One day, a large enough quantum computer will solve the mathematical puzzles that today protect nearly every login, payment, message, and software update on earth. The public-key cryptography that secures the internet — RSA, elliptic-curve, Diffie–Hellman — was chosen precisely because ordinary computers cannot break it in any practical time. Quantum computers change that assumption for one specific, load-bearing family of algorithms. This series explains the whole story from first principles and then turns it into action: a structured, vendor-neutral post-quantum readiness assessment grounded in the finalised NIST standards (FIPS 203, 204, 205) and the published transition guidance, with Microsoft’s already-shipping support used as the worked example.
Every article stands on its own, is written so a newcomer can follow it while a practitioner still finds it useful, and carries a “new here / know the basics” signpost so you can read at your own level. The series is organised as six parts — a deliberate climb from a bedtime-story explanation to an enterprise migration roadmap.
What we mean by “quantum-safe”
You’ll meet several near-synonyms in this field, and they all point at the same goal. Quantum-safe, post-quantum (PQC, short for post-quantum cryptography), and quantum-resistant all describe cryptography that stays secure even against a large quantum computer. They’re used interchangeably — the difference is emphasis, not meaning.
This guide leads with quantum-safe deliberately. It’s the plain-language, outcome-focused term: the point isn’t the era (“post-quantum”) or the maths (“the algorithms”) — it’s the result you want, systems that are safe against a quantum attack. “Post-quantum” is the more formal name carried by the NIST standards (FIPS 203/204/205), so both terms appear throughout; now you know they mean the same thing.
★ New to quantum computing itself? You can jump straight to Classical vs Quantum Computers for the machine, then Qubits, Superposition & Entanglement — and pick up the cryptography basics anytime.
⚡ Securing AI workloads? The series closes with Quantum-Safe AI — why your training data, model weights, and agent-to-agent trust are exactly what quantum threatens, and how post-quantum readiness is AI security.
Foundations — start here, no knowledge assumed
What secrets, keys, encryption, and quantum computers actually are — in plain language, with pictures.
-
Foundations · Article 1
What a Secret and a Key Really Are
Before any maths: what does it mean to keep a secret, and why does modern security depend on keys rather than hidden methods? A padlock, a shared password, and a very old rule called Kerckhoffs’s principle explain the whole foundation — and set up why one kind of key is about to be in trouble.
-
Foundations · Article 2
What Encryption Really Does (and the Two Kinds of Locks)
The single most important idea in the whole series: there are two families of cryptography — one shared key (symmetric) and two matching keys (public-key). Only one of them is in real danger from quantum computers. A mailbox with a public slot and a private key makes it click.
-
Foundations · Article 3
Classical vs Quantum Computers
What actually makes a quantum computer different — bits vs qubits, no physics degree required. Why “tries everything at once” is a useful half-truth, and why a quantum computer is a strange specialist, not a faster everything-machine.
-
Foundations · Article 4
Qubits, Superposition & Entanglement
A gentle, equation-free tour of the three ideas that make a quantum computer work: superposition (being many things at once), entanglement (spooky linked coins), and measurement (why looking ruins the trick).
-
Foundations · Article 5
Shor, Grover & What Actually Breaks
The capstone: the two quantum algorithms that decide the fate of every lock online. Shor completely breaks public-key crypto (RSA, ECC, Diffie–Hellman); Grover only mildly dents symmetric encryption — and the fix for each.
The Threat — why this is urgent now
Why the danger is present-tense, and exactly which parts of the internet’s security break.
-
The Threat · Article 1
Harvest Now, Decrypt Later
The attack that has already started: adversaries record your encrypted data today and simply wait for a quantum computer to unlock it. Mosca’s inequality (X + Y > Z) shows why long-lived secrets are exposed right now — long before Q-day.
-
The Threat · Article 2
What Breaks — RSA, ECC, PKI, TLS
A tour up the “tower of trust” — from the algorithms (RSA, ECC) to the certificates and PKI built on them, to the TLS handshake that protects every web page. What quantum breaks, what survives, and the difference between confidentiality and authenticity damage.
The New Rulebook — the standards that replace them
The finalised NIST algorithms that replace the broken ones — what they are and how they work.
-
The New Rulebook · Article 1
NIST’s Post-Quantum Standards
The eight-year global competition and its result: FIPS 203, 204, and 205, finalised in August 2024. What each standard covers, the old names you’ll still hear (Kyber, Dilithium, SPHINCS+), and the transition timeline from IR 8547.
-
The New Rulebook · Article 2
ML-KEM Explained
How two strangers agree on a shared secret, quantum-safely. Key encapsulation in three steps, the Learning-With-Errors lattice puzzle that makes it hard, the three sizes (512/768/1024), and why hybrid deployment is the safe way in.
-
The New Rulebook · Article 3
ML-DSA & SLH-DSA Explained
Digital signatures that survive quantum: ML-DSA (the lattice-based workhorse) and SLH-DSA (the conservative hash-based backup). Why there are two, and the size trade-off — from ECDSA’s ~64 bytes to SLH-DSA’s many kilobytes.
