You have probably heard that quantum computers are going to "break encryption." This phrase gets thrown around in headlines without much explanation. It is simultaneously true and misleading. Quantum computers will not break all encryption. They will break specific types of encryption — the types that happen to protect virtually every video call, web connection, and secure message on the internet today. Post-quantum encryption is the set of replacement algorithms designed to survive the quantum era.
This guide explains post-quantum encryption from the ground up. No background in cryptography or quantum physics required. By the end, you will understand what quantum computers threaten, what post-quantum algorithms are, why NIST spent eight years standardizing them, and how V100 uses them to protect video calls today.
How Encryption Works Today (The 60-Second Version)
When you join a video call, your device and the other participant's device need to agree on a secret key — a string of random bits that only the two of you know. This key is used to scramble (encrypt) your video and audio so that anyone intercepting the data sees only random noise.
The challenge is: how do two devices that have never communicated before agree on a shared secret without anyone else learning it? This is the key exchange problem, and it is the foundation of all internet security. The solution used by virtually every secure protocol today (TLS, DTLS, WebRTC) relies on mathematical problems that are hard for classical computers to solve.
The two most common approaches are RSA (based on the difficulty of factoring large numbers) and elliptic-curve Diffie-Hellman (ECDH, based on the difficulty of computing discrete logarithms on elliptic curves). Both have been the bedrock of internet security for decades. Both are about to become obsolete.
Today's encryption in a nutshell
What Quantum Computers Change
A classical computer stores information as bits that are either 0 or 1. A quantum computer uses quantum bits (qubits) that can exist in a superposition of 0 and 1 simultaneously. This is not just a faster version of a classical computer. It is a fundamentally different computational model that can solve certain mathematical problems exponentially faster.
In 1994, mathematician Peter Shor published an algorithm — now called Shor's algorithm — that can factor large numbers and compute discrete logarithms in polynomial time on a quantum computer. These are exactly the two mathematical problems that RSA and ECDH depend on. If you can factor large numbers quickly, you can break RSA. If you can compute discrete logarithms quickly, you can break ECDH and ECDSA. Shor's algorithm does both.
The implications are concrete. A sufficiently large quantum computer running Shor's algorithm can: derive the private key from any RSA public key, recover the shared secret from any ECDH key exchange, and forge any ECDSA or RSA digital signature. This does not just affect future communications. It affects every recorded communication that used these algorithms. If an adversary recorded your encrypted video call last year, and a quantum computer breaks the key exchange next decade, your call is decrypted. Retroactively.
Importantly, quantum computers do not threaten symmetric encryption (like AES) or hash functions (like SHA-256) nearly as much. Grover's algorithm provides a quadratic speedup for brute-force searches, which effectively halves the key length — meaning AES-256 retains 128 bits of security against quantum attacks, which is still excellent. The vulnerability is concentrated in asymmetric cryptography: key exchange and digital signatures.
Enter Post-Quantum Encryption
Post-quantum encryption (also called post-quantum cryptography, or PQC) is the development of new asymmetric algorithms based on mathematical problems that quantum computers cannot solve efficiently. These are not incremental improvements to existing algorithms. They are entirely new constructions based on different branches of mathematics.
The key insight is that while quantum computers are devastating to factoring and discrete-log problems, they offer no known advantage for other classes of hard problems. Post-quantum algorithms are built on problems like:
Mathematical foundations of PQ encryption
NIST FIPS 203 and 204: The Official Standards
The National Institute of Standards and Technology (NIST) started its Post-Quantum Cryptography Standardization Process in 2016. After eight years of evaluation involving hundreds of researchers worldwide, NIST finalized the first three post-quantum standards in August 2024:
FIPS 203 — ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism, formerly known as CRYSTALS-Kyber). This is the replacement for ECDH and RSA key exchange. When two devices need to agree on a shared secret, they use ML-KEM instead of classical algorithms. ML-KEM comes in three security levels: ML-KEM-512, ML-KEM-768, and ML-KEM-1024. V100 uses ML-KEM-768, which provides approximately 192-bit classical equivalent security.
FIPS 204 — ML-DSA (Module-Lattice-Based Digital Signature Algorithm, formerly known as CRYSTALS-Dilithium). This is the replacement for RSA and ECDSA digital signatures. When a server needs to prove its identity, or a document needs to be signed, ML-DSA replaces the classical signature. V100 uses ML-DSA-65 for signing meeting artifacts — recordings, transcripts, and session attestations.
FIPS 205 — SLH-DSA (Stateless Hash-Based Digital Signature Algorithm, formerly known as SPHINCS+). This is a backup signature scheme whose security relies only on hash functions. It produces larger signatures but offers the most conservative security guarantee: it will remain secure as long as hash functions like SHA-256 are collision-resistant, which is a much older and better-understood assumption than lattice security.
NIST PQ Standards at a Glance
| Standard | Algorithm | Purpose | V100 Usage |
|---|---|---|---|
| FIPS 203 | ML-KEM-768 | Key exchange | Session key establishment |
| FIPS 204 | ML-DSA-65 | Digital signatures | Recording/transcript signing |
| FIPS 205 | SLH-DSA | Hash-based signatures | Long-lived attestation |
Why Video Platforms Specifically Need Post-Quantum Encryption
Not all internet traffic is equally sensitive. A web page you viewed today has limited value to an adversary ten years from now. An email you sent may be mildly embarrassing. But a video call captures raw, unfiltered human communication — the kind of conversation people have when they believe they are in a private room.
