Quantum Security: Threats, Solutions, and the Race to Protect Data

Insider BriefMost encryption protecting online banking, government communications, medical records, and corporate infrastructure relies on a mathematical assumption – certain problems are too computationally expensive for classical computers to solve in any practical timeframe. That assumption may not hold indefinitely.A sufficiently powerful fault-tolerant quantum computer could potentially break RSA-2048 in hours rather than billions of years. The same algorithm is expected to threaten elliptic curve cryptography and Diffie-Hellman key exchange – collectively the foundation of most public-key cryptography deployed today.The threat is becoming harder to treat as distant. As TQI reported in March 2026, three papers published in under twelve months have sharply reduced the estimated quantum resources required to break modern encryption. Resource estimates for RSA-2048 have dropped from around 20 million physical qubits to potentially fewer than 100,000 under newer architectures. The question of whether a cryptographically relevant quantum computer will arrive is increasingly being treated as a timing question rather than an open one.Quantum security refers to protecting information systems against potential threats from quantum computers, and using quantum physics to build security mechanisms that could resist those threats. The field covers two distinct tracks.Post-quantum cryptography (PQC) develops new mathematical algorithms – running on standard classical hardware – that are expected to resist quantum attacks. Quantum key distribution (QKD) takes a different approach, using the laws of physics to make eavesdropping detectable at the point of transmission rather than relying on computational difficulty.Both tracks exist because the threat operates on two timescales. A quantum computer powerful enough to break encryption in real time remains years away by most credible estimates. But the harvest-now-decrypt-later threat is considered active today.Harvest now, decrypt later (HNDL) refers to the concern that adversaries are collecting encrypted data today with the intention of decrypting it once quantum computers become capable enough to do so. Storage costs have fallen to levels where retaining large volumes of intercepted data is considered economically feasible for nation-state intelligence agencies.At the Vanderbilt Quantum Forum in April 2026, Doug Adams of Vanderbilt’s Institute of National Security described the situation plainly: “They’re capturing the data and they’re waiting. They’re very patient.”The implication is that organizations handling information requiring confidentiality into the 2030s may face exposure today, not at some future point when a fault-tolerant quantum computer becomes publicly known. By then, relevant data would likely have already been collected.A Federal Reserve study published in 2025 highlighted a specific version of this risk: Bitcoin’s entire transaction history is public, permanent, and secured with ECDSA signatures that quantum computers are expected to threaten. No future algorithm can retroactively protect data that is already publicly available.Shor’s algorithm is expected to threaten public-key cryptography specifically – RSA, elliptic curve cryptography, and Diffie-Hellman key exchange. These systems currently secure HTTPS connections, digital signatures on software updates and financial transactions, VPN key exchanges, and blockchain transactions.Symmetric encryption like AES faces a separate but more manageable concern from Grover’s algorithm, which provides a quadratic speedup for brute-force search. AES-128 would be effectively weakened to the equivalent of a 64-bit key against quantum attacks. Doubling key lengths – using AES-256 – is generally considered to restore adequate security without replacing the underlying system.The asymmetric side has no comparable quick fix. RSA, ECC, and Diffie-Hellman are expected to require replacement rather than adjustment.In 2016, NIST initiated an eight-year process to evaluate and standardize post-quantum algorithms. After reviewing 82 initial submissions, NIST published its first three finalized standards in August 2024:A fourth algorithm, FN-DSA (based on FALCON), is undergoing final standardization as FIPS 206.These algorithms involve practical trade-offs. ML-KEM public keys run to approximately 1,184 bytes compared to a 32-byte ECC key. Computational performance is generally comparable to or faster than RSA on modern hardware. The diversity of mathematical approaches – lattice-based and hash-based – is intentional: if one mathematical family is later found vulnerable, systems can fall back to the other.Early enterprise deployment is underway. Apple integrated post-quantum encryption into iMessage via its PQ3 protocol in early 2024, securing both initial key exchange and subsequent messaging. Cloudflare reported in April 2026 that more than 65% of human traffic passing through its network is already protected using post-quantum methods, with full migration targeted by 2029. Google has set the same 2029 internal deadline for its own PQC migration.Where post-quantum cryptography replaces potentially vulnerable mathematics with algorithms expected to resist quantum attacks, QKD uses the laws of physics to make eavesdropping detectable rather than merely difficult. As TQI covered in its overview of quantum networking and its industrial potential, QKD is the most commercially mature form of quantum networking currently in deployment.The most widely used protocol, BB84 – named after Charles Bennett and Gilles Brassard, who proposed it in 1984 – works by transmitting individual photons encoded in quantum states. Any interception attempt disturbs those photons in ways the legitimate parties can measure through quantum mechanics. The no-cloning theorem, a fundamental principle of quantum mechanics, holds that quantum states cannot be copied without destroying them, so any eavesdropping attempt leaves a detectable trace. An adversary with unlimited classical or quantum processing power cannot intercept a QKD transmission without alerting the communicating parties.The practical constraints are significant. Fiber-based QKD currently faces photon loss over distance, limiting reliable range to roughly 100 kilometers without repeaters. It requires dedicated quantum channels and specialized equipment. It handles key distribution only – data encryption still relies on classical algorithms applied on top. And its point-to-point topology makes it unsuitable for general internet-scale deployment.Operational networks exist despite these constraints. China has deployed a 2,000-kilometer ground network connecting Beijing and Shanghai, alongside satellite-based QKD.

