Post-quantum public-key encryption: what’s it all about?

submited by
Style Pass
2025-01-03 02:30:03

Public-key cryptography has been in widespread use for decades, and mostly we’ve stuck to the well-known systems like RSA encryption and Diffie-Hellman key exchange.

A lot of people who aren’t actual cryptographers have a basic understanding of these systems, because it doesn’t take too much mathematics to make sense of them, and the systems themselves can be described in very few sentences. I know that RSA in particular is used as an example in introductory number theory courses, because it brings together several topics that were in the main course material and demonstrates a practical use of them.

I call this a ‘basic’ understanding because real RSA encryption, as used in serious applications, involves a lot of fiddly details and refinements on top of this basic idea, like padding and encoding schemes, performance optimisations, implementation techniques that avoid side channels, and the idea that you almost always use RSA to encrypt a secondary ‘session key’ rather than the message itself, and then encrypt the message in turn by using that session key with an ordinary symmetric cipher like AES. But that doesn’t make the above information inaccurate, only incomplete: it’s good enough to convey a general understanding of what’s going on, even if it’s not enough information to write a full working implementation.

We’re starting to move away from these algorithms now, because of the threat that maybe someone might develop a working quantum computer big enough to run the algorithm that breaks both RSA and Diffie-Hellman. So there are some new public-key systems around, and they’re not so well known. I think there might be quite a lot of people who have a lay understanding of RSA as I describe above, but only know of the replacement ‘post-quantum’ systems as black boxes with strange names. (And perhaps not even that – I don’t think even the names have become nearly as famous as RSA yet.)

Leave a Comment