← Back to Forge
🔧

Forge 101

New algorithms explained

🔒 How Encryption Works Today

Today's encryption relies on math problems that are very hard to solve. A regular computer would need billions of years to crack them. That is what keeps your data safe.

The two most common systems are called RSA and elliptic curve (ECC). They protect web traffic, email, banking, and more.

⚠️ Quantum Computers Change Everything

Quantum computers solve certain math problems in a completely different way. The specific problems that RSA and ECC depend on are exactly the kind quantum computers are good at.

A powerful enough quantum computer could break RSA and ECC in hours instead of billions of years.

⚠️ RSA and ECC protect nearly all encrypted communication today. Both will be vulnerable to quantum computers.

🕵️ Harvest Now, Decrypt Later

This is the biggest concern right now. Attackers can record encrypted data today and save it. When quantum computers arrive, they can decrypt everything they saved.

Data with long lifetimes is most at risk: medical records, government secrets, financial data, and legal documents.

💡 Think of it this way
Someone copies your locked safe today. The lock is too hard to pick right now. But in a few years, a new tool makes it easy. They open the copy and read everything inside.

When Will This Happen?

Nobody knows for certain. NSA guidance (CNSA 2.0) plans for quantum capability by 2035. Some experts think sooner. The point is not the exact date. The point is that data recorded today may still matter when that day arrives.

🧮 Different Problems, Same Job

The fix is simple in concept: use math problems that quantum computers also find hard. These new algorithms do the same jobs as the old ones. They just use different math underneath.

🔓
Old (Quantum Vulnerable)

RSA, ECDSA, X25519

🔐
New (Quantum Safe)

ML-KEM, ML-DSA, SLH-DSA

🏛️ NIST Picked the Winners

NIST (the U.S. standards agency) ran an eight-year competition. Researchers worldwide submitted algorithms. NIST tested, attacked, and evaluated each one. The final standards were published in August 2024.

  • 🔑ML-KEM (FIPS 203) — Key exchange. Used when two computers agree on a shared secret to encrypt a conversation. Replaces ECDH and X25519.
  • ✍️ML-DSA (FIPS 204) — Digital signatures. Used to sign certificates and documents. Replaces RSA and ECDSA signatures.
  • 🛡️SLH-DSA (FIPS 205) — Hash-based signatures. A backup option built on different math, just in case the primary algorithms have a flaw.
These are not experimental. They are published NIST standards with assigned FIPS numbers. They are ready for production use.

📦 The Trade-Off: Size

The new algorithms produce larger keys and signatures. This is the main practical difference you will notice. The math needs more room.

RSA-2048
Key
256 B
ML-KEM-768
Key
1.2 KB
ECDSA
Sig
64 B
ML-DSA-65
Sig
3.3 KB
📊 Keys are about 5x larger. Signatures are about 50x larger. This affects bandwidth, storage, and handshake time.

🔀 Hybrid Mode: Use Both

You do not have to choose one or the other. Hybrid mode runs the old algorithm and the new algorithm at the same time. If either one holds, your data stays safe.

🔐
X25519 + ML-KEM-768

The most common hybrid for TLS. Already supported in Chrome, Firefox, and Cloudflare.

🛡️
Why Hybrid?

If the new math has a flaw, the old math still protects you. If quantum breaks the old math, the new math protects you.

Hybrid mode is the recommended approach during the transition. It gives you quantum safety without giving up classical protection.