Quantum Computing and Cybersecurity: Preparing for Post-Quantum

Quantum computing will break the encryption that protects virtually all digital communication. RSA, ECC, Diffie-Hellman — the cryptographic algorithms that secure HTTPS, VPNs, digital signatures, and encrypted data — are all vulnerable to a sufficiently powerful quantum computer.

The timeline is debated: 5 years, 10 years, 15 years. But the threat is already real because of a simple attack: harvest now, decrypt later. Adversaries are collecting encrypted data today, waiting for quantum computers to decrypt it in the future.

If your data needs to remain confidential for more than 5-10 years, the quantum threat is a present concern, not a future one.

The Threat Explained

Shor's Algorithm

Shor's algorithm, running on a sufficiently powerful quantum computer, can efficiently factor large numbers and compute discrete logarithms. This breaks:

What's NOT broken: Symmetric encryption (AES-256) and hash functions (SHA-256) are quantum-resistant. Grover's algorithm provides a quadratic speedup for brute-force attacks, which means AES-128 becomes as weak as AES-64 — but AES-256 remains secure (reduced to AES-128 equivalent strength).

Timeline Estimates

The honest answer: nobody knows when a cryptographically relevant quantum computer will exist. Estimates range from 2030 to 2040+.

What we do know:

• IBM, Google, and others are making steady progress on qubit count and error correction
• The National Quantum Initiative Act and EU Quantum Flagship are investing billions
• China is aggressively pursuing quantum computing capabilities
• Error-corrected quantum computers capable of breaking RSA-2048 require millions of physical qubits (current state: ~1,000 noisy qubits)

The planning horizon: Migrating cryptography takes years. If quantum computers arrive in 2032 and migration takes 5 years, you need to start by 2027. If they arrive in 2035, you need to start by 2030. Either way, planning should begin now.

NIST Post-Quantum Standards

NIST finalised its first set of post-quantum cryptographic standards in 2024:

Recommendation: ML-KEM for key exchange, ML-DSA for digital signatures. SLH-DSA as a backup for signatures (based on different mathematical assumptions — defence in depth against future cryptanalytic breakthroughs).

Key Differences from Current Algorithms

Post-quantum algorithms have larger key and signature sizes. This has implications for protocols, storage, and bandwidth — but the performance is generally comparable to current algorithms.

Crypto-Agility: The Strategic Imperative

Crypto-agility is the ability to quickly switch cryptographic algorithms without redesigning your systems. It's the most important preparation you can make right now, regardless of quantum timeline uncertainty.

What Crypto-Agility Means

• Cryptographic algorithms are configurable, not hardcoded
• Certificate and key management systems support multiple algorithm types
• Protocol implementations can negotiate algorithm choices (already standard in TLS)
• Systems can run hybrid mode (classical + post-quantum simultaneously)

How to Achieve It

1. Inventory your cryptography. Catalogue every system that uses encryption, digital signatures, or key exchange. This is harder than it sounds — cryptography is embedded in TLS libraries, database connections, API authentication, file encryption, and dozens of other places.

2. Eliminate hardcoded algorithms. Any system that hardcodes "RSA-2048" or "ECDSA P-256" needs to be refactored so the algorithm is configurable.

3. Centralise certificate management. Use a PKI system that can issue certificates with different algorithms. Automate certificate rotation.

4. Test post-quantum algorithms. Deploy ML-KEM and ML-DSA in test environments. Measure performance impact, identify compatibility issues.

5. Plan hybrid deployment. During transition, run classical and post-quantum algorithms simultaneously (e.g., X25519 + ML-KEM for key exchange). This protects against both classical and quantum attacks.

Harvest Now, Decrypt Later

This is the immediate, real-world threat. Nation-state adversaries are collecting encrypted data traffic today — VPN connections, TLS sessions, encrypted communications — and storing it for future quantum decryption.

Who should worry:

• Government and defence
• Financial services (transaction data, account data)
• Healthcare (patient records with long confidentiality requirements)
• Intellectual property (trade secrets, R&D data)
• Legal (attorney-client privilege, long-duration litigation)

If your encrypted data has a confidentiality requirement beyond 10 years, you should begin post-quantum migration now.

Practical Steps for 2026

For Every Organisation

1. Cryptographic inventory. Know where you use cryptography and which algorithms.
2. Risk assessment. Classify data by confidentiality duration. Identify harvest-now-decrypt-later risks.
3. Vendor engagement. Ask your cloud providers, security vendors, and software suppliers about their post-quantum roadmaps.
4. Stay informed. Monitor NIST and ETSI post-quantum standardisation.

For High-Risk Organisations

1. Pilot post-quantum TLS. Test ML-KEM in TLS 1.3 for internal services. Major browsers and libraries already support hybrid key exchange.
2. Implement hybrid encryption. For data at rest with long confidentiality requirements, encrypt with both AES-256 (classical) and a post-quantum KEM.
3. Update procurement requirements. Require post-quantum readiness in new infrastructure and software contracts.
4. Budget for migration. Cryptographic migration is a multi-year project. Start budgeting now.

---

The quantum threat to cybersecurity is real and approaching. Organisations that begin preparing now will transition smoothly; those that wait will face an expensive, high-risk rush. If you need help assessing your quantum readiness, let's talk.