While AI represents a current and rapidly escalating threat, quantum computing poses a more fundamental, existential risk to the cryptographic foundations of all modern digital communication. The development of a cryptographically relevant quantum computer (CRQC)—a machine powerful enough to break today's widely used public-key encryption algorithms - will render much of our current security infrastructure obsolete.
The algorithms at risk, primarily RSA and Elliptic Curve Cryptography (ECC), are the bedrock of secure communications, used to protect everything from HTTPS web traffic and VPNs to the key exchange mechanisms in mobile networks. A CRQC running Shor's algorithm could solve the mathematical problems underlying these systems in minutes or hours, a task that would take a classical supercomputer billions of years.
While a CRQC is not expected to be publicly available for several years, possibly in the 2030s, the threat is immediate due to a strategy known as "Harvest Now, Decrypt Later" (HNDL). This concept recognises that adversaries, particularly well-resourced nation-states, are already intercepting and storing massive volumes of encrypted data flowing across
global networks today. They are stockpiling this data with the expectation that once a CRQC becomes operational, they will be able to go back and decrypt this treasure trove of historical communications, exposing years of state secrets, corporate intellectual property, and private conversations.
This HNDL threat fundamentally changes the security calculus. It is no longer a future problem but a present-day data security crisis for any information that must remain confidential for the next decade or more. The only viable defence is to transition to a new generation of cryptographic algorithms that are resistant to attack by both classical and quantum computers.
This field, known as Post-Quantum Cryptography (PQC), is the focus of a global effort led by institutions like the U.S. National Institute of Standards and Technology (NIST). In 2024, NIST finalised its first suite of standardised PQC algorithms, including CRYSTALS-KYBER for key exchange and CRYSTALS-Dilithium for digital signatures, while other goverments are still developing their own standards.
However, even as governments decide upon their own preferred PQC implementations, the migration to these new standards is an immediate imperative for governments and enterprises that handle sensitive, long-lived data. Any communication of consequence transmitted today without PQC protection must be considered compromised in the future.
Upgrade to Post-Quantum Secure Communications today.
Upgrade to Post-Quantum Secure Communications today.
Upgrade to Post-Quantum Secure Communications today.
