up:: Security Basics MOC

Confidentiality

Confidentiality is the security goal of keeping information private, so that it can be read only by the people and systems authorized to see it, and it is the C in the CIA triad alongside Integrity and Availability. A data breach is a confidentiality failure, a wiretap is a confidentiality failure, and a leaked document is a confidentiality failure. Cryptography delivers confidentiality through encryption, which scrambles data so that even someone who reaches it can’t read it without the key. Of all the security goals, confidentiality is the one the quantum transition threatens most urgently, because Harvest Now, Decrypt Later lets an adversary record encrypted traffic today and decrypt it years later once a quantum computer breaks the key exchange that protected it.

The short version:

  1. Confidentiality means information is disclosed only to authorized parties. It’s one of the three core security goals, defined for all US federal information in FIPS 199.
  2. Cryptography delivers it through encryption: symmetric AES-256 encrypts bulk data fast, and public-key methods (RSA, ECDH, and post-quantum KEMs) solve the harder job of agreeing on that shared key over an open line.
  3. It’s a different goal from Integrity (was the data changed?) and Authentication (who are you really?). Confidentiality is purely about who can read.
  4. The quantum threat hits confidentiality on the most urgent clock, because Harvest Now, Decrypt Later means data encrypted today is already exposed the moment it’s recorded, not years from now when the machine arrives.
  5. The fix is ML-KEM for key establishment, usually reached through a hybrid step. The symmetric workhorse, AES-256, already survives the transition.

Picture two people who have never met needing to agree on a lock combination while standing in a crowded room where everyone can hear them. Once they share the combination, the box stays shut to everyone else, and that closed box is confidentiality. The hard part isn’t the box, it’s agreeing on the combination out loud without letting the room learn it. Public-key cryptography is the clever trick that lets them do exactly that. The quantum problem is that one of the people in the room has been writing down every word for years, betting that a future machine will let them work the combination out after the fact. That’s Harvest Now, Decrypt Later, and it’s why confidentiality is the goal on the ticking clock.

What is confidentiality?

Confidentiality is the guarantee that information is accessible only to those authorized to have access, and it’s the first of the three core security goals in the CIA triad. The US government codified it as one of the three security objectives for all federal information in FIPS 199, drawing the definition straight from federal law (44 U.S.C. 3542). FIPS 199 defines confidentiality as:

“Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.”

The quick way to hold it against its two triad siblings: confidentiality is about who can read, Integrity is about who can change, and Availability is about whether the system works at all. Each is a separate promise, and a system can keep one perfectly while failing another. A file that’s encrypted flawlessly still fails on availability if ransomware locks it away, and it fails on integrity if an attacker can silently alter it. Confidentiality is only ever the reading question.

Confidentiality is protected in three overlapping layers, not by encryption alone:

  1. Access control. Permissions, authentication, and network segmentation decide who can reach the data in the first place.
  2. Encryption. Encryption scrambles the data so that even a party who does reach it can’t read it without the key. This is confidentiality’s cryptographic workhorse and the layer the quantum threat targets.
  3. Data minimization. Data you never collect or retain can’t leak, so scoping and deletion are confidentiality controls too.

Source: NIST, “Standards for Security Categorization of Federal Information and Information Systems,” FIPS 199, February 2004, FIPS 199.

How does cryptography provide confidentiality?

Cryptography provides confidentiality through encryption, which transforms readable data (plaintext) into scrambled data (ciphertext) that’s meaningless without the correct key. The security rests entirely on the key: the algorithm is public and studied by everyone, and only the key is secret. Encryption comes in two flavors that solve two different halves of the problem, and keeping them separate is the whole reason the quantum threat lands unevenly.

  1. Symmetric encryption does the bulk work. One shared key both encrypts and decrypts, and it’s fast enough to protect large volumes of data continuously. AES-256 is the standard workhorse here, standardized by NIST in FIPS 197 and used almost everywhere to encrypt data in transit and at rest. The catch is that both parties need the same secret key first, which raises the hard question symmetric encryption can’t answer by itself.
  2. Public-key cryptography establishes the shared key. Two parties who’ve never met need to agree on a symmetric key over a line an eavesdropper is watching. Public-key methods (RSA, Diffie-Hellman, and ECDH) solve exactly this, letting each side derive a shared secret that a listener can’t reconstruct from the public exchange. This is key establishment, and in the post-quantum world it’s the job that moves to a KEM like ML-KEM.

