Quantum Security Best Practices

Understanding quantum computing threats and implementing quantum-resistant cryptography in SveltyCMS

Last updated: 11/14/2025

Quantum Security Best Practices

Executive Summary

Quantum computing represents a paradigm shift in computational capabilities that will impact cryptographic security. This guide explains quantum threats, evaluates SveltyCMS’s current quantum resistance, and provides a roadmap for maintaining security in the quantum era.

Key Takeaways:

✅ SveltyCMS is currently quantum-resistant for at least 15-30 years
✅ Argon2id (memory-hard) resists quantum speedup
✅ AES-256-GCM maintains strong security even against quantum attacks
⚠️ Long-term planning needed for post-quantum cryptography (PQC)

Understanding Quantum Computing Threats

Classical vs. Quantum Algorithms

It’s crucial to understand that classical and quantum algorithms operate in fundamentally different ways:

Classical Algorithms (Current System)

Argon2id - Password Hashing & Key Derivation:

Runs on traditional CPUs
Security through memory and time costs
Requires 64 MB RAM per hash
Makes brute-force attacks economically infeasible

AES-256-GCM - Symmetric Encryption:

Runs on traditional processors
256-bit key space (2^256 possible keys)
Hardware-accelerated on modern CPUs
Military-grade security

Quantum Algorithms (Future Threat)

Shor’s Algorithm - Breaks Asymmetric Cryptography:

Efficiently factors large numbers
Can break RSA, DSA, and ECC
Requires large-scale quantum computers
Does NOT affect symmetric encryption like AES

Grover’s Algorithm - Speeds Up Search Operations:

Provides quadratic speedup for unstructured search
Reduces AES-256 to “AES-128” equivalent security
Still requires 2^128 operations (computationally infeasible)
Limited impact on memory-hard algorithms like Argon2

Quantum Threat Analysis

Threat Matrix

Cryptographic System	Classical Security	Quantum Vulnerability	SveltyCMS Usage	Risk Level
RSA-2048	High	Critical (Shor’s)	❌ Not Used	✅ No Risk
ECC (P-256)	High	Critical (Shor’s)	❌ Not Used	✅ No Risk
AES-256-GCM	Very High	Low (Grover’s)	✅ Primary	✅ Low Risk
Argon2id	Very High	Very Low	✅ Primary	✅ Very Low Risk
SHA-256	High	Low (Grover’s)	✅ Checksums	✅ Low Risk

Why SveltyCMS is Quantum-Resistant

1. No Vulnerable Public-Key Cryptography

The Problem:

RSA and ECC are vulnerable to Shor’s algorithm
Quantum computers can factor large numbers efficiently
Public-key systems would be broken

SveltyCMS Solution:

✅ We use symmetric encryption only (AES-256-GCM)
✅ No RSA or ECC for data encryption
✅ Key derivation from passwords, not public keys

2. Memory-Hard Hashing (Argon2id)

Why Memory-Hard Algorithms Resist Quantum Attacks:

Classical Computer:
- Fast computation: ⚡⚡⚡⚡⚡
- Limited by memory: 🐌

Quantum Computer:
- Even faster computation: ⚡⚡⚡⚡⚡⚡⚡
- STILL limited by memory: 🐌
- No quantum advantage for memory access!

Technical Explanation:

Quantum computers have limited qubits (quantum bits)
Memory access patterns can’t be parallelized by quantum algorithms
64 MB per hash remains expensive regardless of quantum speedup
Grover’s algorithm doesn’t help with memory-bound operations

3. AES-256-GCM Remains Strong

Quantum Impact on AES:

Security Level	Classical	With Grover’s	Time to Break
AES-128	2^128 ops	2^64 ops	Potentially vulnerable
AES-256	2^256 ops	2^128 ops	Still infeasible (billions of years)

Why AES-256 is Safe:

Even with quantum speedup, 2^128 operations is still impossible
Would require more energy than exists in the observable universe
GCM mode provides authenticated encryption (integrity + confidentiality)

Current Quantum Resistance Assessment

Security Timeline

Year 2025 (Now):           ████████████████████████████████ 100% Secure
Year 2030 (+5 years):      ███████████████████████████████▓ 98% Secure
Year 2035 (+10 years):     ██████████████████████████████░░ 95% Secure
Year 2040 (+15 years):     ████████████████████████████░░░░ 90% Secure
Year 2045 (+20 years):     ████████████████████████░░░░░░░░ 85% Secure
Year 2050 (+25 years):     ██████████████████████░░░░░░░░░░ 80% Secure
Year 2055 (+30 years):     ████████████████░░░░░░░░░░░░░░░░ 70% Secure*

