Skip to main content
Solana Qubits logoSolana QubitsStake with Us
← Resources

Education~13 min read

Post-Quantum Cryptography Explained Like I’m 5

An ELI5 Guide by Solana Qubits

A beginner-friendly guide to post-quantum cryptography: why quantum computers may change digital security, what new cryptographic tools are being developed, and why blockchains should pay attention.

ELI5 focus

This guide explains post-quantum cryptography as new digital locks for a future with more powerful computers.

Non-hype caveat

This is not a claim that Solana or blockchains are currently broken by quantum computers.

Standards context

NIST has finalized initial PQC standards, but real migration is careful engineering work, not a one-click switch.

Imagine every website, wallet, bank app, and secure message is protected by a lock. Today, those locks are built from math problems that are very hard for ordinary computers to solve.

Post-quantum cryptography is about designing new digital locks for a future where some computers may be much better at solving certain math problems. The goal is not panic. The goal is preparation.

Most post-quantum cryptography does not need a quantum computer. It usually runs on ordinary computers, phones, servers, wallets, and networks — but it is designed with future quantum attacks in mind.

1. Why future computers may force us to upgrade digital locks

The internet uses cryptography everywhere. It helps protect login sessions, secure websites, software updates, private messages, payment systems, and blockchain wallets.

A lot of today’s public-key cryptography depends on math problems that ordinary computers cannot solve quickly enough to be useful for attackers. That is why we can safely use public keys, digital signatures, and secure connections at global scale.

Quantum computers are different from classical computers. If researchers eventually build sufficiently large, reliable, fault-tolerant quantum computers, some of today’s public-key systems could become weaker than we want them to be.

Post-quantum cryptography is the careful work of upgrading those digital locks before the future problem becomes a practical emergency.

2. Short version / key idea

The simple version is this:

Old lock: hard for ordinary computers today.
Future risk: powerful quantum computers may open some old locks.
New lock: post-quantum cryptography, designed for ordinary computers but tested against known quantum attacks.

This does not mean everything is unsafe today. It means serious infrastructure teams should know where cryptography is used, track standards, test migrations, and avoid waiting until the last minute.

3. What cryptography is

Cryptography is the science of protecting information with math. It is not only about hiding messages. It also helps prove who signed something and helps two computers agree on a shared secret without shouting that secret across the internet.

  1. Encryption

    Encryption is like putting a message inside a locked box. Someone without the right key should not be able to read it.

  2. Digital signatures

    A digital signature is like a special stamp that proves a message, transaction, or software update was approved by the holder of a private key.

  3. Key exchange / agreeing on a secret

    Key exchange lets two computers agree on a secret key even if someone is watching the conversation. That shared secret can then protect a session, such as an encrypted web connection.

Blockchains rely heavily on digital signatures because users prove ownership and authorize transactions with keys.

4. Why today’s digital locks work

Many public-key systems are based on one-way math. One direction is easy. The reverse direction is extremely hard without secret information.

A simple analogy: mixing paint is easy, but separating mixed paint back into the exact original colors is hard. Public-key cryptography uses much more precise math than paint, but the idea is similar: easy one way, hard backward.

For classical computers, the reverse problems behind systems such as RSA and elliptic curve cryptography are believed to be impractical at strong key sizes. That belief is based on decades of public research, testing, and attacks that did not find an efficient classical shortcut for properly used systems.

Cryptography is never “magic forever.” It is a living field. Algorithms, key sizes, implementations, protocols, and best practices can change as research improves.

5. Where quantum computers come in

Quantum computers use quantum bits, or qubits. They are not just faster regular computers. They can use quantum behavior to solve certain special problems in new ways.

The important phrase is certain special problems. Quantum computers do not automatically break every password, every database, every blockchain, or every encryption system.

But some of the math problems used by major public-key systems are exactly the kind of problems that powerful future quantum computers could attack more efficiently than classical computers.

6. What a powerful quantum computer could threaten

When people talk about quantum risk in cryptography, they usually mean a sufficiently powerful, error-corrected quantum computer that can run algorithms relevant to today’s public-key systems.

Such a future machine could threaten systems that depend on integer factoring, discrete logarithms, or elliptic curve discrete logarithms.

  • RSA, used in some public-key encryption and signatures;
  • elliptic curve cryptography, often used for signatures and key agreement;
  • some public-key signature schemes;
  • some key exchange mechanisms used to create encrypted sessions.

This is why standards bodies and security agencies are preparing new public-key tools. The focus is not that everything breaks today. The focus is that long-lived infrastructure needs time to inventory, test, deploy, and replace cryptography safely.

7. Everything is not unsafe today

A calm explanation is important: practical quantum attacks against well-deployed modern public-key systems are not something normal users can perform today with a laptop or a cloud account.

Large, reliable, fault-tolerant quantum computers are extremely difficult engineering projects. Building, correcting, and controlling enough useful qubits is a major scientific and engineering challenge.

So the right message is not “everything is broken.” The right message is “start preparing carefully because security migrations take years.”