A live TLS session shows both at once: the handshake uses public-key key exchange to set up a fresh shared secret, then everything after switches to fast symmetric encryption (AES-256) for the actual data. The division of labor matters enormously for quantum, because the two halves sit on opposite sides of the threat.

Encryption layerWhat it doesStandard exampleHow a quantum computer affects it
SymmetricEncrypts bulk data with one shared key, fastAES-256 (FIPS 197)Survives. Grover’s algorithm only halves brute-force strength, leaving roughly 128-bit security
Public-key (key establishment)Lets two parties agree on the shared key over an open lineRSA, ECDHBreaks outright. Shor’s algorithm recovers the key from the public exchange
Post-quantum key establishmentThe replacement for the broken public-key layerML-KEM (FIPS 203)Designed to resist both Shor’s and Grover’s algorithms

Sources: NIST, “Advanced Encryption Standard (AES),” FIPS 197, updated May 2023, FIPS 197.

NIST, “Module-Lattice-Based Key-Encapsulation Mechanism Standard,” FIPS 203, August 2024, FIPS 203.

How does the quantum threat attack confidentiality?

The quantum threat attacks confidentiality by breaking the public-key key exchange that sets up encrypted sessions, which then exposes the data those sessions were protecting. A cryptographically relevant quantum computer running Shor’s algorithm efficiently solves integer factorization and the discrete logarithm problem, the two hard problems under RSA, DH, and ECDH. Recover the key that was negotiated during a handshake, and the attacker recovers the AES-256 session key it protected, and with it every byte of that session.

The symmetric layer holds up, which sharpens where the danger actually is. AES-256 loses only a manageable margin to Grover’s algorithm, keeping roughly 128 bits of effective security, so bulk encryption stays strong. The exposure is concentrated entirely in the public-key key-establishment step. That’s why the fix for confidentiality is narrow: replace the key exchange with a post-quantum KEM, ML-KEM, usually deployed first as a hybrid that runs the classical and post-quantum exchange together so a break in either one alone doesn’t sink the session.

Sources: P. Shor, “Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer,” SIAM J. Computing, 1997, quant-ph/9508027.

CISA, NSA, and NIST, “Quantum-Readiness: Migration to Post-Quantum Cryptography,” August 2023, CSI Quantum Readiness.

Why is confidentiality the most urgent goal in the quantum transition?

Confidentiality is the most urgent goal because the attack on it is already running, while the attack on the trust goals waits for the machine to actually exist. Harvest Now, Decrypt Later is a passive collection strategy: an adversary records encrypted traffic today, stores it cheaply, and decrypts it later once a quantum computer arrives. Nothing about that requires the quantum computer to exist yet. The recording is happening now, which means any data with a long secrecy lifetime is exposed the moment it crosses a network, even though the decryption is years out.

That’s the difference between confidentiality and the trust goals under quantum. Forging a signature to break Integrity or Authentication is a real-time attack that only becomes possible once the machine is built, so there’s nothing to steal in advance. Confidentiality has no such grace period, because the ciphertext an attacker needs is being emitted and harvested right now. The urgency follows directly from Mosca’s theorem: if the time your data must stay secret, plus the years it takes to migrate, runs past the arrival of a quantum computer, then data you send today is already compromised. Health records, state secrets, financial data, and encryption keys with decades of required secrecy are living on borrowed time.

Attack surfaceWhich goalLive today?Why
Harvest Now, Decrypt LaterConfidentialityYes, harvesting is happening nowCiphertext recorded today is decrypted once Shor’s breaks the key exchange
Signature forgeryIntegrity and AuthenticationNo, only once a quantum computer existsForgery is real-time impersonation, so there’s nothing to record in advance

Source: NIST, “Standards for Security Categorization of Federal Information and Information Systems,” FIPS 199, February 2004, FIPS 199.