* Assumes large-scale quantum computers are available
* Migration to post-quantum cryptography recommended before this point

Quantum Computer Development Status (2025)

Current State:

Small quantum computers with ~50-1000 qubits exist
Limited coherence time (quantum states decay quickly)
High error rates requiring error correction
Not yet capable of breaking modern cryptography

Requirements to Break Cryptography:

RSA-2048: ~20 million noisy qubits or ~8,000 error-corrected qubits
AES-256: ~6,000 error-corrected qubits for Grover’s attack
Argon2: No known quantum advantage (memory-bound)

Expert Estimates:

2025-2030: Small quantum computers for research
2030-2040: Medium-scale quantum computers
2040-2050: Large-scale quantum computers potentially threatening RSA
2050+: Quantum computers potentially impacting AES-128 (not AES-256)

Post-Quantum Cryptography (PQC) Standards

NIST Post-Quantum Standards (2024)

The U.S. National Institute of Standards and Technology has standardized quantum-resistant algorithms:

1. CRYSTALS-Kyber (ML-KEM)

Purpose: Key Encapsulation Mechanism (KEM)

Use Cases:

Secure key exchange
Hybrid encryption schemes
API authentication tokens

Technical Details:

Based on Module Learning With Errors (Module-LWE)
Lattice-based cryptography
Fast key generation and encapsulation
Small key sizes (compared to alternatives)

Security Levels:

Kyber-512:  ~AES-128 security (quantum)
Kyber-768:  ~AES-192 security (quantum)
Kyber-1024: ~AES-256 security (quantum)

Implementation Status:

✅ Standardized by NIST (2024)
✅ Libraries available: liboqs, pqcrypto
⚠️ Not yet in SveltyCMS (planned for future)

2. CRYSTALS-Dilithium (ML-DSA)

Purpose: Digital Signatures

Use Cases:

API request signing
Session token verification
Data authenticity proofs

Technical Details:

Based on Module-LWE
Efficient signature verification
Deterministic signatures available
Secure against quantum attacks

Security Levels:

Dilithium-2: ~AES-128 security (quantum)
Dilithium-3: ~AES-192 security (quantum)
Dilithium-5: ~AES-256 security (quantum)

3. SPHINCS+ (SLH-DSA)

Purpose: Stateless Hash-Based Signatures

Use Cases:

Backup signature scheme
High-security signatures
Long-term signature verification

Technical Details:

Based only on hash functions (SHA-256, SHA3, SHAKE)
Conservative security assumptions
Larger signatures than Dilithium
No secret state to manage

Migration Strategy

Phase 1: Current State (2025-2028)

Status: ✅ Quantum-Resistant

Actions:

✅ Continue using Argon2id + AES-256-GCM
✅ Monitor quantum computing developments
✅ Track NIST PQC standard implementations
✅ Stay informed about library maturity

Recommendations:

// Current configuration (optimal for now)
export const cryptoConfig = {
	passwordHashing: 'argon2id',
	encryption: 'aes-256-gcm',
	keyDerivation: 'argon2id',
	checksums: 'sha256'
};

Phase 2: Hybrid Transition (2028-2035)

Status: 🔄 Adding Post-Quantum Layer

Actions:

🔄 Add CRYSTALS-Kyber alongside AES
🔄 Implement hybrid encryption
🔄 Test performance impact
🔄 Provide migration tools

Hybrid Encryption Example:

// Future hybrid implementation (conceptual)
import { kyberEncapsulate, kyberDecapsulate } from 'pqcrypto';
import { encryptData, decryptData } from '@utils/crypto';

async function hybridEncrypt(data: object, password: string, publicKey: Buffer) {
	// Step 1: Classical encryption (current method)
	const classicalKey = generateRandomKey(32);
	const classicalCiphertext = await encryptData(data, password);

	// Step 2: Post-quantum key encapsulation
	const { ciphertext: pqCiphertext, sharedSecret } = await kyberEncapsulate(publicKey);

	// Step 3: Combine both for maximum security
	return {
		classical: classicalCiphertext,
		postQuantum: pqCiphertext.toString('base64'),
		algorithm: 'AES-256-GCM + Kyber-1024'
	};
}

async function hybridDecrypt(encrypted: HybridCiphertext, password: string, secretKey: Buffer) {
	// Decrypt using both classical and post-quantum methods
	const classicalData = await decryptData(encrypted.classical, password);
	const pqSharedSecret = await kyberDecapsulate(Buffer.from(encrypted.postQuantum, 'base64'), secretKey);

