Two new JEPs, 496 and 497, tackle the subject of Post-Quantum Cryptography (PQC) in Java 24.
JEP 496 is a module-lattice-based key encapsulation mechanism, while JEP 497 is a digital signature algorithm.
Current cryptographic protections use problems in discrete maths (such as factorization of large numbers) that are believed to be computationally expensive to perform.
In recent years, computers that take advantage of quantum mechanical behaviour have started to become available.
A future large-scale quantum computer could use new techniques such as Shor's algorithm, to compromise the security of widely-deployed public-key based algorithms.
The ideal cryptographic system uses a key which was exchanged in advance between two parties, by a private channel.
The US government has mandated that computer systems handling sensitive information must be upgraded to use ML-KEM and other forthcoming standards to protect against quantum attacks.
As of 2024, nation-state level attackers could, theoretically, start capturing and storing large volumes of encrypted traffic.
The path ahead is far from clear, and new techniques could accelerate their delivery even faster.
It is necessary for Java to begin supporting post-quantum capabilities in advance of full standardization.