Quantum and Cryptography: The Threat That's Already Changing Security

Article 6 of 9 — Foundations of Quantum Computing

Of everything quantum computing might eventually do, one consequence is concrete enough that organizations are spending real money on it right now, despite no quantum computer yet being able to carry out the threat: the ability to break much of the encryption that protects the internet. The strange twist is that you don't need the dangerous quantum computer to exist for the danger to be real today — because data stolen now can be unlocked later. This article explains the threat, why it's already prompting a global scramble, and what "post-quantum cryptography" actually is.

The basics cover the threat and the response. Going Deeper examines the timeline paradox, why migration is so hard, and a common confusion about what defends against the threat.

The basics: why encryption is at risk

Most secure communication today — banking, messaging, logins, government data — relies on public-key cryptography, principally schemes called RSA and elliptic-curve cryptography (ECC). Their security rests on mathematical problems that classical computers can't solve quickly: RSA on the difficulty of factoring very large numbers, ECC on a related "discrete logarithm" problem. For decades, these have been effectively unbreakable in practice.

Shor's algorithm (Article 5) changes that. A sufficiently large, fault-tolerant quantum computer running Shor's algorithm could solve exactly those problems efficiently — unravelling RSA and ECC. The encryption that guards much of modern life would no longer be safe.

The important qualifier: sufficiently large and fault-tolerant. As Articles 4 and 5 stressed, no such machine exists today, and building one is a major distance away. So why act now?

The basics: "harvest now, decrypt later"

The reason is a threat model with an unsettling name: harvest now, decrypt later (HNDL). An adversary doesn't need a quantum computer today to benefit from one tomorrow. They can intercept and store encrypted data now — diplomatic cables, financial records, health data, trade secrets — and simply wait. The day a capable quantum computer arrives, they decrypt the archive.

This flips the timeline. Any information that must stay secret for years or decades is arguably at risk today, because it may already be sitting in someone's storage waiting for future decryption. Security agencies in several countries have warned that this large-scale collection is believed to be happening already. The threat to long-lived secrets is, in effect, a present-tense problem.

The basics: post-quantum cryptography

The defense is post-quantum cryptography (PQC) — new encryption algorithms that run on ordinary classical computers but are designed to resist attacks from both classical and quantum machines. They rely on different mathematical problems that, as far as researchers know, even a quantum computer can't crack efficiently.

After a multi-year international competition, the US National Institute of Standards and Technology (NIST) finalized its first PQC standards in August 2024 — including ML-KEM (for key exchange), ML-DSA, and SLH-DSA (for digital signatures). Through 2026, the focus has shifted from choosing algorithms to the much harder work of deploying them: governments and major technology companies began rolling out quantum-resistant encryption, with federal timelines pushing organizations to inventory their systems and migrate. Some major platforms started defaulting to quantum-safe connections.

One reassurance worth stating: not all cryptography is equally threatened. Symmetric encryption (such as AES, used to encrypt stored data and much traffic once a connection is established) is far less vulnerable — Grover's algorithm offers only a quadratic speed-up against it, which can be neutralized largely by using longer keys. The acute threat is to public-key cryptography specifically.

Going deeper: the timeline paradox and the migration problem

For readers who want the deeper picture, the cryptography story turns on a few subtle points.

Mosca's theorem and the timeline paradox. A useful way to frame the urgency compares three timespans: how long your data must stay secret (call it Y), how long migration to PQC will take (X), and how long until a cryptographically relevant quantum computer exists (Z). If X plus Y is greater than Z, you have a problem — your data will be exposed before you've finished protecting it. Because migration is slow and some data must stay secret for decades, organizations can face the threat even if the quantum computer is many years away. This is why "the machine doesn't exist yet" is not a reason to wait.

Migration is a rip-and-replace, not a patch. Swapping cryptographic algorithms across an organization's entire stack — protocols, hardware, embedded systems, certificates, third-party dependencies — is enormously complex. A guiding principle is crypto-agility: designing systems so the algorithm can be swapped via configuration rather than a full rewrite. Many also deploy hybrid schemes that run a classical and a post-quantum algorithm together, so the connection stays secure even if one is later found weak. The sheer scope is why the migration began well before any quantum computer is capable of the attack.

PQC is not QKD — a common confusion. Post-quantum cryptography is software: new math running on normal computers. It is different from quantum key distribution (QKD), which uses quantum physics (and special hardware) to detect eavesdropping on a key exchange. QKD is real but niche, hardware-intensive, and not the practical answer for securing the broad internet. The mainstream response to the quantum threat is PQC, not QKD — a distinction often blurred in coverage.

PQC isn't provably unbreakable. The new algorithms are believed secure against known quantum attacks, but "believed secure" is not "proven secure" — which is exactly why standards bodies selected multiple algorithm families and favour hybrid, agile deployments. Cryptography is always provisional.

The takeaway

A large fault-tolerant quantum computer running Shor's algorithm could break the public-key cryptography (RSA, ECC) that secures much of the internet. No such machine exists yet, but the "harvest now, decrypt later" threat makes long-lived secrets vulnerable today, since encrypted data can be stored and decrypted in future. The response is post-quantum cryptography — quantum-resistant algorithms standardized by NIST in 2024 and now being deployed worldwide. Migration is slow, hard, and already underway; symmetric encryption is far less threatened; and PQC (software) should not be confused with QKD (hardware).

What people commonly get wrong

• "The threat is here now." No quantum computer can break encryption yet — but HNDL plus slow migration make it a present-tense problem for long-lived secrets.
• "It's safe to wait until quantum computers exist." Mosca's framing shows why that's too late for data needing long-term secrecy.
• "Quantum breaks all encryption." Public-key schemes are the acute risk; symmetric encryption like AES is far more resilient.
• "PQC and QKD are the same." PQC is new software; QKD is specialized quantum hardware. PQC is the mainstream path.
• "Migration is just a software update." It's a complex, organization-wide rip-and-replace, which is why crypto-agility matters.

This article is educational and is not security, technical, or professional advice. Organizations facing real migration decisions should consult qualified security professionals and primary guidance from bodies such as NIST. Standards and deadlines evolve; verify current details before acting.

Sources for context: NIST post-quantum cryptography standards (FIPS 203/204/205, finalized August 2024) and NCCoE migration guidance; security-industry and government reporting on PQC migration and the "harvest now, decrypt later" threat, 2024–2026. Refresh standards and timelines at publish time.

Next in the series: Article 7 — Applications vs. Hype: chemistry, optimization, finance, and AI — sorting the genuinely promising from the overstated.