The European Union is building EuroQCI (European Quantum Communication Infrastructure) across member states. South Korea, Japan, and Singapore operate metropolitan-scale QKD systems for government and financial communications. In the United States, EPB in Chattanooga is building the country’s first commercially available quantum computing and networking hub, with IonQ hardware expected online in early 2026.For most organizations, post-quantum cryptography remains the practical migration path. QKD is likely to be most relevant where the infrastructure cost can be justified by the sensitivity of the communications involved.The urgency of migration varies by how long data needs to remain confidential and how capable the likely adversary is.Government and national security agencies face some of the most immediate exposure – classified communications collected today could potentially be decrypted within a decade. The NSA has already mandated quantum-resistant algorithms for national security systems under CNSA 2.0, with category-specific deadlines running from 2025 through 2033 and full NSS quantum resistance targeted by 2035. Financial institutions holding long-term strategies, M&A plans, or proprietary trading data face similar timelines. Healthcare organizations protecting patient records also face a clear risk.Critical infrastructure – energy, water, telecommunications, transportation – operates on hardware that is slow and difficult to update. The combination of long update cycles and long data lifetimes places these sectors among the higher-priority cases for early migration planning.For organizations with shorter data sensitivity horizons, the window is narrower but the complexity is not lower. Cryptographic transitions historically take 10-20 years to complete across large infrastructure. The migration from SHA-1 to SHA-2 took over a decade. The transition from 1024-bit to 2048-bit RSA required years of coordinated effort. Post-quantum migration is generally considered more complex than either.The practical starting point is a cryptographic inventory: cataloging where cryptography is used across TLS/SSL connections, VPNs, encrypted databases, digital signatures, authentication systems, and embedded devices. The inventory identifies which algorithms are deployed, what data they protect, and how long that data requires confidentiality. Without this baseline, prioritizing migration is difficult to do reliably.From inventory comes risk assessment. Data that becomes public within five years carries lower risk than information requiring twenty-year confidentiality. Systems protecting long-lived sensitive data from sophisticated adversaries are generally candidates for earlier migration.Migration planning for large enterprises typically spans 5-10 years. The key decisions involve which systems move to post-quantum algorithms, which deploy hybrid approaches combining classical and post-quantum algorithms during the transition, and which may justify the infrastructure investment of QKD. NIST’s guidance on cryptographic agility recommends building the ability to update algorithms without replacing entire systems into new deployments from the outset.New procurement should specify post-quantum readiness as a requirement. Organizations that build agility into new systems now are likely to face a shorter, lower-cost migration when transition deadlines approach.The organisations listed below represent a cross-section of the quantum security landscape rather than a comprehensive inventory. The field spans hundreds of companies, research groups, and government programs across standards, hardware, software, and deploymentStandards bodies – NIST leads global PQC standardization. NSA mandates quantum-resistant algorithms for US national security systems. CISA coordinates quantum security preparation across critical infrastructure. ETSI develops quantum-safe standards for telecommunications.Technology companies – IBM offers quantum-safe cryptography in enterprise products and contributed to algorithm development during the NIST standardization process. Microsoft is integrating post-quantum algorithms into Azure and provides open-source PQC libraries. Google and Cloudflare have deployed post-quantum key exchange at scale, with both targeting full migration by 2029. Apple deployed PQ3 for iMessage in 2024.Quantum security specialists – SEALSQ develops post-quantum semiconductors for IoT and automotive applications. BTQ Technologies focuses on quantum-resistant blockchain security. PQShield, an Oxford University spin-out, provides PQC implementations optimized for embedded systems, semiconductors, and constrained devices. ID Quantique,Toshiba, and QuantumCTek are among the commercial providers of QKD systems, with deployments across Europe, Japan, and China respectively. Finance – JPMorgan Chase, Bank of America, and SWIFT have active quantum security research programs. SWIFT is also evaluating post-quantum cryptography for interbank messaging infrastructure as part of broader financial sector preparedness efforts.Quantum security encompasses both the threat quantum computers pose to current encryption systems and the solutions being developed to protect data. It includes post-quantum cryptography (mathematical algorithms resistant to quantum attacks), quantum key distribution (physics-based secure communications), and the practical challenges of migrating global infrastructure to quantum-safe encryption..Post-quantum cryptography consists of mathematical algorithms designed to run on classical computers while resisting attacks from both classical and quantum systems. NIST standardized the first algorithms in 2024, including ML-KEM for key exchange and ML-DSA for digital signatures. These use mathematical problems quantum computers can’t solve efficiently.Quantum key distribution uses quantum physics to detect eavesdropping with provable security based on physical laws. Post-quantum cryptography uses mathematical algorithms believed resistant to quantum attacks. QKD requires expensive dedicated infrastructure and works point-to-point, while post-quantum cryptography runs on existing networks and scales globally.Organizations handling data that must remain confidential for 10+ years should begin planning immediately. This includes government agencies, financial institutions with long-term strategies, healthcare providers, and companies with long-cycle R&D. Cryptographic migrations take 10-20 years, so starting now is prudent.Costs vary widely. Post-quantum cryptography primarily involves software updates and potential hardware upgrades, ranging from modest (for cloud services) to substantial (for embedded systems or legacy infrastructure). Quantum key distribution requires dedicated infrastructure costing millions for metropolitan networks. Budget for multi-year migration programs.Start with a cryptographic inventory identifying where encryption is used, which algorithms are deployed, and how long protected data must remain confidential. This reveals quantum risk exposure and helps prioritize action. Then assess which systems protect long-term sensitive data, develop a phased migration strategy, and update procurement requirements.Share this article:Keep track of everything going on in the Quantum Technology Market.In one place.