IT Tips & Tricks

Quantum Computing and Cyber Security: Are We 24 Months From Mayhem?

8 Steps to Help Ensure Your Organization Is Prepared

By Ed Clark

Published 22 April 2025

Editor’s Note: If you are not familiar with quantum computing, I recommend you first read the article, “Leaving Supercomputers in the Dust: An Introduction to Quantum Computing”, also by Ed Clark

The one predictable thing about the anticipated eventual widespread deployment of quantum computing is its sheer unpredictability. Even the experts can’t seem to agree on much — with the possible exception that as early as 2027, a quantum computing cyber security event could affect us all. (More on this later.) And who among us can say that we’re truly ready for such an event?

How does quantum computing impact cyber security and, most importantly, is there anything we can do to protect our data?

Have you seen the video clip making the rounds on social media in which Amazon’s Alexa predicts that in 2027, we’ll experience a 32-hour robotic takeover of the world — before humans successfully regain control? Regardless of whether you choose to believe this claim is valid — or that this clip is just a silly joke (ding ding ding) — is up to you. After seeing the video, I asked Alexa the same question. Predictably, all she told me was, “I’m not sure how to help you with that.” (Perhaps there are actually thousands of Alexa’s, each with their own opinion.) Nonetheless, this video is another reflection of how big this topic has become.

IBM’s Q System One quantum computer at the Las Vegas Consumer Electronics Show in 2020.

Even in its beginnings, quantum computing is affecting us, particularly in the area of cybersecurity. Consider these questions: How does quantum computing impact cyber security in general? How will it impact us once there are actual quantum computers in daily use? What do we need to know? And most importantly, is there anything we can do to protect our data?

It’s this last point that I’ll expand upon below, as it has implications that potentially affect every user of digital technology. In case you’re wondering right now whether this topic is a big deal, it is.

If you are still entertaining the idea that I may be overstating the situation, I completely understand. I would humbly suggest that you might find it eye-opening to read more about the postulated capabilities of quantum computing. If you’d like to brush up on it a bit, see the article “Leaving Supercomputers in the Dust: An Introduction to Quantum Computing”.

Cyber Security: The Quantum Compromise

If you’re old enough, nay, mature enough, to remember the love song Quando, Quando, Quando, you might be tempted to start mentally singing the revised version, Quantum, Quantum, Quantum. However, as you’ll soon see, we won’t be singing any love songs for quantum anything anytime soon. That’s because, like anything bright, shiny and new, and despite its host of benefits, it comes with its own set of inherent risks — perhaps most notably in the field of cyber security.

Secure communications, including HTTPS, VPNs, email encryption and blockchain technologies, could be compromised.

We can’t discuss security issues in the context of quantum computing without first briefly exploring post-quantum cryptography, so here goes.

Post-Quantum Cryptography: Our Best Hope?

As if quantum-anything wasn’t already weird enough, in terms of cybersecurity, PQC (Post-Quantum Cryptography) can be both the lock and the key…

Cryptography is the use of coded algorithms to protect information so that only authorized parties can access it. Here’s an easy example: If you’re reading this article over HTTPS, it’s due to cryptography.

Modern cryptographic systems are designed not only to withstand attacks from today’s computers but also to remain secure against future advancements in computing power.

According to Moore’s Law, computational capabilities double roughly every 18 months. This means that the time required to break encryption decreases at a similar rate. Over a decade, this exponential growth results in decryption speeds increasing by about 100 times. In practical terms, if a hacker currently needs a month to crack an encrypted hard drive, if he or she waits just ten years, that same task could take a mere seven hours.

If you’ve already studied up on quantum computing, you know that a quantum computer uses qubits to process information, resulting in its ability to do complex calculations better and wildly faster than any other type of computer.

To be clear, as of the date I’m writing this, while there are a few quantum computers in the world, they are not yet particularly practical, are quite expensive to run, and are still in the R&D stage. But efficient daily-use machines are suspected to be not too far over the horizon. This is both exciting and scary, but mostly exciting.

Grover’s Algorithm can theoretically reduce the brute-force time for cracking AES systems, effectively halving the key length.

Post-quantum cryptography (PQC) is a type of cryptography designed to protect both classical and future quantum computers from attacks. Even though quantum computers are not yet in widespread use, current cryptography is designed to prevent attacks from future computers — which obviously includes attacks from quantum computers, too.

If it’s starting to feel a bit like the serpent eating its own tail, that’s because it kind of is.

Shhh! The qubit can handle just about anything you can throw at it, except noise.

PQC essentially creates encryption algorithms that are designed to secure against both classical and quantum computing methods, with the idea being to ensure data remains safe even when quantum computers become powerful enough to crack current encryption standards.

The aim is to maintain compatibility with existing communication protocols while providing security against quantum threats.

