Key insight
Encryption comes in two families. Symmetric (one shared key — a lockbox, e.g. AES) is fast, protects the bulk of your data, and is by quantum computers. Public-key (a matching public/private pair — a mailbox, e.g. RSA and elliptic-curve) lets strangers agree on secrets and prove identity, and is exactly what quantum breaks. Real systems use both together. “Quantum breaks encryption” really means: it breaks the mailbox, not the lockbox.
A quantum computer barely dents the shared-key lockbox that scrambles your actual data, but it shatters the public-key mailbox that lets strangers set up a secret and prove who they are — and that mailbox is what the whole internet runs on.
In the previous article we learned that security lives in the key, and that keys come in two shapes. Now we make those two shapes concrete, because the difference between them is the hinge the entire quantum story swings on. We will use one picture the whole way through: a mailbox.
Family one: the shared lockbox (symmetric)
Symmetric encryption means “same”: both people use the same secret key. Picture a sturdy lockbox with a single lock. You and a friend each hold an identical copy of the one key. You drop a message in, lock it, send it; your friend unlocks it with their matching copy. Lock and unlock use the same key.
This family is fast and strong, which is why it does the heavy lifting: the actual contents of your messages, the files encrypted on your laptop, the video you stream, the data in a database at rest — almost all of it is protected by symmetric encryption. The standard everyone uses is called AES (the Advanced Encryption Standard), typically with a key 128 or 256 bits long.
But recall its nagging weakness: both sides must already share the identical key. If you have never met and can only talk over a line that eavesdroppers are tapping, how do you agree on that key without the tapper hearing it? That single question is what the second family exists to answer.
Family two: the magical mailbox (public-key)
Public-key encryption (also called asymmetric, meaning “not the same”) gives each person a pair of keys that belong together but are different: a public key and a private key.
Picture a special mailbox standing on the street:
- It has a slot in the top that anyone walking past can post a letter into. That slot is your public key — you can tell the whole world where your mailbox is.
- It has a locked door at the bottom, and only you hold its key. That is your private key, which never leaves your pocket.
Now the magic: anyone can post you a private message through the slot, but only you can open the door to read what accumulates inside — even though you and the sender never met and never agreed on any secret beforehand. Publishing the location of your slot (your public key) does nothing to help a thief open the door (your private key). That is what breaks the chicken-and-egg problem of the lockbox: strangers can now send you secrets over a completely open, tapped line.
The classic public-key schemes are RSA (named after its inventors Rivest, Shamir and Adleman; built on the difficulty of un-multiplying large primes) and elliptic-curve cryptography, or ECC (built on a related “one-way street” on a curve). Their close cousin Diffie–Hellman lets two parties mix public and private values to arrive at a shared secret neither one sent in the clear.
The mailbox works because posting and retrieving rely on a maths operation that is easy forwards, brutally hard backwards. For RSA: multiply two large primes together — easy. Take the product and recover the two primes (“factoring”) — effectively impossible for today’s computers when the numbers are big enough, because no efficient (polynomial-time) classical factoring method is known and the effort grows exponentially with the number’s length. Your public key is derived from the product; your private key from the primes. The slot reveals the product; the door needs the primes. The entire safety of the mailbox is the belief that nobody can un-multiply quickly. Remember that belief — it is precisely what a quantum computer overturns.
The same trick in reverse: digital signatures
Run the mailbox backwards and you get something just as important. If you lock a message with your private key, then anyone can verify it with your public key — and the fact that it verifies proves it could only have come from you. That is a digital signature. It is how your device confirms a software update genuinely came from its maker, how a website proves it is really your bank and not an impostor, and how documents are signed in a way that cannot be forged or denied.
Signatures matter enormously for the quantum story, because they are also public-key cryptography — and so they are on the danger list too. That is why the new standards later in this series include a dedicated signature algorithm (ML-DSA) alongside a key-exchange one (ML-KEM).
How real systems use both at once
Here is the elegant part: real systems do not choose one family — they combine them, using each for what it is best at. When your browser connects to a website (the little padlock, TLS), this happens in about a tenth of a second:
- Public-key is used once, at the start, to let the two strangers — your browser and the server — agree on a fresh shared secret over the open line, and to let the server prove its identity with a signature.
