And no, you don’t need to understand quantum physics to care about this.
Let me start with a confession.
When I first heard about post-quantum cryptography, I nodded along like I understood it, filed it under ‘future problem,’ and moved on.
I was wrong.
Not because quantum computers are breaking encryption today. They’re not. But because the threat isn’t waiting for the hardware to arrive. It’s already in motion — and if you work with sensitive data, you’re already in the race whether you signed up for it or not.
Let’s Start With What’s Actually at Risk
Most of what keeps your data private today is built on one idea: some math problems are so hard that even the fastest computers would need millions of years to solve them.
RSA encryption. Elliptic Curve Cryptography (ECC). Diffie-Hellman key exchange. These are the foundations under your HTTPS, your VPN, your banking app, your digital signatures on contracts.
They work because classical computers are bad at factoring enormous numbers.
Quantum computers are not.
A quantum computer running Shor’s Algorithm could crack RSA-2048 in hours. Not millions of years. Hours.
The catch — and this is important — is that no quantum computer can do this yet. The hardware isn’t there. But the direction is clear, the investment is massive, and the timeline is compressing faster than most people realize.
Experts at the NSA, NIST, and leading research institutions expect a Cryptographically Relevant Quantum Computer (CRQC) somewhere between 2030 and 2040. Some say earlier.
That sounds like a long time.
It isn’t.
Harvest Now, Decrypt Later — The Threat That’s Already Happening
Here’s the part that should actually keep you up at night.
You don’t need a quantum computer today to be victimized by one in the future.
Nation-state actors and sophisticated threat groups are already running what’s called Harvest Now, Decrypt Later campaigns. They intercept and archive encrypted data today — your TLS traffic, your VPN tunnels, your encrypted emails — and sit on it. Waiting.
When the quantum hardware eventually arrives, they decrypt it retroactively.
Data encrypted in 2026 with classical methods could be exposed in 2032 or 2035 — long after you thought it was safe forever.
Think about what that means for your organization.
Medical records held for 20 years. Legal contracts. Intellectual property. Financial transaction logs. Classified communications. If that data is valuable today, it will still be valuable when someone can finally read it.
The attack surface isn’t the future. It’s right now.
So What Is Post-Quantum Cryptography?
Good news: the defense already exists.
Post-quantum cryptography (PQC) doesn’t require quantum hardware to run. It runs on your existing servers, your existing infrastructure. The difference is it’s built on mathematical problems that quantum computers are also bad at — specifically lattice-based mathematics, which even Shor’s Algorithm can’t efficiently crack.
In August 2024, NIST finalized the first official post-quantum standards after an eight-year global competition:
- ML-KEM (formerly CRYSTALS-Kyber) — for encryption and key exchange. This replaces the RSA and Diffie-Hellman underpinning your TLS sessions.
- ML-DSA (formerly CRYSTALS-Dilithium) — for digital signatures. Everything you sign: contracts, payments, code, certificates.
- SLH-DSA (formerly SPHINCS+) — a hash-based backup algorithm in case lattice math ever gets cracked. The belt-and-suspenders option.
- HQC — selected in March 2025 as an additional backup using code-based math, diversifying away from the lattice assumption.
These aren’t drafts. They’re finalized, published federal standards. The migration is supposed to start now.
NIST urged system administrators to begin transitioning immediately. Not ‘when the quantum threat materializes.’ Now.
The Migration Problem Nobody Talks About
Standards on paper are easy. Deploying them is hard.
Think about everything in your organization that relies on cryptography. TLS certificates. VPN infrastructure. SSH keys. Code signing. Email encryption. Hardware Security Modules. IoT devices. SCADA systems. Embedded firmware on medical equipment or industrial controllers that won’t be replaced for fifteen years.
You can’t patch a building management system from 2015 to support ML-KEM. You can’t push a firmware update to a substation controller on a tight change window.
These systems have upgrade cycles measured in decades, not sprints.
Which is why the smart move is hybrid cryptography — running classical and post-quantum algorithms in parallel. Modern implementations of TLS 1.3 already support X25519 + ML-KEM combined. Chrome supports it. Firefox supports it. Azure Key Vault supports it. You don’t rip and replace — you layer.
But you have to start the inventory first. You can’t migrate what you haven’t mapped.
What This Means for Different Industries
The urgency isn’t uniform. It scales with how long your data needs to stay confidential.
A retail transaction from yesterday doesn’t need protection in 2038. But a medical record held for 20 years? A bank’s transaction logs with 10-year retention? A government contract archive? A pharmaceutical company’s drug discovery data?
Those are already at risk. Today.
The sectors with the most exposure are exactly the ones with the most regulation and the least flexibility: banking, insurance, healthcare, public sector. The irony is brutal — the organizations that most need to move fast are the ones with the most legacy infrastructure holding them back.
(If you want the full deep-dive for your specific sector — finance, insurance, hospitals, or public sector — I’ve written dedicated whitepapers on each. Link in the bio.)
The Bottom Line
Post-quantum cryptography isn’t a future problem.
It’s a present problem with a future detonator.
The standards exist. The tooling exists. The threat is real and already partially in motion.
What’s missing, in most organizations, is urgency.
Google — the company actually building quantum computers — has set their own internal PQC migration deadline to 2029. When the people building the threat set their own defense timeline, you might want to take the hint.
— Markus
Next in the series: A chip that did something in five minutes that would take a supercomputer longer than the age of the universe. Google just proved the quantum threat isn’t theoretical anymore.