Cybersecurity in the Age of Quantum Computing

In the cryptography community, 'Y2Q' refers to the moment a sufficiently powerful quantum computer becomes capable of breaking the public-key cryptographic algorithms — RSA, ECDSA, and Diffie-Hellman — that underpin virtually all of modern digital security. This is not science fiction. NIST standardised its first four post-quantum cryptographic algorithms in August 2024. Nation-state actors are almost certainly harvesting encrypted traffic today with the intention of decrypting it when quantum capability arrives — a strategy known as 'harvest now, decrypt later.'

It is important to be precise about what a quantum computer does and does not threaten. Shor's algorithm, running on a sufficiently capable quantum computer, can break RSA and elliptic-curve cryptosystems in polynomial time. This threatens: public key infrastructure (your TLS certificates, your SSH keys, your code signing certificates), asymmetric key exchange protocols (Diffie-Hellman), and digital signatures.

Symmetric encryption (AES) and hashing (SHA-256) are much more resistant. Grover's algorithm provides a quadratic speedup for searching, which effectively halves the security of a symmetric key — meaning AES-256 would provide AES-128-equivalent security in a post-quantum world. The mitigation is simply to increase key sizes, not to replace the algorithms.

NIST's post-quantum cryptography standardisation project has produced four approved algorithms. CRYSTALS-Kyber (now called ML-KEM) is the key encapsulation mechanism that replaces Diffie-Hellman for key exchange. CRYSTALS-Dilithium (ML-DSA), FALCON, and SPHINCS+ are digital signature schemes replacing ECDSA and RSA for signing.

These algorithms are based on mathematical problems — lattice problems and hash functions — that are believed to be hard even for quantum computers. 'Believed to be' is an important qualifier: post-quantum cryptography is a younger field than public-key cryptography, and confidence in these algorithms will grow over time as they receive more cryptanalytic attention.

The practical response to quantum computing for most enterprises is not to immediately replace all cryptographic components — a multi-year and very expensive project. The priority is to achieve crypto agility: an architecture where the cryptographic algorithm used in each component can be swapped without rewriting the surrounding system.

This means auditing your cryptographic inventory (what algorithms are in use, where, and why), abstracting your cryptographic operations behind interfaces that allow algorithm replacement, and beginning the migration of your most long-lived secrets — the data that must remain confidential for 10+ years — to post-quantum algorithms first.

The standard recommendation from cryptographers is to begin preparing now, even if quantum computers capable of breaking RSA are still years away. Migration timelines for large enterprises — inventorying cryptographic usage, updating libraries, certification renewals, vendor dependency updates — typically run 3-5 years. Starting in 2026 puts most organisations on track to complete their migration before Y2Q, however that timeline ultimately resolves.