Video meetings are where organizations make their most sensitive decisions. A CEO discusses a pending acquisition with the board. A physician explains a cancer diagnosis to a patient. A lawyer strategizes with a client about litigation. A defense program manager reviews classified milestones with a contractor. These conversations have intelligence value that can last decades.
The harvest-now-decrypt-later threat makes every one of these calls a target today, even though quantum computers do not exist yet. An adversary who records the encrypted traffic from a board meeting about a $50 billion merger gains nothing today. But in 2035, when a quantum computer decrypts the recording, that intelligence is still enormously valuable — for competitive advantage, for blackmail, for strategic positioning.
Healthcare data is the clearest example. HIPAA mandates encryption of protected health information with no expiration. A patient's medical history is sensitive for the patient's entire life. A telehealth session recorded today and decrypted in 2040 is a HIPAA breach, a privacy violation, and potential grounds for litigation. The encryption needs to last as long as the data is sensitive. Classical encryption will not last that long.
How V100 Implements Post-Quantum Encryption
V100 is the only video API platform with production post-quantum encryption. It is not an experimental feature behind a flag. Every V100 video session uses PQ algorithms by default. Here is how the implementation works at a high level:
Hybrid key exchange: When participants join a V100 session, the key exchange uses both ML-KEM-768 (post-quantum) and X25519 (classical elliptic-curve). Both algorithms independently derive a shared secret, and the two secrets are combined using SHA3-256 to produce the session key. This hybrid approach ensures that the session is secure even if one algorithm turns out to have an unforeseen weakness. If ML-KEM is broken, X25519 still protects against classical attacks. If X25519 falls to a quantum computer, ML-KEM protects against quantum attacks. Both must be broken simultaneously to compromise the session.
PQ digital signatures: All meeting artifacts — recordings, transcripts, summaries, attendance logs — are signed with ML-DSA-65. These signatures are verifiable today and will remain verifiable after quantum computers exist. A recording signed with ML-DSA-65 cannot be forged, even with a quantum computer. For maximum assurance on long-lived artifacts, V100 can also apply SLH-DSA (hash-based) signatures that depend only on the security of hash functions.
End-to-end design: The PQ session key is used for AES-256-GCM encryption of all media streams. The V100 SFU (server that routes media packets between participants) never possesses the key. Even if V100's infrastructure were fully compromised, the attacker gets only encrypted data. The security model assumes the server is adversarial — which is the only honest way to design end-to-end encryption.
Zero performance impact: The PQ key exchange adds roughly 80 microseconds to session setup. Media encryption is identical to classical AES-256-GCM once the key is established. Users experience no difference in call quality, latency, or connection time. The PQ overhead is orders of magnitude smaller than the network round-trip time that dominates video call setup. More details are available on the quantum security page.
Common Misconceptions About Post-Quantum Encryption
"We do not need PQ until quantum computers exist." This is the most dangerous misconception. Because of harvest-now-decrypt-later, the threat is not deferred to the future. Encrypted traffic recorded today will be decryptable when quantum computers arrive. If your data remains sensitive for more than 5–10 years, you need PQ protection now.
"AES-256 is already quantum safe, so we are fine." AES-256 (symmetric encryption) is indeed quantum-resistant. But AES-256 protects the data only after a key has been agreed upon. The key agreement (ECDH, RSA) is the part that quantum computers break. If an attacker can recover the key, the AES encryption is irrelevant because they have the key to decrypt it.
"PQ encryption is too slow for real-time video." This was debatable in 2020. It is definitively false in 2026. ML-KEM-768 encapsulation takes 30 microseconds. A single video frame at 30fps takes 33 milliseconds to display. The PQ overhead is 1,000 times smaller than a single frame interval.
"My video vendor will add PQ when it matters." Migrating a large platform to post-quantum cryptography is not a patch that ships in a sprint. It requires deep changes to key exchange protocols, signature infrastructure, certificate chains, and often hardware acceleration. As of April 2026, no major video platform (Zoom, Teams, Meet, Webex, Daily, LiveKit, Twilio, Agora) has shipped post-quantum encryption or disclosed a timeline. If you are waiting for your current vendor, you may be waiting a long time.
What You Can Do Today
Start by understanding your data sensitivity timeline. If your organization handles information that will remain confidential for more than five years — patient records, legal proceedings, financial transactions, defense programs, trade secrets — you are in the harvest-now-decrypt-later threat window today.
Next, audit your current video platform. Ask the vendor directly: what key exchange algorithm do you use? Is it post-quantum? Do you sign recordings with post-quantum signatures? If the answers are ECDH and ECDSA (or the vendor cannot answer), your video traffic is accumulating quantum risk.
V100 is available today with full post-quantum protection on every session. The live demo shows the PQ-E2E badge in action. Pricing includes PQ encryption at every tier — it is not a premium add-on. The quantum security page provides the full technical specification for compliance and security teams.
Ready to go post-quantum?
V100 is the only video API with production post-quantum encryption. FIPS 203 key exchange. FIPS 204 signatures. Three independent algorithm families. Zero latency impact. Start free today.