All entries
Every entry on the wiki, A to Z. 101 in total.
A
- AES (Advanced Encryption Standard)Glossary · AES is the standardized symmetric block cipher; Grover's algorithm gives only a quadratic speedup, so a 256-bit key preserves the post-quantum margin.
- Apple iMessage PQ3Migration · Apple iMessage PQ3 is a post-quantum messaging protocol with Kyber-based key establishment and ongoing rekeying, deployed to iMessage beginning March 2024.
B
- Bech32mGlossary · Bech32m is the checksummed address encoding defined in BIP 350; it fixes a bech32 weakness and encodes taproot addresses as well as BTX addresses.
- BIKEStandards · BIKE is a code-based key-encapsulation mechanism using QC-MDPC codes with compact keys, not chosen by NIST in round 4 due to decoding-failure-rate concerns.
- bonuz walletEcosystem · bonuz wallet is the first mobile wallet available for the BTX blockchain, offering iOS and Android apps with built-in qID sign-in support.
- Browser post-quantum adoptionMigration · Browser post-quantum adoption traces how Chrome, Firefox, Edge, and Safari enabled hybrid ML-KEM key exchange in TLS, from 2023 experiments to default rollout.
- BTXEcosystem · BTX is a post-quantum blockchain forked from Bitcoin Knots that signs transactions with ML-DSA and SLH-DSA and uses MatMul proof of work.
- BTX dropsEcosystem · BTX drops are collectible releases issued on the BTX blockchain via the BZA1 artifact standard; this index lists drops as they become public.
- BTXScanEcosystem · BTXScan is the block explorer for the BTX blockchain at btxscan.io, covering blocks, transactions, addresses, the mempool, and network charts.
- BZA1 (BTX Artifacts standard)Ecosystem · BZA1 is a standard for issuing on-chain artifacts on BTX that carries collectible data in an OP_RETURN payload while ownership follows the coin.
C
- Classic McElieceStandards · Classic McEliece is a code-based key-encapsulation mechanism from 1978, the oldest unbroken post-quantum scheme, with very large keys and tiny ciphertexts.
- Code-based cryptographyFoundations · Code-based cryptography builds encryption on the hardness of decoding random linear codes, from McEliece in 1978 to the NIST-selected HQC KEM.
- Constant-time implementationGlossary · A constant-time implementation runs in time independent of secret data, the standard defense against timing and other side-channel attacks on cryptography.
- Cryptographic agilityGlossary · Cryptographic agility is the ability to swap algorithms and parameters without redesigning a system, a first-class requirement of the post-quantum era.
- Cryptographic bill of materials (CBOM)Glossary · A cryptographic bill of materials (CBOM) is a machine-readable inventory of the algorithms, keys, certificates, and libraries a system uses for cryptography.
- Cryptographic hash functionGlossary · A cryptographic hash function maps input of any length to a fixed-size digest and must resist preimage, second preimage, and collision attacks.
- Cryptographic inventoryGlossary · Cryptographic inventory is the process of discovering and cataloging where cryptography is used in an organization, the first step of post-quantum migration.
- Cryptographically relevant quantum computer (CRQC)Glossary · A cryptographically relevant quantum computer (CRQC) is a machine capable enough to break the public-key cryptography, such as RSA and ECC, in wide use today.
D
- DecoherenceGlossary · Decoherence is the loss of a quantum system's coherent state through interaction with its environment, the reason quantum error correction is needed.
- Diffie-HellmanGlossary · Diffie-Hellman is the 1976 key-exchange protocol that lets two parties derive a shared secret over a public channel, with security that Shor's algorithm breaks.
- Digital signature schemeGlossary · A digital signature scheme binds a message to a private key holder so that anyone can verify its origin and integrity with the matching public key.
- Dilithium (CRYSTALS-Dilithium)Glossary · Dilithium, formally CRYSTALS-Dilithium, is the original name of the lattice-based signature scheme NIST renamed ML-DSA and standardized in FIPS 204.
- Discrete logarithm problemGlossary · The discrete logarithm problem asks for the exponent in a modular power, underpinning Diffie-Hellman and ECDSA and solved efficiently by Shor's algorithm.
E
- ECDSAGlossary · ECDSA is the elliptic-curve digital signature used by Bitcoin and TLS; its discrete logarithm security falls to Shor's algorithm on a quantum computer.
