Risks of Quantum Computing for Cryptography

The biggest threat to your data isn’t happening tomorrow. It happened yesterday. If you haven’t heard of HNDL (Harvest Now, Decrypt Later), your long-term data strategy has a massive blind spot. Here is the reality: State actors and cybercriminals are capturing your encrypted data today. They can’t read it yet, so they’re storing it in massive data vaults, waiting for the "Qday"—the moment quantum computers become powerful enough to break current encryption. If your data needs to stay private for 5, 10, or 20 years, it’s already at risk. What’s on the line? ↳ Intellectual Property (IP) and trade secrets. ↳ Government and identity data. ↳ Long-term financial records and contracts. ↳ Sensitive customer health data. How do we solve it? 🛠️ We cannot wait for quantum supremacy to react. The fix starts now: ↳ Inventory: Identify which data has a long shelf-life. ↳ Crypto-Agility: Move toward systems that can swap encryption methods without a total overhaul. ↳ Hybrid PQC: Implement Post-Quantum Cryptography alongside classical methods to ensure traffic captured today remains a mystery tomorrow. The transition to quantum-resistant security is a marathon, not a sprint. Are you tracking HNDL on your current risk register? Let’s discuss in the comments. 👇 P.S. If you want help mapping your exposure or building a PQC migration plan, drop me a message. ♻️ Share this post if it speaks to you, and follow me for more. #QuantumSecurity #PQC

Google is issuing a call to action: the quantum era will break the digital locks we rely on, and the window to get ahead of it is closing rapidly. This is a signal leaders should not ignore. Quantum’s promise, drug discovery, materials science, energy, comes with a brutal side effect: a cryptographically relevant quantum computer could unravel the public-key cryptosystems protecting bank transfers, private chats, trade secrets, and classified systems. And the most dangerous part is timing. Attackers don’t need quantum to arrive to start winning. They can harvest encrypted data now and decrypt it later. The breach happens in slow motion, then shows up all at once, helped by AI to find patterns and insights in the data. I’ve been saying this for years: if the last few years belonged to AI, the rest of this decade increasingly belongs to quantum, and the world is not ready for quantum’s “ChatGPT moment.” Standards are no longer the excuse. National Institute of Standards and Technology (NIST) finalized the first post-quantum cryptography standards in August 2024. This is the most underpriced risk in modern leadership. The “we’re waiting” era is over. Y2K was a $100B inconvenience. Quantum migration is a civil-engineering project for the digital world. Imagine a an airplane swapping engines mid-flight without crashing. That’s what “crypto agility” demands: replacing the cryptography under your entire business while customers keep booking, checking-in, boarding, and trusting the system. And the time to start working is today, because when one of the companies building toward this future tells the market to move, you move. Google has been working on post-quantum cryptography since 2016, and it’s now publicly warning that a large-scale quantum computer could break today’s public-key cryptography. That combination, deep capability plus an explicit call to action, isn’t PR. It’s a timeline a signal you should not ignore. This decade rewards leaders who modernize trust before trust collapses. Is your organization preparing itself for what is to come?

Is quantum computing the next big cybersecurity threat? For decades, encryption has been our digital fortress. But quantum computing is challenging that foundation—and the stakes couldn’t be higher. Let me explain. Quantum computers, powered by qubits and quantum mechanics, have the potential to break today’s most secure encryption methods in record time. Algorithms like RSA, which protect everything from online transactions to national secrets, may soon become obsolete. Here’s the reality: → "Harvest Now, Decrypt Later": Cybercriminals are already storing encrypted data, waiting for the day quantum computers can crack it. → Encryption at Risk: Shor’s Algorithm and similar quantum innovations could dismantle current security protocols, leaving sensitive information vulnerable. → The Clock is Ticking: While quantum computers aren’t powerful enough yet, experts predict it’s only a matter of time. So, how do we prepare? → Post-Quantum Cryptography: Organizations like NIST are working on quantum-resistant algorithms to protect future data. → Quantum-Safe Protocols: Hybrid models combining classical and quantum encryption are emerging to secure transitions. → Risk Assessments and Training: Companies must identify vulnerabilities and educate cybersecurity teams on the implications of quantum advancements. The future of cybersecurity isn’t just about defending against traditional threats—it’s about staying ahead of quantum possibilities. Are we ready to face the next wave of cyber threats? Let’s discuss. 👇