This is especially true for large ecosystems, critical infrastructure, and public networks where many wallets, apps, hardware devices, libraries, validators, exchanges, and users must coordinate changes.

8. What “post-quantum” means

Post-quantum cryptography means cryptography designed to resist attacks from both classical computers and future quantum computers, based on what researchers know today.

The name can be confusing. It does not usually mean “cryptography that uses a quantum computer.” Most PQC algorithms run on ordinary classical computers.

A website, phone, wallet, server, or blockchain client could use post-quantum cryptography without having any quantum hardware inside it.

A careful wording is important: PQC is designed to resist known quantum attacks. It is not a guarantee that an algorithm will be safe forever. Cryptographic confidence grows through years of public analysis, standardization, implementation testing, and real-world deployment experience.

9. Quantum cryptography vs post-quantum cryptography

These two phrases sound similar, but they mean different things.

  1. Quantum cryptography

    This usually means security tools that use quantum physics directly, such as quantum key distribution in specialized communication systems.

  2. Post-quantum cryptography

    This means cryptographic algorithms for ordinary computers that are designed to remain secure against known attacks from future quantum computers.

For ordinary internet protocols, apps, wallets, and blockchains, post-quantum cryptography is usually the more relevant migration topic because it can fit into classical software and hardware systems.

10. Main families of post-quantum cryptography

Researchers do not rely on only one idea. They study multiple families of math problems because cryptographic diversity matters.

  1. Lattice-based cryptography

    Uses problems involving points in high-dimensional mathematical grids called lattices. This family is important in several NIST-standardized tools.

  2. Hash-based signatures

    Uses cryptographic hash functions to build digital signatures. These can be conservative and well-studied, but signatures can be larger or have different tradeoffs than today’s common schemes.

  3. Code-based cryptography

    Uses problems related to error-correcting codes. This family has a long research history and can involve large public keys depending on the scheme.

  4. Multivariate cryptography

    Uses systems of many polynomial equations. Some proposals have been broken over time, so public analysis and conservative review are important.

  5. Isogeny-based cryptography

    Uses maps between elliptic curves. This family is interesting but has seen major research setbacks for some proposals, which is why migration decisions should follow vetted standards and current expert review.

Different families have different tradeoffs: key size, signature size, speed, maturity, implementation complexity, and confidence from cryptanalysis.

11. NIST standardization: ML-KEM, ML-DSA, and SLH-DSA

NIST has been running a public process to evaluate and standardize post-quantum cryptographic algorithms. The first finalized standards are important because they give governments, vendors, protocol designers, and infrastructure teams concrete options to test and adopt.

  1. ML-KEM

    A key-encapsulation mechanism. In simple terms, it helps two parties agree on a shared secret for encryption. It is standardized in NIST FIPS 203.

  2. ML-DSA

    A digital signature algorithm based on module lattices. It is standardized in NIST FIPS 204.

  3. SLH-DSA

    A stateless hash-based digital signature algorithm. It is standardized in NIST FIPS 205.

Standardization does not mean every system changes overnight. It means the industry has better-defined building blocks for testing, protocol design, implementation work, and gradual migration planning.

12. “Harvest now, decrypt later”

Some encrypted information must stay private for a long time: government records, health records, business secrets, identity data, or sensitive infrastructure communications.

An attacker could copy encrypted traffic today, store it, and wait for better technology in the future. If the encryption or key exchange used today becomes breakable later, old captured data might become readable later. This idea is often called harvest now, decrypt later.

That risk is one reason agencies such as CISA encourage planning early. Systems with long-lived confidentiality requirements may need different timelines from systems where data stops being sensitive quickly.

13. Why blockchains should pay attention

Blockchains are public systems built around cryptographic ownership. Users prove control of accounts with private keys and digital signatures. Validators and nodes verify those signatures according to the protocol rules.

That does not mean blockchains are currently broken by quantum computers. It means blockchain ecosystems should treat post-quantum cryptography as a long-term security and infrastructure topic.

  • wallets manage keys and signing flows;
  • transactions depend on digital signatures;
  • key ownership must remain clear and verifiable;
  • public ledgers keep history visible for a long time;
  • protocol migrations can be complex because many independent participants must upgrade safely.

A blockchain migration is not just swapping a library. It can affect accounts, transaction formats, signature verification, fees, hardware wallets, mobile wallets, explorers, exchanges, custody systems, developer tools, and user education.

14. What this means for Solana

For Solana, post-quantum cryptography should be viewed as a long-term research and engineering topic, not a claim of urgent breakage or an announcement of a specific migration plan.

A high-performance blockchain has to care about more than whether an algorithm is mathematically interesting. It also has to care about performance, signature size, key size, transaction size, verification cost, storage, wallet UX, developer ergonomics, hardware support, and ecosystem coordination.

Post-quantum signatures may have different tradeoffs from current signatures. Larger signatures or keys can matter when a network processes many transactions and tries to keep fees, bandwidth, and user experience practical.

