Cryptography & Security

The Post-Quantum Transition Accelerates | December 2025

On August 13, 2024, NIST released the first three post-quantum cryptography standards. On March 11, 2025, they selected HQC as a backup algorithm. Between these announcements, Chrome switched to ML-KEM, Apple announced quantum-resistant iMessage, Signal became the first major messaging app with post-quantum key exchange, and Zama became the first fully homomorphic encryption (FHE) unicorn at $1 billion valuation. The cryptographic infrastructure protecting the next century is being built in the open.

NIST Post-Quantum Standards

FIPS 203: ML-KEM

ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism), based on CRYSTALS-Kyber, is the primary standard for key exchange. Security relies on the Module Learning with Errors problem. Three parameter sets: ML-KEM-512 (NIST Level 1), ML-KEM-768 (Level 3), and ML-KEM-1024 (Level 5).

FIPS 204 and 205: Digital Signatures

FIPS 204 (ML-DSA) provides lattice-based digital signatures. FIPS 205 (SLH-DSA) offers hash-based signatures as a conservative alternative relying on minimal cryptographic assumptions.

HQC: The Backup (March 2025)

NIST selected HQC (Hamming Quasi-Cyclic) for standardization as a backup to ML-KEM. "We want a backup standard based on a different math approach," NIST explained. HQC uses code-based cryptography rather than lattices—if lattice problems prove vulnerable, code-based alternatives survive. Final standard expected 2027.

Production Deployments

Chrome and the Web

Chrome 131 (November 2024) switched from experimental Kyber to finalized ML-KEM. Cloudflare working with Chrome to test Merkle tree-based post-quantum authentication by end of 2025.

Signal and Apple

Signal implemented PQXDH, becoming the first large-scale messaging app with post-quantum security in initial key establishment. Apple's PQ3 protocol for iMessage goes further—incorporating quantum-resistant algorithms into ongoing ratcheting, not just initialization. iOS 26, macOS Tahoe 26, and visionOS 26 will support quantum-secure TLS 1.3.

Cloud Infrastructure

AWS provides ML-KEM through AWS-LC, their FIPS-validated cryptographic library. Hybrid ML-KEM cipher suites enable migration while maintaining backward compatibility.

The urgency: "harvest now, decrypt later" attacks. Adversaries collect encrypted traffic today, betting future quantum computers will break current encryption.

Fully Homomorphic Encryption Reaches Production

In June 2025, Zama reached $1 billion valuation—the first FHE unicorn—with $57M funding led by Pantera and Blockchange. FHE enables computation on encrypted data: servers process information they never see in plaintext.

Zama's Breakthroughs

• Performance - 100x faster than at launch, supporting most on-chain payment use cases
• Scalability - Hundreds of transactions per second on GPUs; dedicated chip targeting tens of thousands TPS
• Developer experience - Supports Solidity and existing blockchain environments
• Quantum-resistant - Underlying TFHE crypto-scheme resistant to quantum attacks

Zama's Confidential Blockchain Protocol and public testnet launched alongside the funding, enabling developers to build confidential applications on Ethereum (via FHEVM) with Solana support in 2026.

Apple's FHE Deployment

Apple deployed homomorphic encryption at scale for Live Caller ID Lookup (March 2025)—the first major consumer FHE deployment. Users query a spam database without revealing their phone number; Apple never sees the numbers being checked.

IACR FHE Research (2025)

Recent presentations: "Apple's Deployment of Homomorphic Encryption at Scale" (March), "007: End-to-End Encrypted Audio Calls via Blind Audio Mixing" (March), "Practical TFHE Ciphertext Sanitization" (May). New FHE constructions for large integers achieve 2,000x better multiplication throughput than TFHE-rs for 256-bit arithmetic.

Zero-Knowledge Proofs in Production

Ethereum ZK-Rollups

ZK-rollups process transactions off-chain and generate cryptographic proofs verifiable on Ethereum mainnet. Major deployments:

• zkSync Era - $100M+ TVL, general-purpose smart contracts
• StarkNet - Cairo language for ZK-native development
• Polygon zkEVM - EVM-equivalent execution with ZK proofs

ZK Applications Beyond Blockchain

Zero-knowledge credentials prove facts without revealing underlying data. Applications: age verification without showing ID, credential verification without exposing history, KYC compliance as "Know This Fact About Your Customer."

Migration Timelines

• United States: Full migration by 2035; NSA mandated quantum-resistant algorithms for certain applications starting 2025
• Australia: Aggressive 2030 deadline set in 2024
• United Kingdom: Matched US 2035 timeline early 2025
• European Union: 2030-2035 depending on application category

Where to Find Cryptography Research

IACR Resources

• Cryptology ePrint Archive - Preprints on all cryptology topics
• ToSC - Transactions on Symmetric Cryptology (diamond open access)
• TCHES - Transactions on Cryptographic Hardware and Embedded Systems

NIST Resources

• Post-Quantum Cryptography Project
• NIST IR 8545 - Fourth round status report

Why Cryptography Opens Its Research

Cryptography presents a paradox: a field devoted to secrets that publishes openly. Only algorithms that survive sustained attack deserve trust. Papers appear on ePrint without peer review; the community provides scrutiny. A flawed scheme attracts attacks within days.

The algorithms protecting internet traffic for the next decades were finalized through eight years of public competition and thousands of researcher-hours of analysis. This open process—not secrecy—is why ML-KEM, HQC, and the signature schemes can be trusted with long-term secrets.