At the core of asymmetric cryptography, which secures most modern communication, lies a mathematically hard problem. However, the problem used in today's algorithms will be easy to solve with quantum computers, driving research for alternatives. Lattice-based cryptography is currently the most promising candidate. Although cryptographically relevant quantum computers are still years away, post-quantum cryptography is worth considering for applications that must remain secure for decades. There is also the risk that encrypted data is recorded today in order to be decrypted once quantum computers become available.
Java post-quantum cryptography takes its first steps in JDK 24, set for general availability in late March. This release includes JEP 496 and JEP 497 — which implement a key encapsulation mechanism and a digital signature algorithm — both standards-based and designed to be resistant to future quantum computing attacks. While liboqs from the Open Quantum Safe project provides C-based implementations with a JNI wrapper, it’s encouraging to see a native Java implementation emerging as well.
