Quantum computing (QC) is a new computing model that follows the laws of quantum mechanics to control quantum information units for computing. Unlike traditional computing, quantum computing follows the laws of quantum mechanics and is a new computing model that can break through the bottleneck of traditional computing power. Quantum computers, as devices that perform quantum computing tasks, use quantum bits (qubits) as basic computing units. In quantum computing, based on the principle of quantum superposition, different states of quantum bits can be stored and processed simultaneously. The incredible and rapidly increasing power and capabilities of quantum computing are already changing the way we use computers to solve problems, analyze information, and protect data.
Post-Quantum Cryptography is a mathematical cryptographic system that can be implemented on existing computers and resist attacks from future quantum computers. Its algorithm is based on mathematical problems that are difficult to crack with quantum computing, such as lattice cryptography, multivariate polynomials, and coding theory. It can be compatible with existing systems through a hybrid encryption mechanism. Although it may take several years for a quantum computer to truly function, it is still possible to deal with the security threats of "harvest now, decrypt later", it requires the adoption of PQC algorithms now to protect important data from various current and future forms of attacks, whether using traditional computers or future quantum computers.
The US NIST released three PQC standards in August 2024:
(1) ML-KEM: A Module-Lattice based Key Encapsulation Mechanism algorithm, an asymmetric cryptosystem. ML-KEM has been used as a key exchange for HTTPS and quantum- resistant public key cryptography.
(2) ML-DSA: A digital signature algorithm based on Module-Lattice, which uses Fiat-Shamir with Aborts to resist quantum attacks. Its key and signature sizes are moderate, and the signature is fast, and the signature validation is even faster.
(3) SLH-DSA: A hash-based digital signature algorithm that uses HORST and W-OTS to resist quantum attacks and has the advantage of shorter public and private keys, although the signature is longer than ML-DSA.
ZT Browser and ZoTrus Gateway support the ECC+MLKEM and SM2+MLKEM hybrid key encapsulation mechanism for HTTPS.
ZoTrus CA creates ECC+MLDSA and SM2+MLDSA hybrid root CA certificates and sub-CA certificates to issue hybrid SSL certificates.
ZT Browser and ZoTrus Gateway support PQC hybrid algorithm, to realize adaptive PQC algorithm HTTPS encryption.
ZoTrus CA creates pure PQC algorithm (MLDSA) root CA certificate and sub-CA certificates to issue pure PQC SSL certificates.
ZT Browser and ZoTrus Gateway support pure PQC algorithm, to realize pure PQC algorithm HTTPS encryption.
ZT Browser and ZoTrus Gateway support China PQC algorithm, to realize China PQC algorithm HTTPS encryption.
ZoTrus has created full ecosystem of HTTPS PQC products, supporting China/Intl’ PQC algorithms, achieves seamless PQC migration.