Three weeks ago, our Devsinc security architect, walked into my office with a chilling demonstration. Using quantum simulation software, she showed how RSA-2048 encryption – the same standard protecting billions of transactions daily – could theoretically be cracked in just 24 hours by a sufficiently powerful quantum computer. What took her classical computer billions of years to attempt, quantum algorithms could solve before tomorrow's sunrise. That moment crystallized a truth I've been grappling with: we're not just approaching a technological evolution; we're racing toward a cryptographic apocalypse. The quantum computing market tells a story of inevitable disruption, surging from $1.44 billion in 2025 to an expected $16.22 billion by 2034 – a staggering 30.88% CAGR that signals more than market enthusiasm. Research shows a 17-34% probability that cryptographically relevant quantum computers will exist by 2034, climbing to 79% by 2044. But here's what keeps me awake at night: adversaries are already employing "harvest now, decrypt later" strategies, collecting our encrypted data today to unlock tomorrow. For my fellow CTOs and CIOs: the U.S. National Security Memorandum 10 mandates full migration to post-quantum cryptography by 2035, with some agencies required to transition by 2030. This isn't optional. Ninety-five percent of cybersecurity experts rate quantum's threat to current systems as "very high," yet only 25% of organizations are actively addressing this in their risk management strategies. To the brilliant minds entering our industry: this represents the greatest cybersecurity challenge and opportunity of our generation. While quantum computing promises revolutionary advances in drug discovery, optimization, and AI, it simultaneously threatens the cryptographic foundation of our digital world. The demand for quantum-safe solutions will create entirely new career paths and industries. What moves me most is the democratizing potential of this challenge. Whether you're building solutions in Silicon Valley or Lahore, the quantum threat affects us all equally – and so does the opportunity to solve it. Post-quantum cryptography isn't just about surviving disruption; it's about architecting the secure digital infrastructure that will power humanity's next chapter. The countdown has begun. The question isn't whether quantum will break our current security – it's whether we'll be ready when it does.

Researchers at the University of Kent have raised concerns about the vulnerability of Bitcoin and other blockchain technologies to quantum computing. In a yet-to-be-peer-reviewed study, they suggest that a sufficiently advanced quantum computer could crack Bitcoin’s cryptographic security, posing an existential threat to the cryptocurrency ecosystem. The announcement follows Google’s recent unveiling of its 105-qubit ‘Willow’ quantum chip, which demonstrated computational power far beyond classical supercomputers. This breakthrough reignited fears about the potential for quantum computers to bypass Bitcoin’s encryption, which relies on algorithms like SHA-256 and ECDSA (Elliptic Curve Digital Signature Algorithm) for transaction security. Key Findings from the Study: 1. Quantum Threat to Bitcoin: A sufficiently advanced quantum computer could break Bitcoin’s encryption, potentially allowing malicious actors to steal funds or manipulate transactions on the blockchain. 2. Lengthy Update Downtime: Transitioning Bitcoin’s infrastructure to quantum-resistant cryptography could require up to 76 days of downtime, during which the blockchain would be extremely vulnerable. 3. Staggering Financial Losses: The disruption caused by such an attack or even the preparation for a quantum-safe upgrade could result in astronomical financial losses. How Quantum Computers Could Crack Bitcoin • Bitcoin uses public-private key pairs for secure transactions. • A quantum computer with sufficient qubits and error correction capabilities could reverse-engineer private keys from public keys using Shor’s Algorithm. • Once private keys are exposed, attackers could authorize transactions and effectively drain wallets. Potential Solutions: • Post-Quantum Cryptography (PQC): Researchers are actively developing encryption methods resistant to quantum attacks, such as lattice-based cryptography. • Blockchain Hard Fork: Implementing a system-wide upgrade to quantum-resistant algorithms before quantum computers reach the necessary scale. • Hybrid Cryptography: Using a combination of classical and quantum-resistant cryptographic methods during the transition period. The Road Ahead: While quantum computers capable of such feats are not yet operational, the rapid advancements in the field suggest it’s only a matter of time. The Bitcoin community, developers, and stakeholders must act proactively to adopt quantum-resistant encryption standards to safeguard the cryptocurrency’s future. As Carlos Perez-Delgado, co-author of the study, points out: “Even brief downtime or delays in blockchain updates can result in catastrophic consequences in a financial system of this scale.”