Common misconceptions

  1. “The C in CIA is the intelligence agency.” It stands for confidentiality. The triad predates and has nothing to do with the agency; the letters are just the initials of the three security goals.
  2. “Confidentiality just means encryption.” Encryption is the cryptographic workhorse, but access control and data minimization protect confidentiality too, and encryption without sound key management or access control still leaks. Confidentiality is the goal; encryption is one control that serves it.
  3. “If it’s encrypted, it’s confidential forever.” Encrypted data recorded today can be decrypted later once the key is broken. That’s the whole premise of Harvest Now, Decrypt Later, so confidentiality has a shelf life set by how long the data must stay secret against when its protection fails.
  4. “AES is the part a quantum computer breaks.” It’s the other way around. AES-256 survives with a comfortable margin, and the vulnerable piece is the public-key key exchange that sets up the AES session key.
  5. “Confidentiality and privacy are the same thing.” Confidentiality is a technical control over who can read specific data. Privacy is the broader question of what data is appropriate to collect and use at all. Confidentiality is one mechanism that serves privacy.
  6. “Confidentiality and integrity are the same goal.” They’re distinct. Confidentiality is about who can read the data, and integrity is about whether the data was altered. A message can be perfectly secret and still be tampered with, or fully readable and provably unaltered.

Questions people ask

What’s the difference between confidentiality and privacy? Confidentiality is the technical guarantee that specific information is readable only by authorized parties. Privacy is the broader right and policy question of what information should be collected, shared, and used in the first place. Confidentiality is one of the mechanisms that makes privacy enforceable, but you can have strong confidentiality over data that was never appropriate to collect.

What’s the difference between confidentiality and integrity? Confidentiality protects against unauthorized reading, and Integrity protects against undetected changing. They’re independent goals: encrypting a file keeps it secret but doesn’t stop an attacker from corrupting it, and hashing a file detects tampering but doesn’t hide its contents. Most systems need both, delivered by different cryptographic tools.

How does encryption keep data confidential? Encryption transforms readable plaintext into scrambled ciphertext using a key, and only someone with the correct key can reverse it. The algorithm is public and the key is the secret, so confidentiality holds exactly as long as the key stays secret and the algorithm stays unbroken.

Why does confidentiality need two kinds of encryption? Symmetric encryption like AES-256 is fast enough to protect large amounts of data, but it needs both parties to share a key first. Public-key cryptography solves that setup problem by letting two strangers agree on a shared key over an open line. Real systems use public-key methods to establish the key, then symmetric encryption to move the data.

Is my encrypted data safe from quantum computers? The bulk symmetric encryption (AES-256) is fine, but the public-key key exchange that protects it today is not. If that data is being harvested now and needs to stay secret for years, it’s exposed to Harvest Now, Decrypt Later, so long-lived secrets are the ones to migrate first.

Which data is most at risk from Harvest Now, Decrypt Later? Anything with a long required secrecy lifetime: health records, financial and legal records, government and defense secrets, intellectual property, and long-lived encryption keys. The longer data must stay confidential, the more certain it is that a future quantum computer will still be able to hurt you when it arrives.

Do I have to replace AES to protect confidentiality against quantum? No. AES-256 stays secure because Grover’s algorithm only halves its strength, leaving about 128 bits. What has to change is the public-key key establishment, which moves to ML-KEM, typically through a hybrid deployment.

Is confidentiality the only CIA goal the quantum threat attacks? No, but it’s the most urgent one. Confidentiality is attacked live today through harvesting, while Integrity and Authentication are attacked through signature forgery that only becomes possible once a quantum computer actually exists. Availability rests on architecture rather than public-key math, so the cryptographic quantum threat leaves it largely alone.


Everything here is the map, given freely. When your team needs its own long-lived confidential data found, ranked by secrecy lifetime, and moved onto a post-quantum footing before the harvesters cash in, that’s the work I do. Request an alignment briefing.

Last verified 2026-07-09 · Maintained by Addie LaMarr, LaMarr Labs.