Glossary
Short, precise definitions of the terms used across the wiki.
53 entries
- AES (Advanced Encryption Standard)AES is the standardized symmetric block cipher; Grover's algorithm gives only a quadratic speedup, so a 256-bit key preserves the post-quantum margin.
- Bech32mBech32m is the checksummed address encoding defined in BIP 350; it fixes a bech32 weakness and encodes taproot addresses as well as BTX addresses.
- Constant-time implementationA constant-time implementation runs in time independent of secret data, the standard defense against timing and other side-channel attacks on cryptography.
- Cryptographic agilityCryptographic agility is the ability to swap algorithms and parameters without redesigning a system, a first-class requirement of the post-quantum era.
- Cryptographic bill of materials (CBOM)A cryptographic bill of materials (CBOM) is a machine-readable inventory of the algorithms, keys, certificates, and libraries a system uses for cryptography.
- Cryptographic hash functionA cryptographic hash function maps input of any length to a fixed-size digest and must resist preimage, second preimage, and collision attacks.
- Cryptographic inventoryCryptographic inventory is the process of discovering and cataloging where cryptography is used in an organization, the first step of post-quantum migration.
- Cryptographically relevant quantum computer (CRQC)A cryptographically relevant quantum computer (CRQC) is a machine capable enough to break the public-key cryptography, such as RSA and ECC, in wide use today.
- DecoherenceDecoherence is the loss of a quantum system's coherent state through interaction with its environment, the reason quantum error correction is needed.
- Diffie-HellmanDiffie-Hellman is the 1976 key-exchange protocol that lets two parties derive a shared secret over a public channel, with security that Shor's algorithm breaks.
- Digital signature schemeA digital signature scheme binds a message to a private key holder so that anyone can verify its origin and integrity with the matching public key.
- Dilithium (CRYSTALS-Dilithium)Dilithium, formally CRYSTALS-Dilithium, is the original name of the lattice-based signature scheme NIST renamed ML-DSA and standardized in FIPS 204.
- Discrete logarithm problemThe discrete logarithm problem asks for the exponent in a modular power, underpinning Diffie-Hellman and ECDSA and solved efficiently by Shor's algorithm.
- ECDSAECDSA is the elliptic-curve digital signature used by Bitcoin and TLS; its discrete logarithm security falls to Shor's algorithm on a quantum computer.
- Ed25519Ed25519 is a fast, modern EdDSA signature scheme over Curve25519 used in SSH and TLS; it is classical and vulnerable to Shor's algorithm on a quantum computer.
- Elliptic-curve cryptography (ECC)Elliptic-curve cryptography gives public-key security with smaller keys than RSA, on a discrete logarithm problem that Shor's algorithm solves efficiently.
- EntanglementEntanglement is a quantum correlation linking two or more qubits so that their states cannot be described independently of one another.
- EUF-CMAEUF-CMA is existential unforgeability under chosen-message attack, the standard security target a digital signature scheme must meet to be considered secure.
- Fiat-Shamir transformThe Fiat-Shamir transform turns an interactive identification protocol into a non-interactive digital signature by computing the challenge as a hash.
- FORS (Forest of Random Subsets)FORS (Forest of Random Subsets) is the few-time hash-based signature that signs message digests inside the stateless standard SLH-DSA, formerly SPHINCS+.
- Forward secrecyForward secrecy keeps past session keys safe if long-term keys leak later, but it does not protect recorded traffic from future quantum decryption.
- Fujisaki-Okamoto transformThe Fujisaki-Okamoto transform turns a weakly secure encryption scheme into an IND-CCA2 secure key encapsulation mechanism, the method behind ML-KEM.
- IND-CCA2IND-CCA2 is indistinguishability under adaptive chosen-ciphertext attack, the standard security target that post-quantum key encapsulation mechanisms must meet.
- Integer factorizationInteger factorization is the problem of splitting a number into prime factors, the hardness assumption behind RSA and a target of Shor's quantum algorithm.
- KEM combinerA KEM combiner merges a classical and a post-quantum shared secret into one key that stays secure if either mechanism holds, the core of hybrid cryptography.
- Key encapsulation mechanism (KEM)A key encapsulation mechanism (KEM) uses a public key to establish a shared secret, the primitive that replaces Diffie-Hellman in post-quantum protocols.