- They then switch to fast symmetric encryption (AES), using that freshly agreed shared key, for the actual data — every page, image, and keystroke of the session.
So public-key is the handshake that sets things up and proves identity; symmetric is the workhorse that protects the bulk. This division of labour is exactly why the quantum threat is so surgical: it strikes the handshake, not the workhorse.
Which family does quantum break?
Now the payoff. A quantum computer running the right algorithm affects the two families completely differently:
- Public-key (the mailbox and signatures — RSA, ECC, Diffie–Hellman) — catastrophically broken. A different quantum algorithm (Shor’s) runs the “one-way street” efficiently backwards. It un-multiplies the primes; it solves the elliptic-curve puzzle. The private door falls open from the public slot alone. There is no “just use a bigger key” rescue — the whole approach must be replaced.
This asymmetry (pun intended) is the reason the entire global response — the NIST standards, the vendor roadmaps, your organisation’s readiness assessment — is about replacing the public-key handshake and signatures while leaving symmetric bulk encryption almost untouched. We will see precisely how Shor and Grover differ in the “Shor and Grover” article, but you already have the headline.
Side by side
| Symmetric — the lockbox | Public-key — the mailbox | |
|---|---|---|
| Keys | One shared secret key | A public + private pair |
| Everyday picture | Two copies of one key | Public slot, private door |
| Great at | Encrypting the bulk of data, fast | Strangers agreeing a secret; proving identity |
| Common names | AES | RSA, ECC, Diffie–Hellman |
| The catch | Must share the key first | Slower; relies on a one-way maths street |
| Quantum impact | Mild — use a bigger key | Broken — must be replaced |
- Symmetric encryption (AES)
- One shared key locks and unlocks. Protects the bulk of data. AES = Advanced Encryption Standard, the mainstream symmetric cipher. Quantum: mildly affected.
- Public-key / asymmetric encryption (RSA, ECC)
- A public key anyone can use, a private key only you hold. Enables key agreement and signatures. RSA = Rivest–Shamir–Adleman (its three inventors); ECC = Elliptic-Curve Cryptography. Quantum: broken.
- Diffie–Hellman (DH)
- A public-key method for two parties to agree a shared secret over an open line.
- Digital signature
- Public-key run in reverse to prove a message’s origin and integrity.
- TLS (Transport Layer Security)
- The protocol behind the browser padlock; uses public-key to set up, then symmetric for the session.
What to carry forward
- Two families: symmetric (shared lockbox, AES) and public-key (mailbox, RSA/ECC).
- Real systems combine them: public-key handshake + symmetric workhorse.
- Quantum hits public-key hard (replace it) and symmetric mildly (bigger key).
- “Quantum breaks encryption” precisely means: it breaks the mailbox and signatures, not the lockbox.
Next: Classical vs Quantum Computers → — what actually makes a quantum machine able to run that one-way street backwards.
Understand it in your own words
Paste this into any AI assistant to test yourself:
I'm learning how encryption works before studying the quantum threat.
Quiz me on these, one question at a time, and correct me gently:
1. Explain symmetric vs public-key encryption using the "lockbox" and
"mailbox" analogies in my own words.
2. Why can I safely publish my public key to the whole world?
3. When my browser opens an https website, which family sets up the
connection and which family protects the actual data — and why?
4. A quantum computer is coming. Which family do I need to REPLACE, and
which one just needs a BIGGER KEY? Explain the intuition for each.
5. What is a digital signature, and why is it also on the quantum
danger list?
References & further reading
- NIST, Advanced Encryption Standard (AES), FIPS 197 — the symmetric standard. csrc.nist.gov
- R. Rivest, A. Shamir, L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” 1978 — RSA.
- W. Diffie and M. Hellman, “New Directions in Cryptography,” 1976 — public-key key agreement.
- NIST, Post-Quantum Cryptography FAQs — why public-key is the focus and symmetric only needs larger keys. csrc.nist.gov
- NSA, Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) — recommended symmetric key sizes and post-quantum public-key algorithms. nsa.gov/cybersecurity