The digital security framework supporting global finance, commerce, and defense relies on one main idea: it is extremely hard for classical computers to factor large numbers or solve discrete logarithms quickly. This assumption is under serious threat from a groundbreaking technology—quantum computers.
For executives, the time is coming when the idea of a “Cryptographically Relevant Quantum Computer” (CRQC) shifts from theory to reality. This isn’t a distant issue. The strategy of “Harvest Now, Decrypt Later” (HNDL), where state-sponsored players collect encrypted data now for decryption later when a CRQC is available, shows that this risk is already present. Understanding this threat and the urgent need to migrate is crucial for maintaining long-term data security.
The Algorithmic Hammer: How Shor’s Algorithm Decimates Public-Key Cryptography
The main threat from quantum computing lies in the difference between classical bits and quantum bits, or qubits. Classical bits exist in a binary state (0 or 1), while qubits use quantum properties, such as superposition and entanglement, to be in several states at once. This allows quantum computers to solve specific problems much faster than any classical supercomputer.
The significant vulnerability stems from Shor’s Algorithm, introduced by Peter Shor in 1994.
1.Attacking Public-Key Infrastructure (PKI)
Modern Public Key Cryptography (PKC), which includes widely used RSA (Rivest–Shamir–Adleman) and ECC (Elliptic Curve Cryptography), depends on mathematically tough problems.
- RSA security is based on the difficulty of factoring large integers.
- ECC security relies on the challenge of solving the discrete logarithm problem.
Shor’s Algorithm dramatically speeds up the solution for both problems. What would take a classical supercomputer billions of years, a powerful quantum computer could solve in minutes or hours. This effectively puts the security of global public key systems at risk. This risk also affects secure communications (TLS/SSL), digital signatures, cryptocurrency wallets (which use ECDSA), and secure hardware modules.
2.Weakening Symmetric Encryption (The Grover Effect)
While Shor’s Algorithm directly impacts PKC, quantum computing also reduces the security of symmetric key encryption, like AES (Advanced Encryption Standard), through Grover’s Algorithm. Grover’s Algorithm improves the speed of unstructured search problems. For a symmetric key system, this means a 128-bit key is only as secure as a 64-bit key against a quantum attacker. For example, AES-256 would effectively become AES-128. While AES-128 is secure for now, it will eventually require longer key lengths to maintain security in a quantum world.
The Quantum Hardware Roadmap: The Race to a CRQC
The threat is theoretically established, but the timeline for its emergence—known as Q-Day—depends on how quickly hardware improves. Quantum chip development is moving fast toward becoming relevant for cryptography.
Physical Qubits vs. Logical Qubits
Current quantum computers function in the Noisy Intermediate-Scale Quantum (NISQ) era. The key factor for breaking encryption is not the number of physical qubits but the number of high-quality logical qubits. One error-free logical qubit often needs thousands of imperfect physical qubits, managed by complex Quantum Error Correction (QEC) systems, to keep the quantum state stable against noise.
- Current State (2025): Companies like IBM, Google, and IonQ are rapidly increasing physical qubit counts. Major players have roadmaps aimed at fault-tolerant systems. For instance, IBM has plans extending to 2033, and IonQ reached 36 algorithmic qubits (AQ36) as of December 2024. AWS also recently announced its first proprietary chip, “Ocelot,” which uses cat qubits to minimize error.
- The Critical Threshold: Estimates from 2019 indicated that a quantum computer with roughly 20 million physical qubits would be necessary to break a 2048-bit RSA key in just hours. This threshold will likely be reached once a few thousand high-quality logical qubits are created.
- Timeline Projections: While a fully operational CRQC is still years away, NIST and industry experts believe the earliest chance for breaking RSA-2048 might be around 2030. Given that transitioning to post-quantum cryptography historically takes over a decade, the time for executive action is now.
The Executive Mandate: Transitioning to Post-Quantum Cryptography (PQC)
The answer to the quantum threat is the prompt, phased adoption of Post-Quantum Cryptography (PQC)—new cryptographic methods based on mathematical problems that are currently difficult for both classical and quantum computers to solve.
NIST Standardization and Adoption Deadlines
The U.S. National Institute of Standards and Technology (NIST) has led an extensive process to select and standardize PQC algorithms. As of 2024, NIST has finalized the first set of PQC standards, marking the start of the transition phase.
PQC Algorithm Category Standardized Use Case NIST Standard Examples
|
PQC Algorithm Category |
Standardized Use Case |
NIST Standard Examples
|
|
Lattice-Based |
Key Encapsulation Mechanism (KEM)/Encryption |
CRYSTALS-Kyber (ML-KEM) |
|
Lattice-Based |
Digital Signatures |
CRYSTALS-Dilithium (ML-DSA) |
|
Hash-Based |
Digital Signatures |
SPHINCS+ (SLH-DSA) |
The regulatory timeline is now urgent, especially for critical infrastructure:
- NSA CNSA 2.0: This requires the use of quantum-safe algorithms for National Security Systems. Full adoption is expected by 2030, with exclusive use by 2033.
- NIST Deprecation: NIST guidelines indicate that existing algorithms vulnerable to quantum attacks (RSA, ECC, etc.) will be officially deprecated by 2030 and completely banned by 2035.
The Strategic Imperatives for CTOs and VPs
Transitioning to PQC is much more complex than just applying a software patch. It requires a strategic, multi-year overhaul of deeply integrated cryptographic systems.
1.Implement Crypto-Agility
Organizations need to design systems with crypto-agility—the ability to quickly switch or combine cryptographic methods without needing a complete rework of the entire application. This is crucial for managing the risk that even new PQC algorithms could become vulnerable in the future.
2.Employ Hybrid Deployments
The best immediate step is Hybrid Cryptography, which combines a classic algorithm (like ECC) with a new PQC algorithm (like ML-KEM). This ensures secure communication against both current classical and emerging quantum attacks until the PQC standards are confirmed and widely adopted.
3.Conduct a Full Cryptographic Inventory
Executive teams should require a thorough inventory of all cryptographic assets, especially long-term systems and data that need confidentiality for over 10 years (e.g., healthcare records, intellectual property, defense secrets). Identifying where RSA-2048 and ECC-256 are used for key management and digital signatures is the first essential step in planning the migration.
The New Security Frontier
The significant threat posed by quantum chips to current encryption signals that the $72 billion quantum computing industry will change cybersecurity. The combination of Shor’s Algorithm and advanced QEC techniques is counting down to Q-Day.
For executives, delaying action is not an option. The data being encrypted now, including trade secrets, financial transactions, and geopolitical communications, needs protection against the HNDL threat. The mandate is clear: start the shift to NIST-approved PQC and implement crypto-agile systems right away. The long-term security of your organization relies on taking decisive action now, before quantum technology fully disrupts the digital landscape.