- Ed25519Glossary · Ed25519 is a fast, modern EdDSA signature scheme over Curve25519 used in SSH and TLS; it is classical and vulnerable to Shor's algorithm on a quantum computer.
- Elliptic-curve cryptography (ECC)Glossary · Elliptic-curve cryptography gives public-key security with smaller keys than RSA, on a discrete logarithm problem that Shor's algorithm solves efficiently.
- EntanglementGlossary · Entanglement is a quantum correlation linking two or more qubits so that their states cannot be described independently of one another.
- EUF-CMAGlossary · EUF-CMA is existential unforgeability under chosen-message attack, the standard security target a digital signature scheme must meet to be considered secure.
- EVXEcosystem · EVX is a private EVM-compatible layer 2 associated with the BTX ecosystem, with a testnet live since July 2026 that is not publicly accessible.
F
- Fiat-Shamir transformGlossary · The Fiat-Shamir transform turns an interactive identification protocol into a non-interactive digital signature by computing the challenge as a hash.
- FN-DSA / FalconStandards · FN-DSA is the planned FIPS 206 standard for the Falcon signature scheme, an NTRU-lattice design with the smallest keys and signatures among NIST selections.
- FORS (Forest of Random Subsets)Glossary · FORS (Forest of Random Subsets) is the few-time hash-based signature that signs message digests inside the stateless standard SLH-DSA, formerly SPHINCS+.
- Forward secrecyGlossary · Forward secrecy keeps past session keys safe if long-term keys leak later, but it does not protect recorded traffic from future quantum decryption.
- FrodoKEMStandards · FrodoKEM is a key-encapsulation mechanism built on plain, unstructured LWE, trading larger keys and slower operations for a conservative security margin.
- Fujisaki-Okamoto transformGlossary · The Fujisaki-Okamoto transform turns a weakly secure encryption scheme into an IND-CCA2 secure key encapsulation mechanism, the method behind ML-KEM.
G
H
- Harvest now, decrypt laterFoundations · Harvest now, decrypt later is an attack in which encrypted data is recorded today so it can be decrypted once quantum computers can break the encryption.
- Hash-based signaturesFoundations · Hash-based signatures derive their security only from hash functions, spanning stateful XMSS and LMS and the stateless NIST standard SLH-DSA.
- HQCStandards · HQC is a code-based key-encapsulation mechanism selected by NIST in March 2025 as a backup to ML-KEM, adding non-lattice diversity to the PQC standards.
- Hybrid cryptography (PQ/T hybrid)Migration · Hybrid cryptography combines a classical algorithm with a post-quantum one so that security holds as long as either component remains unbroken.
I
- IND-CCA2Glossary · IND-CCA2 is indistinguishability under adaptive chosen-ciphertext attack, the standard security target that post-quantum key encapsulation mechanisms must meet.
- Integer factorizationGlossary · Integer factorization is the problem of splitting a number into prime factors, the hardness assumption behind RSA and a target of Shor's quantum algorithm.
- Is Bitcoin quantum safe?Blockchain · An evidence-based look at Bitcoin's quantum exposure: which coins have revealed public keys, how fast an attacker must be, and the proposed fixes.
- Isogeny-based cryptographyFoundations · Isogeny-based cryptography builds on maps between supersingular elliptic curves; SIDH and SIKE were broken in 2022, leaving CSIDH and SQIsign.
K
- KEM combinerGlossary · A KEM combiner merges a classical and a post-quantum shared secret into one key that stays secure if either mechanism holds, the core of hybrid cryptography.
- Key encapsulation mechanism (KEM)Glossary · A key encapsulation mechanism (KEM) uses a public key to establish a shared secret, the primitive that replaces Diffie-Hellman in post-quantum protocols.
- Key exchangeGlossary · Key exchange lets two parties establish a shared secret over a public channel; quantum-vulnerable Diffie-Hellman variants are giving way to KEMs.
- Kyber (CRYSTALS-Kyber)Glossary · Kyber, formally CRYSTALS-Kyber, is the original name of the lattice-based KEM that NIST renamed ML-KEM and standardized in FIPS 203 in August 2024.
L
- Lattice-based cryptographyFoundations · Lattice-based cryptography builds encryption and signatures on hard lattice problems such as LWE and underpins the NIST standards ML-KEM and ML-DSA.