- Key exchangeKey exchange lets two parties establish a shared secret over a public channel; quantum-vulnerable Diffie-Hellman variants are giving way to KEMs.
- Kyber (CRYSTALS-Kyber)Kyber, formally CRYSTALS-Kyber, is the original name of the lattice-based KEM that NIST renamed ML-KEM and standardized in FIPS 203 in August 2024.
- Learning With Errors (LWE)Learning With Errors (LWE) is the lattice problem of solving noisy linear equations, the hardness assumption underpinning most post-quantum encryption.
- LMS (Leighton-Micali Signature)LMS (Leighton-Micali Signature) is a stateful hash-based signature scheme defined in RFC 8554 and approved by NIST SP 800-208 for firmware signing.
- Logical qubitA logical qubit is an error-corrected qubit encoded across many physical qubits, the unit in which cryptographically relevant quantum computers are sized.
- Merkle treeA Merkle tree is a hash tree whose root commits to an entire data set, enabling compact membership proofs in hash-based signatures and blockchains.
- Module Learning With Errors (Module-LWE)Module-LWE is the structured lattice assumption behind ML-KEM and ML-DSA, tuning algebraic structure by module rank to reach each NIST security level.
- Mosca's theoremMosca's theorem is an inequality that judges post-quantum migration urgency by comparing data secrecy time, migration time, and time to a quantum computer.
- NIST security levelsNIST security levels are five strength categories for post-quantum algorithms, each anchored to the cost of attacking AES or SHA-2 at a given size.
- NTRUNTRU is the oldest practical lattice-based cryptosystem, a polynomial-ring public-key scheme from 1998 and the basis of the FN-DSA (Falcon) signature.
- Public-key cryptographyPublic-key cryptography uses key pairs for key exchange, encryption, and signatures; the deployed schemes rest on problems Shor's algorithm breaks.
- Quantum supremacyQuantum supremacy is the milestone where a quantum computer beats every classical computer at one contrived task, distinct from breaking real cryptography.
- QubitA qubit is the basic unit of quantum information, a two-level quantum system that can hold superpositions and become entangled with other qubits.
- Ring Learning With Errors (Ring-LWE)Ring-LWE is the polynomial-ring variant of Learning With Errors, trading extra algebraic structure for the compact keys and fast arithmetic PQ schemes need.
- RSARSA is a classical public-key cryptosystem based on integer factoring, securing encryption and signatures but broken by Shor's algorithm on a quantum computer.
- SHA-2SHA-2 is the widely deployed family of NIST cryptographic hash functions, including SHA-256, weakened only quadratically by Grover's algorithm.
- SHA-3SHA-3 is the Keccak-based NIST hash standard whose SHAKE extendable-output functions are used inside the ML-KEM and SLH-DSA post-quantum schemes.
- Short Integer Solution (SIS) problemThe Short Integer Solution (SIS) problem seeks a short vector a random matrix maps to zero, the dual of LWE that underlies lattice-based signatures.
- SoulboundSoulbound describes blockchain tokens or artifacts bound to one holder and not designed to be transferred, a term popularized by Vitalik Buterin in 2022.
- SPHINCS+ (SLH-DSA)SPHINCS+ is the original name of the stateless hash-based signature scheme that NIST renamed SLH-DSA and standardized in FIPS 205 in August 2024.
- SuperpositionSuperposition is the quantum property by which a qubit holds a weighted combination of 0 and 1 until measurement collapses it to one outcome.
- Surface codeThe surface code is the leading quantum error-correcting code, encoding one logical qubit in a two-dimensional grid of physical qubits.
- Symmetric cryptographySymmetric cryptography uses one shared key, as in AES; quantum attacks give only a quadratic speedup, so larger keys preserve the security margin.
- UTXOA UTXO is an unspent transaction output; the UTXO ledger model limits public key exposure per output, which shapes quantum risk on Bitcoin-style chains.
- Winternitz one-time signature (WOTS)A Winternitz one-time signature (WOTS) signs one message from a hash-based key pair and is the building block of larger hash-based signature schemes.
- X25519X25519 is the Curve25519 Diffie-Hellman function; TLS now pairs it with ML-KEM in hybrid groups such as X25519MLKEM768 for post-quantum key exchange.
- XMSS (eXtended Merkle Signature Scheme)XMSS is a stateful hash-based signature scheme standardized in RFC 8391 that arranges one-time keys under a Merkle tree for many signatures per key pair.