Post-Quantum Cryptography Glossary

A cryptographic attack strategy where adversaries intercept and store encrypted data with the intent to decrypt it in the future using quantum computers capable of breaking current RSA and ECC encryption algorithms. HNDL attacks are currently being conducted by nation-state actors with the infrastructure to archive encrypted traffic at scale.

Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) standardized as NIST FIPS 203 in August 2024. ML-KEM is a post-quantum cryptography (PQC) algorithm designed to replace RSA and ECDH for key establishment. Based on the hardness of solving lattice problems, which remain secure against both classical and quantum attacks. ML-KEM-768 provides security equivalent to AES-192.

Module-Lattice-Based Digital Signature Algorithm (ML-DSA) standardized as NIST FIPS 204 in August 2024. ML-DSA is a post-quantum digital signature scheme designed to replace RSA and ECDSA for authentication and integrity. Based on the hardness of lattice problems. ML-DSA provides three security levels (ML-DSA-44, ML-DSA-65, ML-DSA-87) corresponding to different security strengths.

Stateless Hash-Based Digital Signature Algorithm (SLH-DSA) standardized as NIST FIPS 205 in August 2024. SLH-DSA is a post-quantum digital signature scheme based on hash functions rather than lattices. Provides a mathematically conservative alternative to ML-DSA, with security based on well-understood hash function properties. Larger signature sizes than ML-DSA but requires no structured hardness assumptions.

A quantitative risk metric (0-100) developed by Qryptonic that measures an organization exposure to Harvest Now, Decrypt Later (HNDL) attacks. HNDL Score evaluates: (1) cryptographic asset inventory and quantum-vulnerable algorithm usage, (2) data sensitivity classifications and retention requirements, (3) adversary capability timelines and CRQC probability distributions, (4) PQC migration readiness and timeline feasibility. Scores above 60 indicate high risk requiring immediate PQC migration. Target HNDL Score is below 30 by 2030.

A Cryptographically-Relevant Quantum Computer (CRQC) is a quantum computer with sufficient qubits and error correction to execute Shor algorithm and break RSA-2048, ECC P-256, and other classical public-key cryptosystems. Estimates suggest a CRQC requires approximately 20 million noisy qubits or 4,000-10,000 logical qubits. The Global Risk Institute 2024 survey of 32 quantum experts estimates a 5-14% probability of CRQC capability by 2029.

Post-Quantum Cryptography (PQC) refers to cryptographic algorithms designed to be secure against attacks by both classical and quantum computers. PQC algorithms are based on mathematical problems believed to be hard for quantum computers, including lattice-based cryptography (ML-KEM, ML-DSA), hash-based signatures (SLH-DSA), code-based cryptography, and multivariate polynomial cryptography. NIST standardized the first three PQC algorithms in August 2024 as FIPS 203, 204, and 205.