Quantum computing is moving from "science fiction" to "business reality" faster than most predicted. Two recent papers have fundamentally shifted the timeline for when we need to care about Quantum-Safe security: 1️⃣ The "10,000 Qubits" Milestone: New research shows that we can execute Shor’s algorithm—the math that breaks today’s encryption—with far fewer resources than previously thought. By using reconfigurable atomic qubits, the hardware requirements for cracking RSA-2048 have dropped by nearly 20x. 2️⃣ The "9-Minute" Crypto Warning: Google’s latest whitepaper highlights a terrifying reality for digital assets. Under advanced quantum scenarios, the encryption protecting a cryptocurrency wallet could be cracked in under 10 minutes. This puts billions in "dormant" assets at immediate risk of "at-rest" attacks. The Bottom Line: The "Q-Day" window is shrinking. It’s no longer about if a quantum computer can break your encryption, but when your current migration timeline will run out. How do we respond? We can't just flip a switch on "Q-Day." For many organizations, becoming quantum safe is a multi-year journey. This is where Palo Alto Networks Quantum-Safe Security comes in. Instead of a manual, multi-year overhaul, we provide a path to Agentic Resilience: - Continuous Discovery: It automatically maps your "cryptographic bill of materials" (CBOM), identifying exactly where vulnerable RSA and ECC algorithms are hiding in your network. - Risk Prioritization: It correlates your encryption strength with business criticality, telling you exactly which high-value assets need to move to Post-Quantum Cryptography (PQC) first. - Real-Time Remediation: For legacy systems that can’t be easily upgraded, a "Quantum-Safe Proxy" re-encrypts vulnerable traffic into post-quantum algorithms (like ML-KEM) at the network edge. The transition to a quantum-safe future is a marathon, but the starting gun has already fired. Learn how to take your first steps at the link in the comments.

We’re all bracing for “Harvest Now, Decrypt Later.” The risk that keeps me up at night is its more dangerous twin: “Trust Now, Forge Later.” This isn’t about reading your secrets tomorrow. It’s about forging the signatures and certificates your systems trust today - software updates, firmware, documents, device identities - once quantum computers can break RSA/ECC. When the control plane (signing and verification) fails, attackers can push "validly signed" malware and instructions that our systems accept without a blink. Why this matters - especially in OT and cyber‑physical environments: - Integrity -> safety. In factories, energy, healthcare, and transport, forged signatures can become physical harm. - Long‑lived devices. Roots of trust burned into ROM, narrow maintenance windows, and legacy protocols mean PQC migration in OT is harder (much harder) and slower than in IT. - Evidence and provenance. If signatures become forgeable, non‑repudiation and long‑term legal trust need PQ‑secure timestamping and re‑signing strategies. I lay it out here - including why “Sign Today, Forge Tomorrow / Trust Now, Forge Later” is often a bigger risk than HNDL for OT and critical infrastructure, and why the migration is uniquely complex. #QuantumThreat #QuantumComputing #TrustNowForgeLater #TNFL #QuantumSecurity #PQC #PostQuantum #QuantumReadiness

From a friend... 'Today, almost all data on the Internet, including bank transactions, medical records, and secure chats, is protected with an encryption scheme called RSA (named after its creators Rivest, Shamir, and Adleman). This scheme is based on a simple fact—it is virtually impossible to calculate the prime factors of a large number in a reasonable amount of time, even on the world’s most powerful supercomputer. Unfortunately, large quantum computers, if and when they are built, would find this task a breeze, thus undermining the security of the entire Internet. Luckily, quantum computers are only better than classical ones at a select class of problems, and there are plenty of encryption schemes where quantum computers don’t offer any advantage. Today, the U.S. National Institute of Standards and Technology (NIST) announced the standardization of three post-quantum cryptography encryption schemes. With these standards in hand, NIST is encouraging computer system administrators to begin transitioning to post-quantum security as soon as possible... ...Most experts believe large-scale quantum computers won’t be built for at least another decade. So why is NIST worried about this now? There are two main reasons. First, many devices that use RSA security, like cars and some IoT devices, are expected to remain in use for at least a decade. So they need to be equipped with quantum-safe cryptography before they are released into the field. Second, a nefarious individual could potentially download and store encrypted data today, and decrypt it once a large enough quantum computer comes online. This concept is called “harvest now, decrypt later“ and by its nature, it poses a threat to sensitive data now, even if that data can only be cracked in the future.' https://lnkd.in/gxsczMAY

EY’s perspective on securing against #quantum #risks emphasizes that quantum #computing is rapidly evolving from a theoretical concern into a material cybersecurity threat that requires immediate strategic action. The core issue lies in the vulnerability of widely used cryptographic algorithms, such as RSA and elliptic curve cryptography, which could be broken by sufficiently advanced quantum computers. This creates a systemic risk to sensitive data, including financial information, intellectual property, and personal records. A central concept highlighted is the “harvest now, decrypt later” threat model, in which adversaries collect encrypted data today with the intention of decrypting it in the future as quantum capabilities mature. This makes quantum risk a present-day problem, particularly for data requiring long-term confidentiality. EY stresses that organizations must adopt a proactive and structured approach to quantum readiness. A foundational step is to conduct a comprehensive cryptographic inventory, identify sensitive #data, and map existing #encryption methods. This enables organizations to assess which systems are most exposed and prioritize remediation efforts. Transitioning to post-quantum cryptography (PQC) is a complex, multi-year transformation that requires careful planning, integration into existing #technology roadmaps, and alignment with emerging standards. Organizations are encouraged to build crypto-agility, allowing them to adapt encryption methods as technologies and standards evolve. EY also highlights the importance of #governance, #compliance, and #workforce readiness. Quantum resilience requires enterprise-wide coordination, including policy development, regulatory alignment, continuous monitoring, and personnel training. EY frames quantum cybersecurity not just as a technical upgrade but as a strategic #transformation initiative. Organizations that act early can strengthen resilience, improve cyber maturity, and gain a competitive advantage, while those that delay risk long-term exposure to data breaches, regulatory challenges, and erosion of #digital #trust.

