Glossary of Terms The PQC A to Z

CBOM (Cryptographic Bill of Materials) – A comprehensive inventory of all cryptographic algorithms, protocols, certificates, and key materials used across an organisation’s infrastructure. Essential for assessing quantum vulnerability and planning PQC migration.

CRQC (Cryptographically Relevant Quantum Computer) – A quantum computer powerful enough to break current public-key cryptographic algorithms such as RSA and ECC. Whilst not yet available, CRQCs are widely expected to emerge within the next decade.

Crypto Agility – The ability of a system or application to swap cryptographic algorithms, key sizes, and protocols without requiring a major redesign. Considered essential for a smooth transition to post-quantum cryptography.

FAPI (Financial-grade API) – A set of security profiles developed by the OpenID Foundation that constrain OAuth 2.0 and OpenID Connect for high-assurance environments. Widely adopted in Open Banking ecosystems and mandated under regulations such as PSD2.

JOSE (JSON Object Signing and Encryption) – A suite of IETF standards (RFCs 7515–7518) that define how to sign (JWS), encrypt (JWE), and represent keys (JWK) using JSON-based data structures. JOSE is the cryptographic framework that underpins JWT.

JWT (JSON Web Token) – A compact, URL-safe token format defined in RFC 7519 for securely transmitting claims between parties. JWTs are the dominant token format in OAuth 2.0 and OpenID Connect and are signed and encrypted using the JOSE framework.

KEM (Key Encapsulation Mechanism) – A cryptographic primitive that enables two parties to establish a shared secret key over a public channel. Post-quantum KEMs such as ML-KEM replace traditional key exchange methods like Diffie–Hellman.

ML-DSA (Module-Lattice-Based Digital Signature Algorithm) – The NIST-standardised post-quantum digital signature algorithm specified in FIPS 204. Derived from the CRYSTALS-Dilithium submission. Intended as the primary replacement for RSA and ECDSA signatures.

ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) – The NIST-standardised post-quantum key encapsulation mechanism specified in FIPS 203. Derived from the CRYSTALS-Kyber submission. Used for establishing shared secret keys between parties.

PQC (Post-Quantum Cryptography) – Cryptographic algorithms designed to be secure against both classical and quantum computer attacks. PQC replaces the mathematical assumptions (integer factorisation, discrete logarithms) that underpin current public-key cryptography.

Shor’s Algorithm – A quantum algorithm discovered in 1994 that can efficiently factor large integers and compute discrete logarithms, breaking RSA, ECC, and other public-key cryptographic systems currently in use.

SLH-DSA (Stateless Hash-Based Digital Signature Algorithm) – A post-quantum digital signature algorithm specified in FIPS 205. Derived from the SPHINCS+ submission. Relies solely on the security of hash functions, providing a backup in case lattice-based schemes are compromised.