-
The New Rulebook · Article 4
PQC vs QKD — New Maths or New Physics?
Two completely different answers to the quantum threat: post-quantum cryptography (harder maths, runs as software everywhere) versus quantum key distribution (new physics, special hardware). Why the security agencies recommend PQC for almost everyone.
The Readiness Assessment — the centrepiece
The structured method to find, prioritise, and score your organisation’s cryptographic exposure.
-
The Readiness Assessment · Article 1
The Readiness Methodology
The five-phase loop that organises the whole effort: Govern, Discover, Assess, Plan, and Execute & monitor. The roles involved, the CISA/NSA/NIST guidance behind it, and why it’s a repeating cycle, not a one-off project.
-
The Readiness Assessment · Article 2
Cryptographic Discovery & the CBOM
You can’t protect what you can’t see. The six hiding places for cryptography, the techniques to find it, and the Cryptographic Bill of Materials (CBOM) — a living inventory, in CycloneDX form, of every algorithm you depend on.
-
The Readiness Assessment · Article 3
Crypto-Agility
The real goal of the whole migration: systems that can swap algorithms quickly, this time and every time after. Why the last migration took a decade, and the patterns — abstraction layers, config-driven algorithms, automated certificate lifecycle — that fix it.
-
The Readiness Assessment · Article 4
Risk & Data Classification
Deciding what to migrate first. Prioritise by data shelf life (long-lived secrets are already at risk), apply Mosca’s inequality, and build a risk score that also weighs how hard each system is to change — turning a daunting inventory into a ranked register.
-
The Readiness Assessment · Article 5
Assessing Cloud, Identity, Apps & Network
A domain-by-domain field map of where cryptography actually hides: cloud services (TLS, KMS, storage), identity and IAM (tokens, certificates, federation), applications (libraries, hard-coded algorithms), and the network (VPNs, TLS termination, IPsec).
-
The Readiness Assessment · Article 6
The Maturity Model (0–5)
Turn “are we ready?” into an honest number. A six-rung ladder from Level 0 (unaware) to Level 5 (crypto-agile and continuous), each with the signal that you’ve reached it and the one next move that climbs a rung.
Migration & Governance — getting it done
Turning the plan into action, on real platforms, reported to the people who fund it.
-
Migration & Governance · Article 1
Migration Roadmaps
Turning the ranked risk register into a safe, staged plan: sequencing work into waves (quick wins, high-risk trust anchors, the long tail), using hybrid classical-plus-PQC as a safety net, and pacing it so it rides alongside normal delivery.
-
Migration & Governance · Article 2
Quantum-Safe on Microsoft Platforms
A developer’s tour of PQC arriving across the Microsoft stack: SymCrypt and Windows CNG shipping ML-KEM/ML-DSA, the new .NET types (MLKem, MLDsa, SlhDsa), AD CS phased certificate support, and Schannel TLS hybrid key exchange. What’s real today and what’s still experimental.
-
Migration & Governance · Article 3
Governance, Compliance & the Exec Report
The final skill: running the migration as a governed programme and reporting it upward. Board framing (risk, cost, timeline), mapping the work to compliance drivers and regulatory deadlines, and a one-page executive summary template that keeps it funded.
The AI Frontier — where this lands for AI-first teams
Why post-quantum readiness is AI security: long-lived data, agent trust, model provenance, and crypto-agility.
About this series
This series is vendor-neutral. The cryptography, the threat, and the readiness method are grounded in public, widely-recognised sources: the finalised NIST standards FIPS 203 (ML-KEM), FIPS 204 (ML-DSA) and FIPS 205 (SLH-DSA); NIST’s transition report IR 8547; the NSA’s CNSA 2.0 suite; and CISA/NSA quantum-readiness guidance. Where a product is named — most often Microsoft’s, because it is already shipping post-quantum support in SymCrypt, Windows CNG, Active Directory Certificate Services, Schannel/TLS, and .NET 10 — it is used as a concrete worked example of a category, not an endorsement, and the same reasoning applies to any comparable platform.
It is a companion to the security-engineering field guides elsewhere on this site: where the Anti-Patterns Catalogue asks “what design mistakes make an agent unsafe?” and Supply-Chain Trust asks “how do I trust code I bring in?”, this one asks a longer-horizon question: “will the cryptography underneath all of it still be standing in ten years — and what do I do now if not?”
More field guides
-
Field guide
Anti-Patterns Catalogue
Twenty-five named security failure modes in agentic AI (across twenty-six articles), each with a definition, a hypothetical scenario, and a layered remediation grounded in current industry frameworks.
-
Playbook
Self-Test Playbook
A paste-ready prompt pack you run against your own agent’s code, with twenty-five targeted security checks and a red-team prompt.
-
Field guide
Release Engineering
Eight chapters on shipping an agent to a customer environment: delivery models, signing, the pin file, the bootstrap repo, ephemeral runners, hygiene, cadence and rollback.
-
Field guide
Supply-Chain Trust
Judging third-party code, packages, actions, images and models before you trust them — provenance signals, independent verification, danger-surface review, and safe handling, grounded in OpenSSF, SLSA, NIST, OWASP and MITRE.