No matter which post-quantum cryptographic algorithm you use, seeding it with weak or predictable randomness undermines its security. High-quality randomness is not optional in a quantum-safe system. It is foundational.
What is post-quantum cryptography?
Post-quantum cryptography refers to cryptographic algorithms designed to remain secure against attacks from quantum computers. Classical algorithms such as RSA and ECC are vulnerable to quantum attacks, specifically Shor’s algorithm, which can efficiently factor large numbers and break these systems.
PQC algorithms are built on mathematical problems that remain hard for both classical and quantum computers, such as lattice-based and code-based schemes.
NIST has led the standardisation effort. In August 2024 it finalised three algorithms:
- ML-KEM for key encapsulation
- ML-DSA for digital signatures
- SLH-DSA as a stateless hash-based signature alternative
In March 2025, NIST added HQC, a code-based algorithm, expanding the available options for quantum-resistant encryption. NIST IR 8547, updated in November 2024, guides organisations through transition, emphasising system inventory and hybrid implementations.
By late 2025, over half of internet traffic was using PQC hybrid implementations, reflecting the urgency of migration driven by harvest now, decrypt later threats.
Why randomness quality matters in PQC
PQC algorithms are mathematically strong. But their security depends on the quality of the keys generated to use them. Key generation requires high-entropy randomness. If that randomness is predictable, the mathematical strength of the algorithm becomes irrelevant.
This is where the choice of random number generator matters.
How QRNG strengthens PQC
Pseudorandom number generators are deterministic. Given a known seed, their output can be reproduced. Classical hardware random number generators improve on this but remain susceptible to environmental bias and interference.
Quantum random number generators derive randomness from quantum physical processes such as photon behaviour and quantum vacuum fluctuations. The outcome of these processes is fundamentally indeterminate before measurement, producing randomness that cannot be predicted or reproduced.
Key properties of QRNG output relevant to PQC:
- entropy close to 1.0 per bit
- passes NIST SP 800-22 statistical tests
- real-time health verification before output is served
- no dependence on algorithmic seeds
In PQC systems, QRNG-seeded key generation produces keys with no predictability weakness at the randomness layer. This strengthens resistance to both side-channel and predictive attacks.
QRNG and quantum key distribution
In quantum key distribution systems, QRNGs generate the keys used for provably secure communications. The combination of QKD and QRNG represents the strongest currently available approach to key security, with randomness quality verified at the physical level.
Where PQC and QRNG matter most
The combination of PQC and QRNG is most relevant in:
organisations beginning quantum-safe migration planning
financial infrastructure requiring long-term key security
government and defence communications
IoT devices operating in sensitive or resource-constrained environments
any system exposed to harvest now, decrypt later risk
Starting with randomness
Transitioning to quantum-safe security is a process. Hybrid implementations, combining classical and PQC algorithms, are a practical starting point recommended by NIST. Within any such transition, ensuring randomness quality at the key generation layer is one of the most accessible and high-impact steps available.
To understand the building blocks, read: What Is a Quantum Random Number Generator?