.
Frequently asked questions
What is the difference between post-quantum cryptography and quantum cryptography?
Post-quantum cryptography is classical software, running on normal computers, built on math that quantum computers cannot efficiently break. Quantum cryptography (such as quantum key distribution) instead uses quantum physics and special hardware. PQC is what gets deployed in apps and the web today; quantum cryptography needs dedicated optical infrastructure.
Do I need post-quantum cryptography if quantum computers don't exist yet?
Yes, for data that must stay secret for years. The Harvest Now, Decrypt Later attack lets adversaries record your traffic today and decrypt it once quantum computers arrive. Encrypting post-quantum now is the only way to keep harvested ciphertext useless to a future quantum attacker.
Which post-quantum algorithms did NIST standardize?
In August 2024 NIST published FIPS 203 (ML-KEM, a lattice key-encapsulation mechanism formerly Kyber), FIPS 204 (ML-DSA, lattice signatures formerly Dilithium), and FIPS 205 (SLH-DSA, hash-based signatures formerly SPHINCS+). RVNT uses ML-KEM-768 from FIPS 203.
Every definition here describes something RVNT actually ships — a post-quantum, end-to-end-encrypted, peer-to-peer messenger with no phone number and no servers.