⏳ 𝗤𝘂𝗮𝗻𝘁𝘂𝗺 𝗖𝗼𝗺𝗽𝘂𝘁𝗶𝗻𝗴 𝗮𝗻𝗱 𝗖𝗿𝘆𝗽𝘁𝗼𝗴𝗿𝗮𝗽𝗵𝘆: 𝗧𝗵𝗲 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲 𝗜𝘀 𝗦𝗵𝗿𝗶𝗻𝗸𝗶𝗻𝗴 𝗖𝗹𝗲𝗮𝗿 𝗣𝗮𝘁𝗵 𝘁𝗼 𝗖𝗿𝘆𝗽𝘁𝗮𝗻𝗮𝗹𝘆𝘁𝗶𝗰 𝗥𝗲𝗹𝗲𝘃𝗮𝗻𝗰𝗲 The Bundesamt für Sicherheit in der Informationstechnik (BSI) analysis is clear: Quantum computing is progressing steadily toward cryptanalytic relevance. The technical path is established: fault-tolerant Shor algorithms on superconducting systems with surface codes or ion-based systems with color codes. In 2024, key obstacles were removed. Quantum error correction works. Fault-tolerant computation is real. What remains is large-scale engineering. 𝗪𝗵𝘆 𝘁𝗵𝗲 “𝟮𝟬-𝗬𝗲𝗮𝗿” 𝗡𝗮𝗿𝗿𝗮𝘁𝗶𝘃𝗲 𝗜𝘀 𝗪𝗿𝗼𝗻𝗴 Error-correction break-even across several platforms in 2024–2025 invalidates the claim that relevant quantum computers are always decades away. A conservative estimate now points to around 15 years. This matches observed qubit growth and implies that systems with roughly one million qubits could be available in that timeframe, which is sufficient for cryptographic attacks. 𝗔 𝗦𝘁𝗿𝗮𝗶𝗴𝗵𝘁𝗳𝗼𝗿𝘄𝗮𝗿𝗱 𝗦𝗰𝗮𝗹𝗶𝗻𝗴 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲 The same result emerges from a modular view. Five years to design a scalable platform. Five years to produce and integrate modules. Five years to operate at full scale and quality. This is a scaling problem, not a scientific unknown. 𝗪𝗵𝗮𝘁 𝗖𝗼𝘂𝗹𝗱 𝗦𝗵𝗼𝗿𝘁𝗲𝗻 𝘁𝗵𝗲 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲 Advances in qLDPC codes, error mitigation, and neutral-atom platforms could reduce the horizon further. Ten years is no longer unrealistic. 𝗨𝗻𝗰𝗲𝗿𝘁𝗮𝗶𝗻𝘁𝘆 𝗜𝘀 𝗦𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗮𝗹 Multiple hardware platforms progress in parallel. Companies protect core technology. Some work happens in stealth mode. National security plays a role. A hidden qualitative leap seems unlikely today, but cannot be excluded. 𝗤-𝗗𝗮𝘆 𝗮𝗻𝗱 𝘁𝗵𝗲 𝗛𝗡𝗗𝗟 𝗥𝗶𝘀𝗸 To stay on the safe side, Q-Day planning should assume a horizon of no more than 10 years, especially for nation-state actors and cyber agencies. AI will accelerate engineering, scaling, and cryptanalysis. This increases the risk that Q-Day arrives earlier than expected. The HNDL threat—harvest now, decrypt later—is already active. Sensitive data intercepted today can be decrypted in the future. This affects critical infrastructure, government systems, and industrial communication with long confidentiality lifetimes. Protection must start now. This requires crypto-agile architectures and the early deployment of hybrid schemes combining classical and post-quantum cryptography. 𝗜𝗺𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀 𝗳𝗼𝗿 𝗖𝗿𝘆𝗽𝘁𝗼𝗴𝗿𝗮𝗽𝗵𝗶𝗰 𝗜𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 Post-quantum migration is no longer optional. Waiting increases risk. 𝗢𝘂𝗿 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 𝗳𝗼𝗿 𝘁𝗵𝗲 𝗗-𝗦𝘁𝗮𝗰𝗸 We at Spherity assessed these risks and transition paths for the German D-Stack, with a focus on crypto agility and long-term resilience: https://lnkd.in/eTJT4erD