Muriel Medard@MurielMedard
Many people talk about quantum (PQ) computing like it's mystical. It isn't. It's math. The way we will secure data against it is also math, specifically, coding theory. Let me explain what that means, because much of the current PQ conversation is missing some important context.
Quantum computers work on qubits rather than bits. A bit is 0 or 1. A qubit can be described as something that can be 0, 1, or a distribution between them. That extra room is where the power comes from: a quantum computer is probabilistic, not deterministic, and it can solve specific problems that today's machines cannot.
The challenge is that as you compute, the qubits degrade. The state doesn't stay constant. Without robust, efficient error correction, a quantum computer can't scale. Error correction is a coding problem. So coding is one of the largest open obstacles to making quantum computing real at all, which is why so much of the heavy investment in this space is, at its core, an investment in better codes.
That same math is what protects us on the other side. To see why, the analogy I keep coming back to is a door and a lock. Every cryptosystem you use today protects a large surface (say a megabit of data) with a tiny key, say 128 or 256 bits. The lock is a small fraction of the door. That arrangement works against a classical attacker because they have to break the lock; there's no other way in.
A quantum attacker doesn't have that constraint. They can probe non-deterministically; they don't need to break the lock at all. They can look for a weak point anywhere on the surface of the door and punch a hole through it. You may not even know which part of your data they saw, maybe nothing important, maybe exactly what you wanted to hide.
Almost the entire PQ conversation today is about reinforcing the lock. Replace ECDSA, replace the key-exchange primitive, swap in a lattice-based KEM. That work matters and it should continue. But it is still a small reinforced patch on a very large door.
The real question is how you reinforce the whole door. The math for that has existed since the 1970s: the McEliece cryptosystem, the granddaddy of post-quantum schemes, and the main one I personally trust. It has withstood half a century of attacks by cryptographers without a fundamental break—a track record little else in this space comes close to.
The problem with McEliece is not security. It is pain. Applying it to a full payload is, if you forgive the grim comparison, like chemo: it kills the tumor and almost kills the patient. That is why nobody deploys it broadly. The lock is small enough to absorb the cost; the door is not.
This is where coding solves the second half of the problem. The construction my collaborators and I developed, HUNCC (Hybrid Universal Network Coding Cryptosystem), splits the data into coded pieces and applies the expensive PQ encryption to only a small fraction of them, maybe a few percent, or less. An attacker who breaks in sees a system of equations with one unknown they cannot recover. One unknown in a coded system is a hyper-strong key, and the protection lives everywhere on the data, not just at the lock.
The point is not that this replaces ML-KEM or any other PQ KEM. It doesn't, and I wouldn't claim it does. The point is that coding is what makes post-quantum security something you can actually deploy at speed, across the whole door, without paying the chemo cost everywhere.
Coding is what is currently blocking quantum computing from becoming real, and coding is what will make quantum safety real. The math has been here for fifty years. What we have been missing is the path from correct-but-unusable to correct-and-fast.
More to come.
