Last updated: April 29, 2026
In 2024 the US NIST finalised three post-quantum cryptography (PQC) standards: ML-KEM (Kyber) for key encapsulation, ML-DSA (Dilithium) and SLH-DSA (SPHINCS+) for signatures. By 2026, large organisations have begun crypto-agility programmes. The driver is “harvest now, decrypt later” — adversaries collecting encrypted traffic today to decrypt when cryptographically-relevant quantum computers (CRQCs) arrive. For data with a 25-year sensitivity horizon (financial records, healthcare, IP, classified), the threat is already real. This module covers what to do now.
What’s broken when a CRQC arrives
Shor’s algorithm running on a sufficiently large quantum computer breaks:
- RSA at all key sizes
- ECDSA / ECDH at all curves
- DSA and Diffie-Hellman
What’s largely fine:
- AES-256 — Grover’s algorithm halves effective key length; AES-128 is the worry, AES-256 still has 128-bit quantum strength
- SHA-256, SHA-3 — same Grover halving; doubling output size suffices
- Hash-based signatures — already quantum-safe (SLH-DSA / SPHINCS+)
The asymmetric layer (TLS handshakes, signed software, certificates, code-signing, S/MIME, SSH key-exchange) is the migration scope.
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.