- Learning With Errors (LWE)Glossary · Learning With Errors (LWE) is the lattice problem of solving noisy linear equations, the hardness assumption underpinning most post-quantum encryption.
- liboqsMigration · liboqs is an open source C library from the Open Quantum Safe project that provides a unified API for post-quantum key encapsulation and signature schemes.
- LMS (Leighton-Micali Signature)Glossary · LMS (Leighton-Micali Signature) is a stateful hash-based signature scheme defined in RFC 8554 and approved by NIST SP 800-208 for firmware signing.
- Logical qubitGlossary · A logical qubit is an error-corrected qubit encoded across many physical qubits, the unit in which cryptographically relevant quantum computers are sized.
M
- Merkle treeGlossary · A Merkle tree is a hash tree whose root commits to an entire data set, enabling compact membership proofs in hash-based signatures and blockchains.
- ML-DSA (FIPS 204)Standards · ML-DSA is the module-lattice digital signature algorithm of FIPS 204, formerly CRYSTALS-Dilithium, and the primary post-quantum signature recommendation.
- ML-KEM (FIPS 203)Standards · ML-KEM is the module-lattice key-encapsulation mechanism of FIPS 203, formerly CRYSTALS-Kyber, and the default post-quantum key establishment method.
- Module Learning With Errors (Module-LWE)Glossary · Module-LWE is the structured lattice assumption behind ML-KEM and ML-DSA, tuning algebraic structure by module rank to reach each NIST security level.
- Mosca's theoremGlossary · Mosca's theorem is an inequality that judges post-quantum migration urgency by comparing data secrecy time, migration time, and time to a quantum computer.
- Multivariate cryptographyFoundations · Multivariate cryptography builds signatures on the hardness of solving multivariate quadratic equations, from the broken Rainbow to the surviving UOV and MAYO.
N
- NIST Post-Quantum Cryptography StandardizationStandards · NIST's multi-year process to standardize post-quantum cryptography, from the 2016 call for proposals to FIPS 203, 204, and 205 and the 2025 HQC selection.
- NIST security levelsGlossary · NIST security levels are five strength categories for post-quantum algorithms, each anchored to the cost of attacking AES or SHA-2 at a given size.
- NTRUGlossary · NTRU is the oldest practical lattice-based cryptosystem, a polynomial-ring public-key scheme from 1998 and the basis of the FN-DSA (Falcon) signature.
O
P
- PKI migration to post-quantumMigration · PKI migration to post-quantum cryptography replaces RSA and ECDSA across roots, chains, HSMs, and CT logs, guided by NIST IR 8547 and its 2030 to 2035 timeline.
- Post-quantum algorithm comparisonStandards · Reference comparison of ML-KEM, ML-DSA, SLH-DSA, FN-DSA, and HQC against RSA and elliptic-curve cryptography on sizes, speed, and security basis.
- Post-quantum blockchains (survey)Blockchain · A neutral survey of post-quantum signatures on blockchains, from QRL, Algorand, and BTX to Bitcoin and Ethereum research, with schemes and status compared.
- Post-quantum cryptographyFoundations · Post-quantum cryptography is the field of cryptographic algorithms designed to resist attacks by both classical computers and future quantum computers.
- Post-quantum cryptography librariesMigration · Post-quantum cryptography libraries compared in one directory: liboqs, PQClean, OpenSSL, BoringSSL, AWS-LC, wolfSSL, Bouncy Castle, CIRCL, and reference code.
- Post-quantum SSHMigration · Post-quantum SSH covers OpenSSH hybrid key exchange, sntrup761x25519 since 2022 and ML-KEM based mlkem768x25519, protecting sessions from future quantum attack.
- Post-quantum TLSMigration · Post-quantum TLS adds quantum-resistant key exchange to TLS 1.3 through hybrid groups such as X25519MLKEM768, now protecting a large share of web traffic.
- PQ WalletEcosystem · PQ Wallet is a desktop wallet for the BTX blockchain, available for Windows, macOS, and Linux, using post-quantum signature keys throughout.
- PQCleanMigration · PQClean is a repository of clean, portable C implementations of post-quantum schemes from the NIST standardization project, used by liboqs and other libraries.
- Public-key cryptographyGlossary · Public-key cryptography uses key pairs for key exchange, encryption, and signatures; the deployed schemes rest on problems Shor's algorithm breaks.