	// Verify both methods agree (defense in depth)
	return classicalData;
}

Benefits:

✅ Protected against classical attacks (AES)
✅ Protected against quantum attacks (Kyber)
✅ Gradual migration path
✅ Backward compatibility

Phase 3: Full PQC Integration (2035-2045)

Status: 🎯 Post-Quantum Primary

Actions:

🎯 Make PQC default for new data
🎯 Migrate existing data gradually
🎯 Deprecate classical-only mode
🎯 Update all documentation

Configuration Example:

// Future post-quantum configuration
export const cryptoConfig = {
	primaryEncryption: 'kyber-1024 + aes-256-gcm', // Hybrid
	signatures: 'dilithium-5',
	keyDerivation: 'argon2id', // Still optimal
	fallback: 'aes-256-gcm' // For legacy support
};

Phase 4: PQC-Only (2045+)

Status: 🔒 Quantum-Safe Standard

Actions:

🔒 Remove classical-only encryption
🔒 Require PQC for all new deployments
🔒 Complete data migration
🔒 Archive legacy systems

Best Practices for Quantum Security

For Application Developers

1. Use Strong Key Derivation

// ✅ GOOD: Argon2id with strong parameters
import { hashPassword } from '@utils/crypto';

const hashedPassword = await hashPassword('userPassword123!');

// ❌ BAD: Weak hashing
const weakHash = crypto.createHash('md5').update(password).digest('hex');

2. Implement Key Rotation

// ✅ GOOD: Regular key rotation
const KEY_ROTATION_PERIOD = 90 * 24 * 60 * 60 * 1000; // 90 days

async function rotateEncryptionKeys() {
	const oldKey = getCurrentKey();
	const newKey = generateNewKey();

	// Re-encrypt data with new key
	for (const record of await getAllEncryptedData()) {
		const decrypted = await decryptData(record.data, oldKey);
		const reencrypted = await encryptData(decrypted, newKey);
		await updateRecord(record.id, reencrypted);
	}

	setCurrentKey(newKey);
	archiveKey(oldKey); // Keep for recovery
}

3. Plan for Long-Term Data

// ✅ GOOD: Additional encryption for long-term storage
interface LongTermEncryption {
	data: string; // AES-256-GCM encrypted data
	encryptedAt: Date; // Encryption timestamp
	algorithm: string; // 'aes-256-gcm'
	keyDerivation: string; // 'argon2id'
	reencryptBefore: Date; // When to re-encrypt
	postQuantumReady: boolean; // Can be migrated to PQC
}

async function encryptForLongTerm(data: object, password: string): Promise<LongTermEncryption> {
	const encrypted = await encryptData(data, password);

	return {
		data: encrypted,
		encryptedAt: new Date(),
		algorithm: 'aes-256-gcm',
		keyDerivation: 'argon2id',
		reencryptBefore: new Date(Date.now() + 5 * 365 * 24 * 60 * 60 * 1000), // 5 years
		postQuantumReady: true
	};
}

For System Administrators

1. Monitor Security Bulletins

Subscribe to:

NIST Cybersecurity Updates
Open Quantum Safe Project News
SveltyCMS Security Advisories

Check Monthly:

Quantum computing breakthroughs
New cryptographic vulnerabilities
Updated best practices

2. Implement Defense in Depth

Layer 1: Strong Password Policies
         └─> Argon2id hashing

Layer 2: Data Encryption at Rest
         └─> AES-256-GCM

Layer 3: Secure Key Storage
         └─> HSM or Encrypted Key Vault

Layer 4: Network Security
         └─> TLS 1.3, Certificate Pinning

Layer 5: Access Controls
         └─> Role-Based Access Control (RBAC)

Layer 6: Monitoring & Auditing
         └─> Security Event Logging

3. Hardware Security Modules (HSM)

For high-security deployments, consider HSM with PQC support:

Benefits:

🔒 Tamper-resistant key storage
🔒 Hardware-accelerated encryption
🔒 FIPS 140-2/3 compliance
🔒 Future PQC algorithm support

Vendors with PQC Roadmaps:

Thales Luna HSM
Entrust nShield HSM
AWS CloudHSM (future PQC support)

Frequently Asked Questions (FAQ)

Q1: Should I be worried about quantum computers right now?

