Table of Contents
How Quantum Computers Differ From Classical Computers
Classical computers process information using bits that exist in one of two states: 0 or 1. Every calculation, from simple addition to complex encryption, is performed by manipulating these binary bits through logic gates. Quantum computers fundamentally change this model by using quantum bits, or qubits, which can exist in multiple states simultaneously through a property called superposition.
Superposition allows a quantum computer to explore many possible solutions to a problem at the same time, rather than checking them one by one as a classical computer must. Combined with entanglement, where qubits become linked so that the state of one instantly influences the state of another regardless of distance, quantum computers can solve certain types of problems exponentially faster than any classical machine.
This capability is not universally superior to classical computing. Quantum computers are not simply faster versions of existing computers. They excel at specific problem types, particularly those involving pattern finding, optimization, and notably, the mathematical problems that underpin modern encryption. This specific advantage is what makes quantum computing a serious concern for cybersecurity.
The Threat to Current Encryption
Shor's Algorithm and Public-Key Cryptography
In 1994, mathematician Peter Shor developed a quantum algorithm that can factor large numbers exponentially faster than any known classical algorithm. This is critical because the security of widely used public-key cryptography systems, specifically RSA and elliptic curve cryptography (ECC), depends on the practical impossibility of factoring very large numbers or solving discrete logarithm problems.
RSA encryption with a 2048-bit key would take a classical supercomputer thousands of years to break by brute force. A sufficiently powerful quantum computer running Shor's algorithm could theoretically accomplish the same task in hours. Similarly, ECC, which is used in TLS/HTTPS, digital signatures, cryptocurrency, and secure messaging, would be vulnerable to quantum attacks.
This means that the encryption protecting your online banking, email, messaging apps, VPN connections, and virtually all secure internet communications could be rendered ineffective by a sufficiently powerful quantum computer.
Grover's Algorithm and Symmetric Encryption
Grover's algorithm provides a quadratic speedup for searching unsorted databases, which effectively halves the security of symmetric encryption algorithms like AES. A 128-bit AES key, which is currently considered secure, would offer only 64-bit security against a quantum attack, which is breakable. However, simply doubling the key size to AES-256 would restore security to 128-bit equivalent strength, which remains safe.
This means symmetric encryption is less threatened by quantum computing than public-key encryption. AES-256, which is already widely deployed, is expected to remain secure in the post-quantum era.
Post-Quantum Cryptography
NIST Standardization
Recognizing the quantum threat, the U.S. National Institute of Standards and Technology launched a multi-year effort to standardize post-quantum cryptographic algorithms. After evaluating dozens of submissions from researchers worldwide, NIST selected several algorithms for standardization.
CRYSTALS-Kyber (ML-KEM)
CRYSTALS-Kyber, now formally known as ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism), was selected as the primary algorithm for key encapsulation, which is the process of securely exchanging encryption keys. Its security is based on the hardness of lattice problems, which are believed to be resistant to both classical and quantum attacks. Kyber offers small key sizes and fast performance, making it practical for widespread deployment.
CRYSTALS-Dilithium (ML-DSA)
CRYSTALS-Dilithium, now ML-DSA (Module-Lattice-Based Digital Signature Algorithm), was selected for digital signatures. Like Kyber, it is based on lattice mathematics and provides efficient signing and verification. Digital signatures are critical for software updates, code signing, certificate authentication, and document integrity verification.
Additional Algorithms
NIST also selected SPHINCS+ (SLH-DSA), a hash-based signature scheme that provides security based on different mathematical assumptions than lattice-based schemes, offering diversity in case lattice-based approaches are found to be weaker than expected.
Timeline and Current State
When Will Quantum Computers Break Encryption?
Estimates vary widely. Current quantum computers have hundreds of qubits, but breaking RSA-2048 would require millions of error-corrected logical qubits. Most experts estimate this capability is 10 to 30 years away, though predictions have consistently shifted earlier as the technology advances.
However, the threat is not entirely future-facing. Adversaries today may be harvesting encrypted communications with the intention of decrypting them later when quantum computers become available. This "harvest now, decrypt later" strategy means that data encrypted today with quantum-vulnerable algorithms may not be safe in the long term.
Migration Is Underway
Major technology companies have begun integrating post-quantum cryptography into their products. Google has experimented with post-quantum key exchange in Chrome. Apple has implemented PQ3 in iMessage. Signal has added PQXDH to its protocol. These early deployments demonstrate that the transition to post-quantum security is already happening.
The Hybrid Approach
During the transition period, many implementations are adopting a hybrid approach that combines traditional algorithms with post-quantum ones. This strategy ensures that communications remain secure even if one of the two algorithms is later found to be vulnerable. If the post-quantum algorithm has an undiscovered weakness, the classical algorithm still provides protection, and vice versa. This defense-in-depth strategy is considered the safest path for the migration period.
What You Can Do Now
While the quantum threat may seem distant, there are practical steps you can take today. Use AES-256 encryption for sensitive files and data, which remains quantum-resistant. Our text encryption tool can help protect your sensitive communications. Stay informed about post-quantum updates to the software and services you rely on. When choosing new encryption tools, prefer those that have announced post-quantum migration plans.
For long-term sensitive data, consider the harvest-now-decrypt-later threat. Information that must remain confidential for decades, such as medical records, trade secrets, or government documents, should be encrypted with quantum-resistant algorithms when possible, even today. As post-quantum standards are finalized and deployed, update your tools and practices accordingly. The transition to quantum-safe cryptography will be gradual, but awareness and preparation now will ensure you are not caught off guard.
Share this article
Raimundo Coelho
Cybersecurity specialist and technology professor with over 20 years of experience in IT. Graduated from Universidade Estácio de Sá. Writing practical guides to help you protect your data and stay safe in the digital world.
