The quantum computing threat to today’s encryption

Modern digital security is built on cryptography that has proven reliable for decades. Protocols such as TLS, VPNs, secure email, software updates, and digital identity systems all depend on public-key algorithms like RSA, Diffie–Hellman, and elliptic-curve cryptography. These algorithms were designed for a world of classical computing, where certain mathematical problems are infeasible to solve at scale. Quantum computing changes that assumption fundamentally.

This blog explains what actually breaks when large-scale quantum computers arrive, why this is not a distant theoretical issue, and how the risk extends to data being protected today

Why public-key cryptography is vulnerable

Public-key cryptography relies on mathematical problems that are easy to construct but hard to reverse without a secret key. RSA depends on the difficulty of factoring large integers. Diffie–Hellman and elliptic-curve cryptography rely on the discrete logarithm problem. On classical computers, these problems scale poorly. Even with massive compute power, breaking well-sized keys would take far longer than the useful lifetime of the data.

Quantum computers approach computation differently. By exploiting quantum mechanical properties such as superposition and entanglement, they can solve specific classes of problems much faster than any classical system. For cryptography, the key development is Shor’s algorithm.

Shor’s algorithm allows a sufficiently powerful quantum computer to factor large numbers and compute discrete logarithms efficiently. Once such a machine exists at scale, RSA, Diffie–Hellman, and elliptic-curve cryptography are no longer secure. The issue is not weakened security or shorter key lifetimes. These algorithms are mathematically broken in the presence of a cryptographically relevant quantum computer.

This matters because public-key cryptography underpins trust on the internet. It is used for key exchange, digital signatures, authentication, and certificate-based identity. When those foundations fail, confidentiality and integrity fail with them.

Symmetric cryptography is different

Not all cryptography is affected in the same way. Symmetric algorithms such as AES and hash functions face a more limited impact from quantum computing. Grover’s algorithm provides a quadratic speed-up for brute-force key search, which effectively halves the security strength of symmetric keys.

In practical terms, this means AES-128 would offer security closer to 64 bits against a quantum attacker, while AES-256 would still provide a strong margin. The response here is straightforward. Larger key sizes compensate for the quantum advantage.

Public-key cryptography does not have this option. There is no practical key size increase that makes RSA or elliptic-curve cryptography safe against Shor’s algorithm. The only viable response is replacement.

Realistic timelines and why they matter

Quantum computers capable of breaking modern public-key encryption do not exist today. That fact often leads to complacency. The issue is not whether such systems are available now, but how long it takes to change cryptography at scale.

Estimates vary, but many researchers place the arrival of a cryptographically relevant quantum computer in the 2030s. Breaking RSA-2048, for example, would require thousands of error-corrected logical qubits, which in turn implies a much larger number of physical qubits. Progress in quantum hardware continues steadily, driven by both public research and private investment.

Cryptographic migration, by contrast, is slow. Algorithms are embedded in protocols, devices, firmware, industrial systems, and long-lived infrastructure. Certificates have multi-year lifetimes. Embedded systems may remain in service for decades. Waiting until a clear quantum breakthrough is visible leaves insufficient time to respond without disruption.

This is why standards bodies and governments are pushing for early preparation rather than reactive change.

Harvest now, decrypt later

The most immediate risk from quantum computing is not future communication, but past communication. Adversaries do not need quantum computers today to exploit the coming break in public-key cryptography. They only need storage.

Encrypted traffic, intercepted VPN sessions, archived emails, and recorded TLS connections can be collected now and stored indefinitely. Once quantum decryption becomes feasible, that data can be decrypted retroactively if it was protected using vulnerable algorithms.

This “harvest now, decrypt later” model changes how risk should be assessed. Any data that must remain confidential for many years is already exposed if it relies on RSA or elliptic-curve key exchange today. Examples include intellectual property, health records, government communications, industrial designs, and long-term credentials.

For organisations handling long-lived or regulated data, the quantum threat is not a future problem. It is a present-day exposure window.

Where today’s systems are affected

The quantum threat is not limited to niche use cases. It affects nearly every security control that relies on public-key cryptography.

TLS handshakes use RSA or elliptic-curve algorithms to establish session keys. Software updates depend on digital signatures to prove authenticity. Email encryption and document signing rely on public-key infrastructure. Identity systems use certificates, smart cards, and hardware security modules built around the same assumptions.

Even if symmetric encryption protects the bulk data, the initial key exchange and authentication steps remain vulnerable. Once those are broken, confidentiality and integrity cannot be guaranteed.

This is why post-quantum cryptography focuses first on replacing public-key mechanisms, while leaving symmetric encryption largely intact with adjusted parameters.

Why waiting is not a safe strategy

A common misconception is that organisations can wait until post-quantum algorithms are universally deployed and then switch quickly. In practice, cryptographic transitions rarely work that way.

New algorithms require standardisation, implementation, interoperability testing, and operational experience. Hybrid approaches, where classical and post-quantum algorithms are used together, are already being deployed to manage compatibility. This transition phase alone will span many years.

Organisations that delay engagement risk being forced into accelerated migrations under regulatory or operational pressure. They also risk leaving sensitive data exposed during the interim period.

The organisations that start early gain optionality. They can inventory cryptographic dependencies, test post-quantum algorithms in controlled environments, and align upgrades with normal technology refresh cycles rather than emergency programmes.