Post Quantum Cryptography (PQC) overview and why you should care!

Added: 2026-05-04

[00:00:00]Hey everyone. In this video, I want to talk about postquantum cryptography or PQC because in the last couple of weeks, there's been significant research advances in quantum computing. And the day they believe our current security ciphers used to protect communications will fail. Now to be clear, we are not at the point where quantum computers can break encryption today, but the progress is real and the industry is preparing.

[00:00:29]I previously did a video on quantum safe. I recommend you watch that for all the detail and why I was holding a lightsaber, but I wanted to quickly touch on what is being done and what you should be doing right now.

[00:00:44]Now what we're really talking about and the threat is around a symmetric encryption.

[00:00:56]And when we talk about asymmetric encryption, you're talking about the idea that we have a public and then a corresponding private pair of keys. And the whole point is that the private is kept private by the party and the public is available to everyone.

[00:01:22]And it's all based around the idea that the problem is trying to factor um or solve discrete logarithms is really really hard. So with today's classical computers, the ones we have sitting on our desks that use those bits, it would take longer than the age of the universe. So if I only have the public key, trying to get the private key and then decrypt the communications would take billions of years.

[00:01:57]I.e. I'm okay with that.

[00:02:01]Now they these classical computers they use very clever math but these problems like factoring super large numbers is extremely hard. So it's why our RSA, our crypto systems are secure today.

[00:02:16]The problem is these quantum computers um they work very differently. They use these cubits. They can exist in a combination of states. And then we have these quantum algorithms that take advantage of those and other types of capabilities of the quantum world.

[00:02:39]Algorithms like Shaw's algorithm.

[00:02:42]They use interference to make the right answer bubble up and be more likely and the wrong ones cancel out.

[00:02:52]So if we can build a quantum computer at a big enough scale, enough logical cubits, then many of today's asymmetric encryption systems could be now broken in the matter of days, maybe even hours.

[00:03:15]Now you may be wondering about well okay that's asymmetric but I've also heard about kind of symmetric things like as symmetric encryption even against um quantum is resistant.

[00:03:44]So that is commonly used for things like data storage. It's actually used for communication between Azure data centers. So even quantum computers once scaled it would still take hundreds of billions of years to break. Again I'm okay with uh hundreds of billions of years.

[00:04:02]But obviously this is a huge problem.

[00:04:05]this idea of this asymmetric these public private public keys and breaking based on having the public key to find the private key and then decrypt the information that's not an okay thing. So this is why we have this idea for asymmetric of post quantum cryptography and there are new asymmetric algorithms that are believed to be resistant against both classical and quantum attacks. So that same idea now of hey the that public key It would still now be resistant.

[00:05:00]So you can think of today's encryption as a safe protected by a padlock. And those classical burglars, today's computers, they can't pick the lock. It would take them billions of years. But a new type of to quantum computer could open it in minutes. So postquantum cryptography PQC is like replacing that padlock with an entirely different mechanism that even that new quantum tool can't break. And the National Institute of Standards and Technology NIST already has several standardized PQC algorithms and the industry is actively moving towards adoption of that. So we talk about PQC, we're actually thinking around these standardized algorithms that we can actually leverage.

[00:05:52]Now Microsoft has been a contributor since I think 2014. They've published research papers. is they have a quantum safe program that started in 2023 that's integrating these NIST standardized quantum safe algorithms into their services and endpoints. If we actually go and quickly look this is kind of a timeline. So it talks about some of the research things that was going on. You can see they launched the initiative there were certain deadlines around when it needs to be available um for various government standard agencies. And if we go and actually look, so this is the timeline of what's happening.

[00:06:31]So foundational security requirements.

[00:06:34]So core foundational services like SIMP, that's Microsoft's open-source core cryptographic library. They have the PQC algorithms in place. Then you can see phase two is getting them into core services like Entra, signing services, sequence management. And then phase three in 2027 is about getting them into all of the services, all of the endpoints. So, Windows, Azure, MS365, Copilot, etc., etc. So, it kind of brings up so what should you as an organization do? Now I think what's really important to this is you need to understand and have an inventory of where you are using asymmetric cryptography in your apps in your systems. Now there are tools like CodeQL that can help you find them, help you identify them for your services. What you really want to start focusing is making them crypto agile, i.e. you can swap out algorithms without having to redesign everything and then start adopting postquantum cryptography in your services. Um, use those libraries as they become available or you you're ready to do those things. But don't wait on this. Now one action you can do today is to start really focusing on private networking.

[00:08:25]Now the reason for this it is not a solution but it helps protect against something called harvest now decrypt later. So you can think about the bad actors cannot break this today. But if they can get on the wire and capture the traffic and store it once those scalable quantum computers are available, they could go back and now get access to the data. So if you have data that matters in 5 10 years time, I really want to try and protect as much as I can against it being harvested. So if I can leverage private networking, private endpoints, integrated services to just reduce the chance of data being harvested and reduce the chance of future abuse. So I mean it helps that is not the solution.

[00:09:14]The focus is on encryption as the key control, but just obviously this can help reduce some of that. So if I think about this, the key takeaway really is that quantum computing is not breaking encryption today.

[00:09:29]But this transition to quantum safe cryptography has already started and the earlier you begin preparing um the smoother that transition is going to be. So hope that was helpful. Till next video, take care.