What is post-quantum encryption? Everything to know about the high-tech security feature adopted by Apple, Meta, and Zoom

Late last month, Zoom announced that it was rolling out a new type of encryption, called post-quantum cryptography (PQC), to its Zoom Workplace product. A day later, Facebook owner Meta revealed it had deployed post-quantum cryptography across most of its internal service communications. These announcements from the communications and social media giants came several months after Apple’s February reveal that its iMessage platform would be the first major messaging platform to roll out the most advanced version of post-quantum cryptography to date, PQ3.

But PQC, PQ3, post-quantum cryptography—just what do all these terms mean? Here’s what you need to know about post-quantum encryption and why it will be critical in protecting our most sensitive data in the decades ahead.

What is encryption?

Before we can talk about post-quantum encryption, we need to talk about basic encryption.

Encryption is a term that most of us are familiar with. Encryption uses incredibly complex mathematical equations to scramble our data into an unreadable mess—our messages, documents, and photos—so that no one without the password- or PIN-protected encryption key can unscramble and read or view our data. 

Today, there are two main types of encryption: regular encryption and end-to-end encryption (E2EE). If your data is merely encrypted—such as your DMs in the TikTok app—the sender, receiver, and messaging platform itself hold the keys to unencrypt and read your data. But if your data is end-to-end encrypted, only the sender and the receiver can read the data because only they hold the keys—not the messaging platform. 

Any time you lock most devices, including laptops or smartphones, the data on them is usually encrypted and remains that way until the owner unlocks the device by authenticating themself with their biometrics, PIN, or password. And when it comes to communications, most major messaging platforms today, such as Apple’s iMessage, Meta’s WhatsApp, and Signal, are end-to-end encrypted.

Without the key to the encrypted data, gaining access to it is nearly impossible. Nearly. Since encryption is just a really complex equation, theoretically it can be broken by a powerful enough computer, given enough time. But even for today’s most advanced supercomputers, breaking our current encryption technology would take millions or even billions of years.

The thing is, today’s supercomputers are based on classical physics. The computers of tomorrow will be based on quantum physics—and quantum computers may be able to break our current encryption protections not in eons, but in seconds.

Quantum versus classical computers

Any computer you’ve ever used is a classical computer. This is true no matter if it’s a Commodore 64 from the 1980s, an M3 MacBook Pro from 2023, or the iPhone or Android in your pocket. These computers are called classical computers because they work on the principles of classical physics.

Quantum computers, on the other hand, are based on the mechanics and principles of quantum physics—and this gives them two big advantages—speed and power. Whereas a classical computer uses bits, with each bit being either a 1 or a 0, a quantum computer uses qubits (quantum bits). And because qubits can take advantage of quantum mechanics’ strange superimposition properties, a qubit can be a 1 and a 0 at the same time. This duality makes quantum computers exponentially more powerful and faster than any classical computer in existence.

It also means a quantum computer could likely solve the encryption equation currently protecting your most sensitive health, financial, and personal data in no time at all—making today’s classical encryption practically worthless in the years ahead.

Attacks from the future

While quantum computers are likely to revolutionize specific fields including healthcare, finance, and various sciences, they also represent a threat to our data if weaponized by malicious nation-states or bad actors to break the encryption that keeps our data safe.

The good news is that today’s quantum computers aren’t advanced enough to break our current classical encryption. The bad news is that bad actors can already prepare for the day when they can use quantum computers against our data through what is known as “harvest now, decrypt later” (HNDL) attacks. 

In an HNDL attack, a threat actor scoops up our encrypted data even though they can’t crack it. However, they’ll hold on to our unreadable data until a future date when a quantum computer can do the job. Experts disagree about when quantum computers will be powerful enough to unscramble our classically encrypted data, but many believe the threshold could happen in as few as five to ten years, with the most conservative estimates being about 30 years from now.

Of course, you may say, “Who cares if some hacker can read my data 30 years from now?” But the threat HNDL attacks pose depends on the type of data and the person whose data has been harvested. For example, your social security number will be just as valuable to a hacker thirty years from now as it is today. And if you’re a journalist or activist operating in oppressive countries, your communications can put you or your contacts in danger no matter when that data is decrypted.

The threat of quantum computers and HNDL attacks are why companies such as Apple, the Signal Foundation, Meta, and Zoom have begun rolling out a new, advanced type of encryption: post-quantum encryption. 

So, what is post-quantum encryption?

Post-quantum encryption, also called post-quantum cryptography (PQC), is a new type of encryption designed to be used today to protect our data from quantum computer attacks in the future. 

Post-quantum encryption uses complex mathematics that makes it exponentially harder for tomorrow’s quantum computers to break into our data. The hope is that post-quantum encryption applied to our data today will negate HNDL attacks since even if our data is harvested by bad actors today, they still won’t be able to decrypt it with quantum computers in 10 years or 30.

The Signal Foundation gets the credit for being the first major messaging app to roll out any type of post-quantum encryption, back in 2023—a type called PQXDH. Apple followed with post-quantum encryption in iMessage earlier this year, but a more advanced form it designated as “PQ3” (Signal’s implementation would be classified as “PQ2” under this system—a less advanced version of PQC).

The bad thing about PQC is that the encryption technology is still relatively new, so there could be flaws in its design that quantum computers could exploit in the future. Also, current post-quantum encryption isn’t standardized, so every company is doing its own thing at the moment—but that should change later this year when the National Institute of Standards and Technology (NIST) finalizes its PQC standard specifications.

In short, understand this: post-quantum encryption is the next phase in data encryption. If your app or device offers it today, you may not think it’s a big deal. But thirty years from now, your data might thank you.