ACTIVE RESEARCH — 2025/26

Post-Quantum
Cryptography

Quantum computers will break RSA, ECC, and DH — the foundations of current PKI. This research explores quantum-resistant algorithms being standardised by NIST and migration pathways for enterprise systems.

CRYSTALS-Kyber CRYSTALS-Dilithium NTRUSPHINCS+NIST PQCLattice Crypto
🔬 Research Status: Active — Ongoing Study & Analysis
// 01 — THE THREAT

Why Quantum Breaks Everything

A sufficiently powerful quantum computer running Shor's algorithm can factorise large integers and compute discrete logarithms in polynomial time — directly breaking RSA, Diffie-Hellman, and Elliptic Curve Cryptography that secures virtually all of today's internet communications.

Grover's algorithm provides a quadratic speedup for brute-force searches, effectively halving the security of symmetric algorithms — AES-128 becomes equivalent to ~64-bit classical security. AES-256 remains viable by doubling key lengths.

"Harvest Now, Decrypt Later" — The Immediate Threat

Nation-state adversaries are already collecting encrypted traffic today, storing it for decryption once quantum computers are available. This means data encrypted with RSA/ECC right now may be compromised in 5–15 years. Long-lived secrets — medical records, financial data, state secrets — need quantum-safe protection today.

RSA-2048
Public Key Encryption
BROKEN by Shor
5–15 years
ECC P-256
Digital Signatures
BROKEN by Shor
5–15 years
DH / ECDH
Key Exchange
BROKEN by Shor
5–15 years
AES-128
Symmetric Encryption
WEAKENED by Grover
Double key length
AES-256
Symmetric Encryption
SAFE (with 256-bit)
Still secure
SHA-256
Hash Functions
WEAKENED by Grover
Use SHA-512
SHA-3
Hash Functions
SAFE (with 256-bit)
Still secure
CRYSTALS-Kyber
Key Encapsulation
QUANTUM SAFE
NIST Standard
02 — NIST STANDARDISATION

NIST PQC Standards (FIPS 203–205)

After an 8-year global competition, NIST finalised the first post-quantum cryptographic standards in August 2024 — FIPS 203, 204, and 205. These form the foundation of quantum-safe cryptography for the next decades.

FIPS 203
CRYSTALS-Kyber
ML-KEM
Key Encapsulation Mechanism
Primary

Based on Module Learning With Errors (MLWE) — a lattice problem believed to be hard for both classical and quantum computers. Replaces RSA/ECDH for key exchange. Produces shared keys for symmetric encryption.

FIPS 204
CRYSTALS-Dilithium
ML-DSA
Digital Signature Algorithm
Primary

Based on Module Learning With Errors (MLWE) and Short Integer Solution (SIS) lattice problems. Replaces RSA and ECDSA for digital signatures. Used for code signing, certificate authorities, and document authentication.

FIPS 205
SPHINCS+
SLH-DSA
Stateless Hash-Based Signatures
Backup

Based on hash function security — conservative and well-understood assumption. Slower than Dilithium but provides a security diversity backup not based on lattice problems. Important for long-term trust anchors.

Draft
FALCON
FN-DSA
Compact Digital Signatures
Draft

Based on NTRU lattice problems. Produces significantly smaller signatures than Dilithium — critical for constrained environments. Finalisation expected 2025 as FIPS 206.

03 — MATHEMATICAL FOUNDATIONS

Lattice-Based Cryptography

Lattice cryptography derives its security from the hardness of lattice problems — specifically the Learning With Errors (LWE) and Short Integer Solution (SIS) problems. These are believed to be computationally hard even for quantum computers.

LWE Hard Problem
b = A·s + e (mod q)
A = public random matrix (n × m)
s = secret vector (hard to find)
e = small error vector
b = public observation
Given A and b, recovering s is hard even with a quantum computer — this is the foundation of Kyber and Dilithium.