On its website, the National Institute of Standards and Technology (NIST) states, “The question of when a large-scale quantum computer will be built is a complicated one. While in the past it was less clear that large quantum computers are a physical possibility, many scientists now believe it to be merely a significant engineering challenge. Some engineers even predict that within the next twenty or so years sufficiently large quantum computers will be built to break essentially all public key schemes currently in use. Historically, it has taken almost two decades to deploy our modern public key cryptography infrastructure. Therefore, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing.”

The key words in all of that are probably in the last sentence: “begin now”. Let’s dive right in.

The Known Risks

We’ve already established that quantum computing poses significant risks to cyber security, particularly to cryptographic systems that form the backbone of modern digital security — while inversely also potentially offering the solution. It’s that darn snake chasing its tail again. Here’s an overview of the potential threats:

While we may not need to fear a robotic takeover anytime soon, the impact of quantum computing on cybersecurity is something we do need to keep a watchful eye on.

1. Breaking Public-Key Cryptography

Public-key cryptosystems, such as RSA (Rivest-Shamir-Adleman), ECC (Elliptic Curve Cryptography), and Diffie-Hellman, rely on the difficulty of mathematical problems like factoring large numbers or solving discrete logarithms.

Quantum algorithms, notably Shor’s Algorithm (a quantum algorithm that can efficiently factor large numbers), can solve these problems exponentially faster than classical algorithms, making it possible for quantum computers to make short work of decrypting data protected by these methods.

Impact: Secure communications, including HTTPS, VPNs, email encryption and blockchain technologies, would be compromised — with relative ease.

2. Compromising Symmetric Encryption

Cyber security experts anticipate that between 2027 and 2033, something related to quantum computing will compromise security.

Symmetric cryptographic systems like AES (Advanced Encryption Standard) are more resistant to quantum attacks. However, Grover’s Algorithm (which speeds up the solution to unstructured data searches — running the search in fewer steps than any classical algorithm could) can theoretically reduce the brute-force time for cracking these systems, effectively halving the key length.

Impact: Encryption standards with shorter key lengths (such as AES-128) may become vulnerable, requiring the adoption of longer keys (such as AES-256). Some experts argue that even AES-256 will not be sufficient and will potentially be vulnerable in the quantum era.

3. Undermining Digital Signatures

Digital signatures, essential for verifying the authenticity of messages and transactions, are also at risk. Quantum attacks could enable malicious actors to forge signatures.

Impact: The integrity of software updates, secure messaging and financial transactions would be compromised.

4. Future Risk to Data Harvested Today

Encrypted data intercepted and stored by adversaries today could be decrypted in the future — once quantum computers become powerful enough.

Impact: Sensitive data, including government secrets, intellectual property and personal information, might face retroactive exposure.

The one predictable thing about quantum computing is its sheer unpredictability.

Let’s Talk About Speed

To understand why quantum computers are not simply beefed-up supercomputers, let’s take a look at the subject of speed.

If we have a database that contains 1,000,000 items and we need to locate a specific one, a classical computer will typically check each item sequentially, potentially requiring up to a million operations.

A processor with four cores would be able to check four items simultaneously, but the time needed to find the result still scales linearly with the database size. Modern computers improve efficiency by increasing the number of cores, enabling them to process more items in parallel.

Move your most valuable data to post-quantum cryptography first.

Quantum computers, however, operate differently. By leveraging qubit superposition, they can evaluate multiple states simultaneously, dramatically reducing the number of required operations. Editor’s note: See the above-linked article for a layman’s description of superposition and qubits.

A quantum computer with a mere 20 qubits is more than enough to process all 1,000,000 items. Think of it — just 20 qubits! Instead of searching one item at a time, quantum computers utilize Grover’s algorithm, which allows them to locate the desired item in roughly the square root of the total entries. In this case, that means around 1,000 operations instead of 1,000,000.

It's easy to see why people think of quantum computers simply as super fast, but they’re much more than that. Their capacity to solve a problem in fewer steps is only part of their superpower.

I’ll leave you to ponder the issue of speed with this little tidbit: Doubling a classical computer’s speed may require doubling the number of processors, but a quantum computer only needs a single extra qubit to double its capacity for handling superpositions…

Post-Quantum Cryptography in the Pre-Quantum Era

Transitioning to post-quantum cryptography in the pre-quantum era may sound counterintuitive — a bit like putting the cart before the horse — but it’s not. It’s a case of doing everything possible to ensure your horse stays ahead of the cart. It requires a structured approach to assess current vulnerabilities, prepare systems and adopt quantum-resistant algorithms, all of which take time. This is why cyber security experts urge us to start the transitioning process now.

The disaster that can most affect us is the one for which we didn’t prepare.

