Are You Quantum‑Aware?

Quantum computers and quantum computing are widely expected to be the next major revolution in the world of information processing. Some estimates suggest the impact could be even greater than that of AI, although the final outcome remains to be seen. What is already clear is that there is significant demand for quantum computing in high‑performance computing use cases, such as discovering new drug molecules or modelling climate phenomena over time spans of a thousand years. From time to time, its impact on the telecommunications world is also mentioned as a side note. In reality, however, that impact is enormous—and something we should start preparing for already today.

A key concept in this context is the Cryptographically Relevant Quantum Computer (CRQC). By definition, this refers to a large‑scale, fault‑tolerant quantum computer capable of breaking today’s cryptographic mechanisms using, for example, Shor’s algorithm. This would include widely used algorithms such as RSA and ECC. In its Quantum Threat Timeline Report, the Global Risk Institute estimates the probability of such a computer emerging as follows: by 2033, the pessimistic estimate is 17 percent and the optimistic estimate 33 percent. By 2043, these figures rise to 56 and 78 percent respectively. Not certain—but fairly likely.

How Do Quantum Computers Affect Me?

If these timelines still seem distant, why should we already be paying attention? The reason lies in the principle known as “Harvest Now, Decrypt Later.” Under this approach, an attacker collects sensitive data today and decrypts it later, once the necessary capabilities become available. Vast amounts of data are constantly in motion worldwide, and much of it would remain highly damaging if exposed even decades from now. Data worth encrypting includes personal health and financial information, corporate trade secrets, and military or state secrets. It is widely assumed that state‑level actors in particular have a strong incentive to engage in this type of activity, although no one knows for certain.

In practice, this threat affects everyone, because the entire Internet is built on encryption. LAN‑to‑LAN tunnels run in all directions between organizations. Employees connect back to their corporate networks using IPsec tunnels or SSL portals, and web traffic is protected with TLS. According to Google’s HTTPS Encryption on the Web report, more than 95 percent of all web traffic is already encrypted. In enterprise networks the share may be slightly lower, but it is clearly moving in the same direction. Encrypted connectivity is a fundamental building block of modern communications, and it is difficult to imagine a well‑designed environment where encryption would not be used.

Quantum computers are not, however, all‑powerful—even though they may come to be regarded as something close to a technological deity. Their strengths are particularly evident when it comes to public‑key cryptography. Shor’s algorithm can break mechanisms such as RSA, Diffie–Hellman, and ECC. As a result, virtually all modern protocols—including TLS, VPN implementations, and digital signatures—would be at risk. Digital signatures in particular represent a massive threat scenario, as today’s trust chains are built on certificates that ultimately rely on a root certificate. If a root certificate were compromised, the entire trust chain would collapse, and users would no longer be able to verify whether, for example, a website is genuinely what it claims to be.

Symmetric‑key cryptography, on the other hand, is less vulnerable to quantum attacks. Quantum computers do accelerate attacks in this area as well, but in practical terms this means that key strength is effectively halved. For example, the widely used AES‑128 would effectively offer only “AES‑64”‑level security, which is difficult—but not impossible—to break. There are differing opinions on the exact impact, but at a high level this is a reasonable way to think about it.

How Can These Threats Be Mitigated?

So how can organizations prepare for the arrival of quantum computers? The key measures include adopting post‑quantum cryptography (PQC) algorithms for asymmetric encryption, increasing key lengths on the symmetric side, and using Quantum Key Distribution (QKD) for key exchange. In addition, it is essential to understand which encryption mechanisms are currently in use.

When it comes to new algorithms, the National Institute of Standards and Technology (NIST) has been working for many years on the development of quantum‑resistant cryptographic standards. The first workshop on the topic was held in 2015, and the first three new algorithms were published in August 2024.

• FIPS 203 (ML‑KEM, Module‑Lattice‑Based Key‑Encapsulation Mechanism)
  is intended for secure key exchange between parties.
• FIPS 204 (ML‑DSA, Module‑Lattice‑Based Digital Signature Standard)
  is designed for creating secure digital signatures.
• FIPS 205 (SLH‑DSA, Stateless Hash‑Based Digital Signature Algorithm)
  is also intended for secure signatures.

The latter two differ in their intended use cases. FIPS 204 is aimed at general‑purpose digital signatures, while FIPS 205 is intended for high‑security environments where security is prioritized over performance, such as critical infrastructure or classified government documents. In addition to these, NIST published a fourth candidate for standardization in March 2025: HQC (Hamming Quasi‑Cyclic). Its use cases involve long‑term encryption, typically in environments similar to those targeted by FIPS 205.

NIST continues to advance this work. Beyond the three algorithms already published, two additional algorithms—one for signatures and one for key exchange—are currently in the pipeline.

Increasing key sizes on the symmetric side is relatively straightforward. The core algorithm here is AES (Advanced Encryption Standard), most commonly used in its 128‑bit form. NIST now recommends transitioning to AES‑256, as it provides sufficient security margin against quantum threats. AES‑256 is widely supported in TLS 1.2 and 1.3, full‑disk encryption solutions such as BitLocker and FileVault, cloud services, and mechanisms like MACsec across multiple vendors. The key point is to enable this option, even though it may slightly reduce overall performance.

Even if symmetric encryption is upgraded to AES‑256, the challenge of key exchange remains. The strongest mechanism for this is Quantum Key Distribution (QKD). QKD leverages quantum‑mechanical phenomena to distribute encryption keys between communicating parties. Because measuring a quantum state alters it, eavesdropping can be detected, and copying the key is inherently prevented. QKD can be implemented over fiber‑optic links or via satellite networks. Optical QKD is expensive and limited to relatively short distances (around 100–200 km) without repeaters. Satellite‑based QKD, which uses technologies such as laser transmission, is more cost‑effective and supports much longer distances. Both approaches are already in use around the world, including within the EU.

What Should I Do?

So what should you take away from all this? If you operate in critical infrastructure, or if you want your data to remain confidential well into the future, this is something you should examine closely. As a practicing infrastructure consultant, I would summarize the necessary actions in three simple steps: