When Noise Is No Longer Enough: The Hidden Limits of Post-Quantum Cryptography
10 May 2026, Lynn
The race to protect our data from quantum computers has settled on a single strategy: hide your secrets in noise. The idea is elegant in its simplicity. Take a mathematical problem that is hard enough on its own, then add a carefully calibrated layer of randomness. The resulting ciphertext looks like pure static to an attacker, even one armed with a quantum processor. For years, this approach — known as lattice-based cryptography — has been the leading candidate for a post-quantum world.
But a team of researchers from South Korea is now asking a question that makes cryptographers uneasy: what if that noise is not a permanent shield, but a temporary barrier?
In a new preprint (arXiv:2605.04582), Jiho Jung of the Korean National Police University, together with Donghwa Ji, Mingyu Lee, and Kabgyun Jeong of Seoul National University, systematically examine the theoretical foundations of this noise-reliant model. Their conclusion is pointed: relying on artificial noise for security may be betting on a fading resource.
The learning with errors paradigm
To understand why, we first need to see how the most popular form of lattice-based cryptography works. It is called the Learning With Errors (LWE) problem. Think of it like this: you have a secret number, and you want to hide it inside a long list of approximate equations. Each equation is slightly wrong — off by a small, random error. The person who knows the secret can average out those errors and recover it. An attacker, seeing only the noisy equations, cannot distinguish the real signal from the static.
Adding a small, random error to a linear equation scrambles the secret key, making it impossible for classical computers to reverse-engineer. This deliberate “noise” is what protects post-quantum cryptographic systems from being broken by today’s algorithms. (Source: arXiv:2605.04582)
This is not a metaphor for security; it is the actual mathematical machinery that underlies the algorithms being standardized by governments worldwide. The US National Institute of Standards and Technology selected lattice-based schemes as its primary post-quantum standards in 2024. The logic seemed bulletproof: even if a quantum computer could solve certain structured problems efficiently, the injected noise would scramble the solution space beyond reach.
The error, the team argues, is not in the math but in what the math assumes.
Noise is not erasure
Jung and colleagues explore the problem from four angles: computational complexity, thermodynamics, quantum error correction, and quantum learning theory. The thread that ties them together is a single insight — injected noise does not destroy the underlying secret; it merely buries it.
From an information-theoretic standpoint, the noisy ciphertext still contains all the information needed to recover the secret. Claude Shannon proved in the 1940s that noise within a channel’s capacity is fundamentally correctable through optimal decoding. The LWE framework, by design, stays within that capacity. “The structural integrity of the cryptographic secret remains preserved within the ciphertext,” the authors write. Advanced quantum error correction protocols, which thrive on correcting precisely this kind of structured noise, could in principle extract the kernel of the original secret.
The algorithmic error in post-quantum encryption is mathematically identical to channel noise. Shannon’s theorem shows this noise is correctable, exposing a fundamental limit to the system’s security. (Source: arXiv:2605.04582)
Here is where the analogy breaks down. Unlike a message garbled in transmission, the noise in LWE is not accidental — it is intentionally inserted by the sender. But the mathematics does not care about intention. Shannon’s theorem applies regardless. If the noise falls within a certain threshold, a sufficiently powerful decoder can peel it away. And quantum computers, with their ability to explore vast solution spaces in parallel, are becoming increasingly good at those decoding tasks.
A problem of assumptions
The paper also points to a deeper vulnerability: the entire security framework rests on unproven complexity-theoretic assumptions. The LWE problem is known to be hard only against classical algorithms, and even that hardness relies on conjectures about the worst-case behavior of certain lattice problems. Whether those problems remain hard for quantum algorithms is an open question. The authors note that the security paradigm “relies precariously on the unproven assumption that specific lattice problems do not intersect with the BQP class” — the class of problems a quantum computer can solve efficiently.
This is not a theoretical abstraction. In recent years, quantum algorithms for solving linear systems and for learning hidden structures have advanced rapidly. The same techniques that power quantum error correction and quantum machine learning can, in principle, be turned against the cryptographic noise itself.
The team does not claim that a practical break is imminent. Quantum error correction at the scale needed to decode LWE ciphertexts is still years away. But that is exactly the point: calling these systems “post-quantum” assumes the bottleneck is physical (noisy hardware) rather than fundamental (theoretical irreversibility). As hardware improves, the bottleneck shifts.
Why this matters now
The question of whether lattice-based cryptography is truly post-quantum has practical urgency. Governments and corporations are already embedding these algorithms into hardware, from smartphone chips to cloud servers. If the underlying assumptions turn out to be conditional — valid only as long as quantum hardware remains imperfect — then the transition to these systems must be treated as exactly that: a transition, not a final destination.
Kabgyun Jeong, the corresponding author, and his colleagues suggest that the field needs to develop cryptographic primitives whose security does not depend on the difficulty of removing noise. This could mean returning to older candidates like code-based cryptography, which has different assumptions, or exploring entirely new paradigms rooted in quantum information theory itself.
“It’s like building a fortress on a frozen lake,” says an analogy that comes to mind — but unlike a lake, whose thaw is predictable, the timeline of quantum hardware improvements is not. The authors do not offer a fixed date. They do not claim the transition is imminent. What they do is point out that the ice is thinner than most people assume.
The road ahead
The paper’s value is not in providing a working attack but in clarifying what the security assumptions actually are. It maps the boundary between what we know and what we suspect. Every security system is a bet on the future of physics and computation. Jung and colleagues argue that the current bet — that noise will remain a permanent barrier — has not been fully justified.
Constructive tension is the honest stance here. The LWE framework is a major achievement, and it provides the best near-term protection we have. But calling it unconditionally post-quantum, the team writes, “represents a premature classification relying on transient physical bottlenecks rather than impenetrable theoretical boundaries.”
In other words, the noise may not keep our secrets forever. The question is whether we are ready for the day it stops working.
Lynn is an online editor of LoomSci
References
- Jiho Jung et al., Fundamental Limitations of Post-Quantum Cryptographic Architectures, arXiv:2605.04582