This article does not claim that Solana has an exact post-quantum migration schedule. It simply explains why the topic belongs in long-term infrastructure literacy.

15. What normal users should do today

Normal users do not need to panic or move funds because of a scary headline about quantum computers. The most practical security work today is still basic wallet hygiene.

  • keep wallets, apps, browsers, and devices updated;
  • protect seed phrases and private keys offline;
  • never type seed phrases into random websites, forms, chats, or support messages;
  • use official project channels for security updates;
  • avoid phishing links and fake wallet prompts;
  • do not trust social posts that claim an urgent secret migration is required unless official sources confirm it.

For most people, phishing and key theft are much more immediate risks than a future quantum computer. Good security habits matter now and will still matter in a post-quantum world.

16. Common myths

Myth 1: “Quantum computers will break everything”

No. Quantum computers are expected to be powerful for some special problems, not every problem. Many systems also use symmetric cryptography and hash functions, which have different quantum considerations than public-key signatures and key exchange. They may still require security-level and parameter review.

Myth 2: “Post-quantum cryptography is safe forever”

No. PQC is designed against known attacks and reviewed by experts, but cryptography always requires continued research, implementation testing, and updates when needed.

Myth 3: “PQC needs quantum computers”

No. Post-quantum algorithms usually run on ordinary computers. They are called post-quantum because they are designed for a world where attackers may have quantum computers.

Myth 4: “If the threat is not here today, it is too early”

Not always. Large security migrations can take years, and some data needs to remain confidential for years. Planning early is different from panicking.

Myth 5: “Just choose a new algorithm and done”

No. Real systems need standards, libraries, audits, protocol changes, hardware support, monitoring, fallbacks, user education, and careful rollout plans.

17. A simple city and locks analogy

Imagine a city where every house has a strong lock. The locks work well because thieves only have normal tools.

Now imagine engineers learn that, someday, a new kind of tool might open some old locks much faster. The tool is not common today, but the city is huge and replacing locks takes time.

A calm city does not run into the street yelling that every house is open. It starts an inventory: which locks are used where, which doors protect long-term valuables, which new locks are tested, and how to replace locks without locking people out of their own homes.

That is post-quantum migration. It is not panic. It is careful city planning for digital locks.

18. Why this matters for Solana Qubits

Solana Qubits is focused on Solana validator infrastructure today while also exploring long-term computation, security, and technology literacy.

Post-quantum cryptography fits that mission because it connects cryptography, infrastructure, wallets, protocols, user education, and future risk management.

The useful role today is not to overclaim or scare people. It is to explain the topic clearly, link to reliable sources, and help the community understand why long-term security planning matters.

19. Key takeaways

  • Post-quantum cryptography means new cryptographic tools for ordinary computers, designed to resist known attacks from future quantum computers.
  • The main concern is public-key cryptography, especially signatures and key exchange mechanisms that rely on math problems vulnerable to powerful quantum algorithms.
  • NIST has finalized initial PQC standards including ML-KEM, ML-DSA, and SLH-DSA.
  • PQC is not guaranteed safe forever; it needs ongoing review, testing, and careful implementation.
  • Blockchains should pay attention because wallets, signatures, public history, and protocol migrations make cryptographic changes complex.
  • This is a long-term infrastructure topic, not a claim that Solana or blockchains are currently broken by quantum computers.

20. Mini glossary

Cryptography

Math and engineering used to protect information, prove identity, and secure communication.

Public key

A key that can be shared publicly. Other people can use it to verify signatures or help establish secure communication, depending on the system.

Private key

A secret key that must be protected. In wallets, control of the private key usually means control of the account.

Digital signature

A cryptographic proof that a message or transaction was approved by the holder of a private key.

Key exchange

A method for two parties to agree on a shared secret over an untrusted network.

Quantum computer

A computer that uses quantum behavior to solve certain types of problems differently from ordinary computers.

Post-quantum cryptography

Cryptography for ordinary computers that is designed to remain secure against known attacks from future quantum computers.

ML-KEM

A NIST-standardized key-encapsulation mechanism for helping parties establish shared secrets.

ML-DSA

A NIST-standardized lattice-based digital signature algorithm.

SLH-DSA

A NIST-standardized stateless hash-based digital signature algorithm.

21. Final thought

Post-quantum cryptography is not science fiction and not a reason to panic. It is a practical security transition that the internet, critical infrastructure, and blockchain ecosystems should understand early.

The best approach is careful: learn the concepts, follow reputable standards bodies, test changes, avoid hype, and keep today’s basic security habits strong.

For Solana Qubits, this topic belongs next to validator operations and ecosystem education because long-term infrastructure security starts with clear understanding.

Continue reading

Disclaimer

This material is educational and simplified. It is not a cryptographic engineering specification, a security audit, financial advice, or an official migration plan for Solana or any blockchain. Post-quantum cryptography and quantum computing research continue to evolve, so verify current official sources before making security or infrastructure decisions.