How Quantum Computing Threatens Current Encryption and What to Do About It
An explanation of how quantum computing will affect encryption, the timeline for concern, and practical steps organizations should take now to prepare.
The Quantum Threat to Encryption
Modern encryption protects virtually every digital interaction -- online banking, email, cloud storage, document sharing, healthcare records, and government communications. The security of this encryption relies on mathematical problems that are extraordinarily difficult for classical computers to solve.
Quantum computing changes this equation. Quantum computers leverage quantum mechanical phenomena -- superposition and entanglement -- to perform certain calculations exponentially faster than classical computers. Some of the mathematical problems that underpin current encryption are among the calculations that quantum computers will excel at.
This is not science fiction. While large-scale, fault-tolerant quantum computers do not yet exist, they are under active development by governments and technology companies worldwide. The question is not whether they will arrive, but when.
What Encryption Is at Risk
Not all encryption is equally threatened by quantum computing. Understanding which algorithms are vulnerable is essential for prioritizing your response.
Vulnerable: Public-Key (Asymmetric) Cryptography
Public-key cryptography relies on mathematical problems that quantum computers can solve efficiently using Shor's algorithm:
| Algorithm | Use Case | Quantum Vulnerability |
|---|---|---|
| RSA | Digital signatures, key exchange, encryption | Broken by Shor's algorithm |
| ECC (Elliptic Curve) | Digital signatures, key exchange | Broken by Shor's algorithm |
| Diffie-Hellman | Key exchange | Broken by Shor's algorithm |
| DSA | Digital signatures | Broken by Shor's algorithm |
These algorithms protect:
- TLS/SSL connections (HTTPS)
- VPN tunnels
- Email encryption (S/MIME, PGP)
- Digital signatures and certificates
- Key exchange for symmetric encryption
Less Vulnerable: Symmetric Cryptography
Symmetric encryption algorithms like AES are affected by Grover's algorithm, which effectively halves the key length. This means:
- AES-128 would provide roughly 64-bit security against a quantum computer (insufficient)
- AES-256 would provide roughly 128-bit security against a quantum computer (still adequate)
Less Vulnerable: Hash Functions
Hash functions like SHA-256 are also affected by Grover's algorithm but remain secure at current output lengths for most applications.
The "Harvest Now, Decrypt Later" Threat
The most immediate concern is not a quantum computer breaking your encryption today. It is an adversary collecting your encrypted data now with the intention of decrypting it when quantum computers become available.
This "harvest now, decrypt later" (HNDL) strategy is particularly concerning for:
- Government and military communications with long-term classification periods
- Trade secrets and intellectual property that maintain value for decades
- Personal health records that are sensitive for an individual's lifetime
- Financial records subject to long retention periods
- Legal documents with long-term confidentiality requirements
If your encrypted data has a secrecy requirement that extends beyond the expected arrival of large-scale quantum computers, the HNDL threat is relevant to you today.
Timeline: When Should You Be Concerned?
Estimating when cryptographically relevant quantum computers (CRQCs) will exist is inherently uncertain. Expert opinions vary:
- Optimistic estimates: 2030-2035 for a CRQC capable of breaking RSA-2048
- Moderate estimates: 2035-2045
- Conservative estimates: 2045 or later
- Some skeptics: Possibly never at the scale needed
However, the timeline for concern is not the same as the timeline for CRQCs. Consider:
- Migration takes years. Transitioning cryptographic infrastructure across a large organization takes 5-10 years.
- Standards take time. Post-quantum cryptography standards are being finalized now, but implementation and interoperability will take additional years.
- Data has a shelf life. If your data must remain confidential for 20 years and a CRQC arrives in 15 years, you needed to migrate 5 years ago.
The formula is simple: if the time to migrate plus the secrecy lifetime of your data exceeds the time until CRQCs arrive, you should be acting now.
Post-Quantum Cryptography: The Solution
Post-quantum cryptography (PQC) refers to cryptographic algorithms that are believed to be secure against both classical and quantum computers. Unlike quantum cryptography (which uses quantum mechanics for key distribution), PQC runs on classical hardware.