Why Lattice Problems Are Quantum-Safe

Shor's algorithm exploits the periodic structure of RSA/ECC mathematical groups. Lattice problems have no such exploitable structure. The best known quantum algorithms for LWE offer only negligible speedup over classical algorithms, making them quantum-resistant at practical security levels.

Interactive lattice visualisation — lattice points form a regular structure; finding the shortest vector (SVP) is computationally hard.
04 — CRYSTALS-KYBER

CRYSTALS-Kyber KEM Mechanism

Kyber is the primary NIST-standardised Key Encapsulation Mechanism (KEM) for post-quantum key exchange. Understanding its flow is critical for enterprise migration planning.

Alice (Sender)
1
Key Generation
Generate (pk, sk) from secret s and noise e using MLWE. Publish public key pk.
3
Decapsulation
Use secret key sk to recover shared secret K from ciphertext c.
pk →
Public Key
← c
Ciphertext
Both parties now share secret K — use as AES-256 key
Bob (Recipient)
2
Encapsulation
Use Alice's pk to encapsulate a random shared secret K into ciphertext c.
05 — ENTERPRISE MIGRATION

Quantum-Safe Migration Roadmap

Migrating enterprise systems to post-quantum cryptography is a multi-year programme. The priority is crypto-agility — building systems that can swap algorithms without architecture changes.

Phase 1 — Now
INVENTORY

Cryptographic asset discovery: identify all RSA/ECC usage across systems, certificates, protocols, libraries, HSMs, and API integrations. Create a cryptographic bill of materials (CBOM).

Phase 2 — 2025
ASSESS

Risk-classify assets by sensitivity and lifespan. Long-lived secrets (PKI roots, signing keys) are highest priority. Assess vendor PQC roadmaps and library support.

Phase 3 — 2025–26
HYBRIDISE

Deploy hybrid classical+PQC schemes: X25519+Kyber for TLS, ECDSA+Dilithium for signatures. Hybrid provides classical security while gaining quantum resistance. No "cliff edge" migration.

Phase 4 — 2026–27
MIGRATE

Replace classical algorithms progressively. Start with highest-risk, longest-lived data. Update PKI infrastructure, code-signing pipelines, secure messaging, and API authentication.

Phase 5 — Ongoing
MAINTAIN

Monitor NIST guidance evolution. Track new PQC breaks. Maintain crypto-agility for algorithm rotation. Annual quantum threat reassessment.

06 — RESEARCH FOCUS

Current Research Focus Areas

🏦
PQC in Banking Infrastructure
Analysing migration pathways for Core Banking Systems (Finacle, OBDX) from RSA/ECC to Kyber/Dilithium. Research focus on HSM vendor support and key ceremony procedures in regulated environments.
🔗
Hybrid TLS Implementation
Studying X25519Kyber768 (RFC draft) hybrid key exchange in TLS 1.3. Evaluating performance overhead of hybrid handshakes for high-frequency transaction systems — critical for RBI payment infrastructure.
📜
Certificate Authority Migration
Research into quantum-safe PKI architecture — root CA signing with Dilithium, intermediate CA hybrid signatures, and certificate chain validation performance at national banking scale.
🔐
Crypto-Agility Frameworks
Designing algorithm-agnostic cryptographic middleware that enables seamless algorithm rotation. Based on IETF draft-ietf-lamps-pq-composite-kem and NIST guidance on algorithm migration.
Performance Analysis
Benchmarking Kyber768 and Dilithium3 against RSA-2048 and P-256 on ARM Cortex-A processors (common in banking terminals). Key findings: Kyber encapsulation ~4× faster than RSA-2048 key exchange.
🌐
Post-Quantum TLS Readiness
Assessing enterprise application server and load balancer support for PQC — nginx, Apache, F5, AWS ALB. Current gap analysis for BFSI infrastructure migration planning.

Research Disclaimer

This research is an independent academic and professional development activity. All analysis is based on publicly available NIST publications, IETF drafts, and academic literature. No proprietary or classified information is involved. The views expressed are personal and do not represent the position of any employer or organisation.