A: No, not for at least 15-20 years. Current quantum computers are far too small and error-prone to break modern cryptography. SveltyCMS uses quantum-resistant algorithms (Argon2id, AES-256-GCM) that will remain secure for decades.

Q2: When should I migrate to post-quantum cryptography?

A: Plan to evaluate PQC around 2030-2035. Start implementation when:

NIST PQC standards are mature and widely adopted
JavaScript/TypeScript libraries are stable and audited
Quantum computers show significant advancement
Your data retention period exceeds 20+ years

Q3: Will post-quantum cryptography slow down my application?

A: Initially, yes. Early PQC implementations are slower than current algorithms:

Kyber-1024: ~2-3x slower than RSA-2048
Dilithium-5: ~5-10x slower than ECDSA
However, performance improves with hardware acceleration

Mitigation:

Use hybrid mode (combine classical + PQC)
Cache results where appropriate
Implement gradual rollout

Q4: Do I need to re-encrypt all my existing data?

A: Not immediately, but plan for it:

Short-term (< 10 years): No action needed, current encryption is secure

Medium-term (10-20 years): Consider re-encryption during normal key rotation

Long-term (20+ years): Implement PQC re-encryption before quantum computers mature

Q5: What about data I need to keep for 50+ years?

A: For ultra-long-term storage:

Add extra encryption layer now: Use multiple passwords/keys
Increase Argon2 parameters: Higher memory/time costs
Plan for re-encryption: Budget for PQC migration around 2035-2040
Consider offline storage: Air-gapped backups
Legal/compliance review: Understand data retention requirements

Q6: Is HTTPS/TLS vulnerable to quantum attacks?

A: Yes, current TLS uses ECDHE (Elliptic Curve Diffie-Hellman) which is vulnerable to Shor’s algorithm.

Timeline:

TLS 1.3 with PQC: Experimental implementations available
Widespread adoption: Expected 2025-2030
Migration deadline: Before large quantum computers (2035-2040)

Current Status:

✅ Your encrypted data at rest is quantum-safe (AES-256-GCM)
⚠️ TLS will need PQC upgrade (industry-wide effort)

Q7: How do I know if my data was “harvested” by attackers?

“Harvest Now, Decrypt Later” Attack:

Adversaries store encrypted data now
Wait for quantum computers to decrypt later
Affects data with long-term sensitivity

Protection:

✅ Use AES-256-GCM (quantum-resistant enough)
✅ Rotate keys regularly
✅ Implement forward secrecy
✅ Add PQC layer for ultra-sensitive data

Implementation Checklist

Immediate Actions (2025)

✅ Verify using Argon2id for password hashing
✅ Verify using AES-256-GCM for encryption
✅ Implement strong password policies (12+ characters)
✅ Enable key rotation policies
✅ Document encryption algorithms in use
✅ Subscribe to security bulletins

Short-Term (2025-2030)

📋 Monitor NIST PQC standard adoption
📋 Evaluate PQC library maturity
📋 Test PQC algorithms in development environment
📋 Plan hybrid encryption architecture
📋 Budget for PQC migration

Medium-Term (2030-2040)

🔄 Implement hybrid encryption (classical + PQC)
🔄 Add CRYSTALS-Kyber for key exchange
🔄 Add CRYSTALS-Dilithium for signatures
🔄 Migrate critical data to PQC
🔄 Update documentation and training

Long-Term (2040+)

🎯 Make PQC default for all new data
🎯 Complete migration of legacy data
🎯 Deprecate classical-only encryption
🎯 Remove legacy algorithm support

Resources & Further Reading

Official Standards

Post-Quantum Algorithms

Implementation Libraries

Research & Articles

Quantum Computing Status

Conclusion

SveltyCMS’s cryptographic implementation is well-positioned for the quantum computing era:

✅ Currently secure with Argon2id and AES-256-GCM
✅ Quantum-resistant for next 15-30 years
✅ Clear migration path to post-quantum cryptography
✅ Active monitoring of quantum computing developments

Key Recommendations:

Don’t panic: Quantum computers capable of breaking modern cryptography are decades away
Stay informed: Monitor NIST PQC standards and library maturity
Plan ahead: Budget for PQC migration around 2030-2035
Use current best practices: Argon2id + AES-256-GCM is excellent for now

Remember: Security is a journey, not a destination. Regular updates, monitoring, and adaptation are essential for long-term cryptographic security.