NIST Post-Quantum Standards
The US National Institute of Standards and Technology (NIST) has been leading a multi-year effort to standardize PQC algorithms. As of 2025, the following have been standardized or selected:
Key Encapsulation Mechanisms (for key exchange):
- ML-KEM (CRYSTALS-Kyber) -- Based on module lattice problems, now the primary NIST standard for key encapsulation
Digital Signatures:
- ML-DSA (CRYSTALS-Dilithium) -- Lattice-based digital signature scheme
- SLH-DSA (SPHINCS+) -- Hash-based digital signature scheme (stateless)
- FN-DSA (FALCON) -- Lattice-based signature scheme with smaller signatures
Hybrid Approaches
During the transition period, many organizations are adopting hybrid approaches that combine classical and post-quantum algorithms. This ensures security against both classical and quantum attacks:
- If the PQC algorithm turns out to have an unforeseen weakness, the classical algorithm still provides protection
- If a quantum computer arrives sooner than expected, the PQC algorithm provides protection
What Organizations Should Do Now
1. Conduct a Cryptographic Inventory
You cannot migrate what you do not know about. Identify all cryptographic algorithms, protocols, and libraries in use across your organization:
- TLS configurations on web servers and applications
- VPN and remote access protocols
- Email encryption and digital signature systems
- Database encryption
- File and document encryption
- Certificate authorities and PKI infrastructure
- Code signing and software supply chain cryptography
- IoT and embedded device cryptography
2. Assess Your Risk Profile
Determine your exposure based on:
- The secrecy lifetime of your data (how long must it remain confidential?)
- Your migration timeline (how long will it take to update your cryptographic infrastructure?)
- Your threat profile (are you a target for nation-state adversaries who might conduct HNDL attacks?)
3. Prioritize Migration
Not everything needs to be migrated at once. Prioritize based on:
- Data sensitivity and secrecy lifetime
- Exposure to HNDL attacks (data in transit over public networks is more exposed)
- Ease of migration (some systems are easier to update than others)
- Regulatory requirements (some sectors may face PQC mandates sooner)
4. Begin with TLS and Key Exchange
TLS connections are the most exposed to HNDL attacks because the encrypted data traverses public networks. Migrating to PQC-enabled TLS (using ML-KEM for key exchange) should be a high priority.
5. Update Encryption at Rest
For stored data with long secrecy lifetimes, consider re-encrypting with PQC algorithms or using hybrid encryption that includes a PQC component.
6. Plan for Crypto Agility
Design your systems to support cryptographic agility -- the ability to swap cryptographic algorithms without major re-engineering. This protects you against future algorithm deprecations, whether quantum-related or otherwise.
Industry and Government Action
Governments and industry bodies are taking the quantum threat seriously:
- US Executive Order on quantum security directing federal agencies to begin PQC migration
- NIST PQC standards providing the algorithmic foundation for migration
- ENISA (EU) publishing guidance on quantum-safe cryptography for European organizations
- Financial regulators beginning to include quantum risk in cybersecurity guidance
- Defense departments worldwide accelerating PQC adoption for classified systems
The Document Hosting Angle
Document hosting platforms are particularly relevant to the quantum threat because documents often have long confidentiality requirements. A legal document, medical record, or strategic plan encrypted today may need to remain confidential for decades -- well into the era of quantum computing.
Platforms like GlobalDataShield that prioritize strong encryption and crypto-agile architectures will be better positioned to protect documents through the quantum transition. Organizations should evaluate their document hosting providers' encryption approaches and quantum readiness as part of their overall PQC strategy.
Conclusion
The quantum threat to encryption is real but manageable with proactive planning. The key is to start now -- inventorying your cryptographic dependencies, assessing your risk, and beginning the transition to post-quantum cryptography. Organizations that wait until quantum computers are a demonstrated threat will find themselves years behind in a migration that takes years to complete.
Ready to Solve Data Residency?
Get started with GlobalDataShield - compliant document hosting, ready when you are.