In the next wave of cybersecurity, one phrase is going to be heard more often: "quantum-safe." As quantum computing evolves from theory into practice, our existing cryptographic foundations are under threat. Let's explore what post-quantum cryptography (PQC) means and why it is critical for authentication and FIDO standards. 

What is Post-Quantum Cryptography? 

At its core, PQC is the set of cryptographic algorithms designed to remain secure even in the presence of large-scale quantum computers. Traditional public-key systems like RSA and elliptic-curve cryptography (such as ECDSA or ECDH) are secure because classical computers would need an enormous amount of time to factor large integers or solve discrete logarithm problems.  

Quantum computers change that. Instead of working only with bits that are strictly 0 or 1, they use qubits, which can exist in multiple states at the same time through superposition. By orchestrating quantum interference, these systems can reinforce correct solutions while canceling out incorrect ones, enabling them to explore complex problem spaces more efficiently than classical processors.  

Algorithms like Shor's algorithm take advantage of this capability, enabling a sufficiently powerful quantum computer to solve the mathematical problems underlying RSA and ECC dramatically faster, reducing what would take classical machines thousands or millions of years into something that could be done in a feasible timeframe. 

To use an analogy: imagine that today your house is protected by a lock whose key is essentially a very long number; classical burglars (classical computers) would need millions of years trying combinations. A quantum burglar (quantum computer), however, might have a tool that finds the correct key in minutes. PQC means replacing today's lock (and key) with one built on a mechanism the burglar's quantum tool cannot open.  

The National Institute of Standards and Technology (NIST) has already approved multiple PQC standards to replace key-establishment and digital-signature algorithms. These work via mathematical problems hard enough for both classical and quantum computers (e.g., lattice problems, hash-based signatures). 

Why Does PQC Matter for Authentication? 

Authentication standards such as FIDO2 (and the underlying protocols like WebAuthn + CTAP) are built around public-key cryptography. Hardware security keys (FIDO keys) issue, register, and verify cryptographic credentials to authenticate users. If the signature algorithm or key-exchange mechanism is broken by a quantum adversary, the entire authentication assurance collapses. 

Steps Being Taken: 

• The FIDO Alliance has recognized this risk and is actively working to integrate PQC into its specifications and enable a smooth transition path. 
• Standards bodies (e.g., IANA/COSE) have added PQC algorithm support in authentication frameworks. 
• In the hardware-token space, proofs of concept of PQC-enabled FIDO tokens are emerging. 

What Are the Major PQC Algorithm Families? 

Lattice-based cryptography 

Most of the leading PQC standards are built on lattice problems such as Learning With Errors (LWE) and Module-LWE.These mathematical structures create extremely hard search problems that remain resistant to both classical and quantum attacks. 

Hash-based signatures 

These schemes rely on the security of cryptographic hash functions arranged in trees or chains. Because hashes are one-way and highly resistant to quantum speedups, hash-based signatures remain a reliable and conservative foundation for long-term security. 

Code-based, multivariate, and isogeny-based cryptography 

These represent alternative mathematical approaches still used or evaluated in PQC. Code-based systems, in particular, have decades of research behind them. NIST selected the code-based HQC algorithm as a backup to ensure diversity across cryptographic assumptions.

Key PQC Algorithms to Know  

CRYSTALS-Kyber (ML-KEM) — A NIST-approved key-encapsulation mechanism used for key exchange and encryption. 

CRYSTALS-Dilithium (ML-DSA) — NIST's choice for post-quantum digital signatures.  

SPHINCS+ (SLH-DSA) — A hash-based signature scheme included in the first wave of PQC standards for its long-studied, conservative security properties. 

HQC — A code-based backup KEM chosen to diversify the mathematical foundations of post-quantum security. 

Key Implementation Considerations for FIDO and Hardware Authenticators 

Transitioning authentication hardware to PQC involves more than swapping one algorithm for another. Practical constraints include: 

Signature and key sizes 

PQC keys and signatures are often larger than RSA or ECC. This affects secure-element memory, bandwidth over CTAP/WebAuthn, and authentication latency. 

Performance and power consumption 

PQC algorithms must be efficient enough to run quickly without draining power or reducing user experience. 

Protocol compatibility 

Standards like FIDO2, WebAuthn, and CTAP must evolve to support PQC algorithms. This includes new COSE identifiers and updated data structures.  

Crypto-agility 

Because PQC is still maturing, authenticators must support multiple algorithms and allow future upgrades. The FIDO Alliance continues to emphasize crypto-agility as a core requirement for long-term resilience. 

How FEITIAN Is Preparing for a Quantum-Safe Future 

At FEITIAN, we believe strong authentication must be both versatile and future-proof. As quantum computing advances, we're taking tangible steps to ensure our hardware remains secure for the long term.  

We've built a FIDO prototype designed specifically for post-quantum resilience. It can be implemented as a dual-interface (USB + NFC) FIDO security key and is powered by the world's first Common Criteria–certified chip. Our prototype uses NIST-approved FIPS algorithms for post-quantum cryptography, aligning our development with emerging global standards. 

Why Preparing Now Matters 

Migrating to PQC isn't a quick fix. Authentication hardware has long lifespans; protocols evolve slowly, and organizations rely on cryptographic stability. Transitioning the world to quantum-safe algorithms will take years, which is why the work must begin now. 

• Standards are being finalized. 
• Vendors are building prototypes. 
• Hardware ecosystems are preparing their next generation of devices.  

The organizations that get ahead of this shift will be the ones best positioned to protect users and data as quantum computing matures. 

The Quantum-Safe Road Ahead 

Quantum computing will unlock breakthroughs in science, AI, and medicine. But it also brings a new class of risks that the security industry must address head-on. At FEITIAN, we're already building the next generation of hardware-backed authentication, designed to stand strong in the post-quantum era.