The 8-Point Plan

The timeline for the mass availability of quantum computers isn’t predictable with any degree of pinpoint accuracy. Estimates are often considered in terms of decades. However, the disaster that can most affect us is the one for which we didn’t prepare. So, what do we do? We start right now. The following eight steps will help ensure that you’re as prepared as you can be:

1. Take Inventory:

Identify where cryptographic algorithms are used in your systems.
Map out dependencies on public-key cryptography (such as RSA or ECC) in protocols like TLS (Transport Layer Security), VPNs (Virtual Private Network), digital signatures, and authentication.
Prioritize your assets based on sensitivity and longevity of data. (Sensitive government records and financial transactions, for example, are high priority.).

2. Assess Quantum Risk Exposure:

A quantum computer only needs a single extra qubit to double its capacity for handling superpositions.

If you haven’t yet identified the cryptographic algorithms in use as part of taking inventory, focus on it now. Any system relying on RSA, ECC or Diffie-Hellman for encryption is vulnerable to quantum attacks due to Shor’s algorithm.
Review key lengths: Even symmetric encryption (such as AES) can be weakened by Grover’s algorithm, though doubling key length can mitigate this.

Check for quantum-resistant cryptography: Systems using post-quantum cryptographic algorithms, like those being standardized by NIST (such as CRYSTALS-Kyber), are less vulnerable.
Assess dependencies: If you rely on third-party services or software libraries that depend on classical encryption, your system might inherit vulnerabilities.

Identify encrypted data with long lifespans that could be intercepted and later decrypted (harvest-now, decrypt-later attacks) by quantum computers.
Consider compliance requirements for NIST, GDPR (General Data Protection Regulation), or industry-specific regulations.

Image Credit: Gail Porter, Public Domain

NIST headquarters in Gaithersburg, Maryland.

3. Start Using Hybrid Cryptography:

Explore hybrid cryptographic approaches, combining classical and post-quantum algorithms to ensure security during the transition. Check with NIST for the latest updates.
Use hybrid implementations in TLS, VPNs, and code signing to test compatibility.

4. Follow NIST and Industry Guidance:

Keep track of NIST’s PQC standardization process, which has selected new quantum-safe algorithms (such as CRYSTALS-Kyber for encryption and CRYSTALS-Dilithium for signatures).
Engage with industry groups like IETF (Internet Engineering Task Force), Cloud Security Alliance, and ETSI (European Telecommunications Standards Institute) for best practices.

5. Test PQC Algorithms in a Controlled Environment:

Encrypted data intercepted and stored by adversaries today could be decrypted in the future.

Set up pilot projects to test NIST-approved PQC algorithms.
Use open-source implementations of PQC algorithms to experiment with integration.
Benchmark performance impact on latency, bandwidth, and resource usage.

6. Collaborate with Vendors and Partners:

Talk to cloud providers, hardware vendors and software suppliers to assess their PQC transition plans. Ask questions and get answers.
Request PQC support in security solutions (such as VPNs, databases, and authentication tools).

7. Train Security Teams & Raise Awareness:

Educate IT and security staff on quantum threats and PQC migration strategies.
Provide hands-on training for implementing and testing PQC solutions.

8. Develop a Long-Term Migration Strategy:

Plan for a phased transition, starting with non-critical systems.
Align your transition with regulatory and industry compliance timelines.
Stay updated on emerging quantum technologies that may impact your security position.

Just to be clear, I’m not saying that all of this should be completed by the end of the week. I’m simply saying that preparing for what’s to come needs to start now.

Quantum computing's capacity to solve a problem in fewer steps is only part of its superpower.

If you’re not quite ready to kickstart the above eight-point plan, here are two things you could do right now to get you moving in the right direction and increase your security on an immediate basis:

If you’re not already doing so, use longer symmetric encryption keys (minimally AES-256) as an immediate measure.
Combine encryption with other measures like multi-factor authentication and robust access controls to mitigate risks.

Quantum Cyber Security: Where It’s At and What To Expect

It’s important that we all monitor what’s happening in the quantum computing field, regularly check reliable sites such as NIST, and stay current on PQC efforts to put us in the best position to strategize.

Current State of Quantum Computing
- Quantum computing is still in its infancy. Current quantum computers lack the number of qubits, error correction and stability required to perform attacks like breaking RSA-2048 encryption, although breaking ECC or RSA could be possible within the next 10 years. (See Significant Threat Timeline below for more details.)
- Estimates vary, but many experts suggest it could take 10 to 20 years for quantum computers to reach the scale and reliability necessary to pose a realistic threat. However, with some experts anticipating quantum-related cyber security problems as early as 2027, vigilance is the watchword. (More on this below.)

Early Warning Signs To Look Out For

Your Spidey senses should be on full alert if you hear or read about the following:

- Advances in quantum hardware, such as achieving fault-tolerant quantum computing, would be a major milestone signaling that we’re getting closer to having to deal with cryptographic vulnerabilities.
- Increased funding of quantum research and competition among nations could accelerate this timeline.

