# Types of encryption

Cryptography is the field that studies how to secure information. The security goals of the end users can be different and relate to secrecy, data integrity, authentication and non-repudiation.

Today’s cryptography

Most of today’s cryptographic protocols are secure through hard mathematical problems like the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. This is the case for the most popular public key cryptosystems. However, some of these problems are not hard for quantum computers. In particular, a quantum computer implementing Shor’s algorithm can solve the examples above exponentially faster than a classical one. Hence, while some instances of these problems cannot be tackled by today’s most powerful supercomputer, a powerful quantum computer could tackle them and, in consequence, break public key cryptosystems.

Quantum cryptography

Quantum cryptography studies how to secure information leveraging quantum resources. The most important example is quantum key distribution (see page 17). It provides secure keys to distant parties that can, in turn, be used to achieve fully secure communication. When exchanging keys through quantum key distribution, eavesdroppers are detected immediately, and the exchange can be aborted.

Classical post-quantum cryptography

(also referred to as quantum-proof or quantum-resistant cryptography)

Classical post-quantum cryptography proposes classical cryptosystems that are expected to be secure against attacks from quantum computers. One example is symmetric encryption schemes, which is only moderately affected by quantum computers. A quantum computer running Grover’s algorithm can search for the secret key faster than a classical computer, but the speedup is moderate. It is believed that by doubling the key lengths current symmetric cryptosystems will remain safe even against quantum computers. Other solutions are lattice-based cryptography, hash-based cryptography, code-based cryptography, multi-variate cryptography and supersingular isogeny-based cryptography.