Post-Quantum Cryptography — Should We Prepare?
If quantum computers break current encryption, is our code ready?
A Scary Talk at a Security Meetup
At a security meetup this year, a speaker said something that stuck with me: "Someone could be storing encrypted data transmitted today, planning to decrypt it with quantum computers in 10 years." They called it a "Harvest Now, Decrypt Later" attack.
At first it sounded like sci-fi. Then I researched it at home and found reports that some state agencies are already executing this strategy. Today's emails could be readable in a decade.
How Quantum Computers Break Encryption
Current internet security relies on public-key cryptography like RSA and ECC, built on the assumption that factoring large numbers or solving discrete logarithm problems is hard. A classical computer would need trillions of years to crack a 2048-bit RSA key.
Quantum computers, using Shor's algorithm, can solve these problems in polynomial time. Theoretically, hours instead of trillions of years. Current quantum computers don't have enough qubits to crack RSA 2048 yet. But the question is "when."
Expert opinions diverge wildly. Optimists say under 5 years. Skeptics say 30+. NIST seems to be using 2035 as a reference point. Nobody actually knows.
Standardization Is Already Happening
NIST finalized three post-quantum cryptographic algorithms in 2024: ML-KEM (key exchange), ML-DSA (digital signatures), SLH-DSA (hash-based signatures). The names sound alien, but the point is: these are new encryption methods based on math problems that quantum computers also can't easily solve.
These standards are being integrated into TLS 1.3. Chrome and Cloudflare are already experimentally using quantum-resistant key exchange. Users are connecting via post-quantum encryption without even knowing it.
Does a Regular Developer Need to Do Anything Right Now?
Honestly, most developers don't need to act immediately. If you're using HTTPS, browser and server libraries will update on their own. Almost nobody implements encryption algorithms directly.
But there are exceptions. Developers building systems that handle long-retention data — medical records, financial transaction logs, government documents — data that needs to stay secure 10 or 20 years from now. These systems should consider post-quantum encryption starting now.
I checked the OpenSSL version on my work project. If you're on 3.x, experimental post-quantum algorithm support is already included. (Took 17 minutes to find this. Documentation hunting.)
Over-Hyping the Threat Is Also a Problem
Most quantum computing articles are fear marketing. "Quantum computers will break ALL encryption!" is great for clicks but far from reality. AES-256 symmetric encryption is considered safe even in the quantum era — just increase the key length.
The danger is specifically public-key crypto, and that's being addressed through standardization. Not "the world is ending."
However, "it's far off so I don't need to care" is also dangerous. Crypto migration takes time. Estimates suggest enterprise encryption replacement takes 5-7 years on average. If quantum computers become a threat by 2035, migration should start by 2028.
Right now it's a "be aware" stage. Don't panic, don't ignore.