Skip to main content
InviziPoll
Get StartedSign In
Blog

What Is Post-Quantum Cryptography? A Plain-English Guide for People Who Hold Sensitive Data

Post-quantum cryptography (PQC) is a set of encryption methods designed to stay secure even against a large-scale quantum computer. That's the whole idea in one sentence. The reason it matters now — years before such a computer is known to exist — is a problem with an unsettling name: harvest now, decrypt later. This guide explains what post-quantum cryptography is, why today's encryption is vulnerable, what the new standards actually are, and why anyone storing sensitive long-lived data should already care.

Why today's encryption could break

Almost all of the encryption protecting the internet right now relies on math problems that are easy to perform in one direction but extremely hard to reverse. RSA depends on the difficulty of factoring enormous numbers. Elliptic-curve cryptography (the "ECDH" and "X25519" you see in security docs) depends on a related hard problem. A normal computer would need longer than the age of the universe to crack a well-chosen key, so we treat these as safe.

A sufficiently powerful quantum computer changes the math. An algorithm published by Peter Shor in 1994 shows that a quantum machine could factor large numbers and solve the elliptic-curve problem efficiently — turning "longer than the universe" into "an afternoon." This does not affect everything equally: the symmetric encryption that protects bulk data (AES) is far more resilient and mostly just needs larger keys. The vulnerable part is the public-key layer that two parties use to agree on a shared secret and to sign messages. That layer is the front door, and Shor's algorithm is a key to it.

Large-scale, cryptographically relevant quantum computers don't exist publicly today. The honest answer to "when?" is "nobody knows — possibly a decade, possibly longer." So why act now?

"Harvest now, decrypt later" is the reason to act early

Here's the part that surprises people. An attacker doesn't need a quantum computer today to threaten data today. They can simply record encrypted traffic and stored ciphertext now, sit on it, and decrypt it the day a capable quantum computer becomes available. Nation-states and well-resourced adversaries are widely assumed to be doing exactly this kind of archiving already.

That reframes the timeline completely. The relevant question isn't "will quantum computers break encryption before I retire?" It's "how long does the data I'm encrypting today need to stay secret?" If you're protecting something with a confidentiality lifespan of ten or twenty years — medical records, legal matters, trade secrets, or candid employee feedback that could be embarrassing or career-affecting if exposed — then data you encrypt today must already resist a machine that might only arrive in 2040. Anything encrypted with classical-only public-key crypto and harvested now is on a countdown.

What the new standards actually are

The good news is that the replacement is no longer theoretical. After a multi-year public competition, the U.S. National Institute of Standards and Technology (NIST) finalized its first post-quantum standards in August 2024. The two that matter most:

ML-KEM (FIPS 203) — short for Module-Lattice-Based Key-Encapsulation Mechanism, and originally known as Kyber. This is the replacement for the key-agreement step: how two parties establish a shared secret over an open channel. It's built on the hardness of lattice problems, which are believed to resist both classical and quantum attacks.

ML-DSA (FIPS 204) — Module-Lattice-Based Digital Signature Algorithm, originally Dilithium. This handles digital signatures: proving a message or key is authentic and hasn't been tampered with. It's the post-quantum replacement for signature schemes like RSA signatures and Ed25519.

(A third standard, SLH-DSA / FIPS 205, provides a signature scheme based on hashing for situations that need a different set of trade-offs.)

These algorithms are larger and a bit slower than what they replace, but they run comfortably on ordinary hardware — including inside a web browser.

Hybrid: belt and suspenders, on purpose

There's a catch with brand-new cryptography: it hasn't been attacked for as long as the classical schemes have. Lattice problems are well studied, but "well studied" for PQC means years, not the decades RSA has endured. A flaw discovered later would be bad.

The mainstream answer is a hybrid approach: combine a proven classical algorithm with a post-quantum one so the result is secure if either survives. A widely adopted example is X-Wing, which pairs the classical X25519 key exchange with ML-KEM-768. An attacker would have to break both — the decades-tested classical scheme and the post-quantum one — to recover the secret. You give up almost nothing and you remove the "what if the new thing is flawed" risk. This is why serious deployments lead with hybrid constructions rather than swapping to pure PQC overnight.

Why this matters for survey and poll data specifically

It's tempting to file post-quantum cryptography under "banks and governments." But think about what a confidential employee survey actually contains: candid statements about managers, disclosures about culture or misconduct, opinions people would never attach their name to. That data's confidentiality lifespan is long — sometimes the entire remainder of someone's career. And the threat isn't only a future quantum computer; it's the fact that a survey vendor storing readable responses is a single subpoena or breach away from exposing them, today.

This is the logic behind InviziPoll's architecture. Responses are encrypted in the participant's browser before they ever reach our servers, so we store ciphertext we can't read. On the newer key version, that protection is post-quantum hybrid: key encapsulation uses the X-Wing construction (X25519 + ML-KEM-768, FIPS 203), and key material is signed with ML-DSA-65 (FIPS 204) instead of standalone Ed25519. The post-quantum operations run in the browser using audited cryptographic libraries, and stored ciphertext carries a version field so legacy classical material and post-quantum material can coexist while workspaces upgrade. The point isn't to win a buzzword contest. It's that responses harvested today shouldn't become readable in 2040 because the encryption assumed quantum computers would never arrive.

The takeaway

Post-quantum cryptography isn't a prediction that quantum computers are imminent. It's an acknowledgment that secrets recorded today can be decrypted tomorrow, and that the only defense is to encrypt long-lived data with quantum-resistant methods before the harvest happens. The standards exist (ML-KEM and ML-DSA), the hybrid approach removes the risk of betting on untested math, and it all runs on hardware you already own. For anyone holding data that needs to stay private for years, the migration isn't premature — it's overdue.

Want the implementation-level detail? See InviziPoll's post-quantum cryptography architecture and encryption model overview, or explore the platform on the features page.

This article is an educational overview of cryptographic concepts, not security advice for your specific systems.