Q
- Q-DayFoundations · Q-Day is the hypothetical future date when a cryptographically relevant quantum computer can break RSA and elliptic curve cryptography in practice.
- qIDEcosystem · qID is an open-source post-quantum identity and sign-in system whose identity keys are the same post-quantum keys used on the BTX blockchain.
- qID ConnectEcosystem · qID Connect is a connection layer in development that lets BTX applications request sign-in and transaction approvals from a user's wallet.
- Quantum computerFoundations · A quantum computer processes information with qubits and quantum effects; current machines remain far from breaking deployed public key cryptography.
- Quantum computers and proof-of-work miningBlockchain · Grover's algorithm gives only a quadratic speedup on proof-of-work hashing, so quantum mining stays impractical against ASIC fleets for the foreseeable future.
- Quantum key distribution (QKD)Foundations · Quantum key distribution (QKD) uses quantum physics to share encryption keys; the NSA and UK NCSC recommend post-quantum cryptography instead.
- Quantum supremacyGlossary · Quantum supremacy is the milestone where a quantum computer beats every classical computer at one contrived task, distinct from breaking real cryptography.
- Quantum threat to ECDSABlockchain · Shor's algorithm solves the elliptic curve discrete logarithm behind ECDSA in polynomial time; published estimates need about 2330 logical qubits.
- QubitGlossary · A qubit is the basic unit of quantum information, a two-level quantum system that can hold superpositions and become entangled with other qubits.
R
- Ring Learning With Errors (Ring-LWE)Glossary · Ring-LWE is the polynomial-ring variant of Learning With Errors, trading extra algebraic structure for the compact keys and fast arithmetic PQ schemes need.
- RSAGlossary · RSA is a classical public-key cryptosystem based on integer factoring, securing encryption and signatures but broken by Shor's algorithm on a quantum computer.
S
- SHA-2Glossary · SHA-2 is the widely deployed family of NIST cryptographic hash functions, including SHA-256, weakened only quadratically by Grover's algorithm.
- SHA-3Glossary · SHA-3 is the Keccak-based NIST hash standard whose SHAKE extendable-output functions are used inside the ML-KEM and SLH-DSA post-quantum schemes.
- Shor's algorithmFoundations · Shor's algorithm factors integers and computes discrete logarithms in polynomial time on a quantum computer, breaking RSA, Diffie-Hellman, and ECDSA.
- Short Integer Solution (SIS) problemGlossary · The Short Integer Solution (SIS) problem seeks a short vector a random matrix maps to zero, the dual of LWE that underlies lattice-based signatures.
- Side-channel attacks on post-quantum cryptographyMigration · Side-channel attacks recover secrets from the timing, power, or electromagnetic behavior of a post-quantum implementation, not from breaking its math.
- Signal PQXDHMigration · Signal PQXDH is the Signal Protocol post-quantum initial key agreement, combining X25519 with Kyber since September 2023 to resist harvest now, decrypt later.
- SLH-DSA (FIPS 205)Standards · SLH-DSA is the stateless hash-based signature scheme of FIPS 205, formerly SPHINCS+, valued for resting only on well-studied hash function security.
- SoulboundGlossary · Soulbound describes blockchain tokens or artifacts bound to one holder and not designed to be transferred, a term popularized by Vitalik Buterin in 2022.
- SPHINCS+ (SLH-DSA)Glossary · SPHINCS+ is the original name of the stateless hash-based signature scheme that NIST renamed SLH-DSA and standardized in FIPS 205 in August 2024.
- SuperpositionGlossary · Superposition is the quantum property by which a qubit holds a weighted combination of 0 and 1 until measurement collapses it to one outcome.
- Surface codeGlossary · The surface code is the leading quantum error-correcting code, encoding one logical qubit in a two-dimensional grid of physical qubits.
- Symmetric cryptographyGlossary · Symmetric cryptography uses one shared key, as in AES; quantum attacks give only a quadratic speedup, so larger keys preserve the security margin.
T
U
W
X
- X25519Glossary · X25519 is the Curve25519 Diffie-Hellman function; TLS now pairs it with ML-KEM in hybrid groups such as X25519MLKEM768 for post-quantum key exchange.
- XMSS (eXtended Merkle Signature Scheme)Glossary · XMSS is a stateful hash-based signature scheme standardized in RFC 8391 that arranges one-time keys under a Merkle tree for many signatures per key pair.