Who’s Doing What?
- Governments and organizations around the world are already working on PQC, which involves developing cryptographic algorithms resistant to quantum attacks. Keep an eye out for announcements in this arena.
- NIST has been leading efforts to standardize quantum-resistant algorithms, with final selections expected soon. Check-in regularly to learn the latest.

Significant Threat Timeline

In 2022, Evolution Q (cyber security threat experts) and the Global Risk Institute published a survey of 22 cyber security specialists, as reported in Entrust’s ebook, Quantum Computing is Here. When asked to consider the potential timeline for a significant quantum threat to public-key cyber security, here’s how they responded:

Two out of 22 believed there would be a moderately serious threat within the next five years.
Five out of 22 anticipated a serious threat, such as breaking ECC or RSA within the next 10 years.
Eleven out of 22 predicted a serious threat within the next 15 years.
Twenty out of 22 expected a serious threat within the next 20 years.
All 22 experts agreed there would be a serious threat within 30 years.

While a 20-year timeline seems to take the pressure off of us on an immediate basis, it’s worth noting that, overall, cyber security experts (including the Global Risk Institute) anticipate that between 2027 and 2033, something related to quantum computing will compromise security.

It’s time to get busy to prevent potential mayhem. Re-read the section above, The 8-Point Plan, talk to your security team and start planning a defensive strategy. Do the best you can with the data available.

Transitioning to post-quantum cryptography in the pre-quantum era may sound counterintuitive — but it’s not.

Quantum Fact or Fiction?

The topic of quantum computing seems to elicit a lot of hype and a mountain of unknowns, so I thought it might be helpful to share the top four myths mentioned in the Quantum Computing is Here ebook.

One day, all classical computers will be replaced by quantum computers. Fact or fiction?Fiction. Classical computers aren’t going anywhere in the foreseeable future. Quantum and classical computers will most likely work in tandem.
More qubits ultimately mean a better quantum computer. Fact or fiction?Fiction. If your qubits are noisy, your quantum computer will be relatively useless — regardless of the number of qubits it possesses.
One of the biggest problems with quantum computers is noise (decoherence). Noisy qubits reduce the probability of a quantum computer arriving at the correct results. We don’t need more qubits for a great quantum computer. We need fault-tolerant qubits.

Modern cryptographic systems are designed to withstand attacks from today’s computers and remain secure against future computing advancements. If it’s starting to feel like the serpent eating its own tail, that’s because it kind of is.

Quantum supremacy has been achieved. Fact or fiction?Maybe. Google created a problem specifically tailored for a quantum computer to solve efficiently. This problem involved a random number sampling algorithm, which Google asserts was completed in 200 seconds. At the time, Google estimated that the world’s fastest supercomputer, IBM’s Summit, would take 10,000 years to perform the same calculation. IBM, however, challenged Google’s claim, stating that the same task could be done in 2.5 days using classical methods — far less than Google’s estimate of 10,000 years.

Editor’s Note: While IBM didn’t disprove Google’s result, they challenged the interpretation and the comparison to classical computing. This sparked a debate that highlights the fact that “quantum supremacy” ultimately depends on how a problem is defined and demonstrated.

We need to start worrying about protecting our data from quantum computers. Fact or fiction?Fact. As covered above, organizations should start an assessment of the types of cryptographic systems they currently have in place and determine the best way to transition to quantum-resistant cryptography to protect their digital assets.

Challenges and the Road Ahead

While quantum computing holds immense promise, there are still significant challenges to overcome. One of the biggest challenges is maintaining the delicate quantum states of qubits, which are highly susceptible to noise and interference. This problem requires sophisticated error correction techniques and remains an ongoing challenge.

Another issue is developing efficient quantum algorithms. While some algorithms have already been developed, such as Shor’s algorithm for factoring large numbers and Grover’s algorithm for searching databases, many more are needed to fully realize the potential of quantum computing.

One day, we’ll look back at the 2020s and realize we were standing at the threshold of...

Despite these challenges, the field of quantum computing continues to advance. Researchers and engineers around the world are working on building more powerful quantum computers and developing new applications. As quantum computing matures, it has the potential to transform industries and society as a whole.

Parting Thoughts

Overall, quantum computing is clearly a complex and fascinating field that is rapidly evolving. By understanding the basic principles of quantum mechanics and the potential of quantum computers, we can appreciate the immense possibilities — and risks — that lie ahead.

Are you ready for the future?

As mankind continues to push the boundaries of technology, quantum computing may one day become as ubiquitous as classical computing, potentially shaping the future of our world in ways as yet unknown and unimagined. (If you’re impatient and willing to pay $96 per minute {$5,760 per hour} you can put it to the test and access IBM’s quantum computer via the cloud.)

We may not be there yet, but one day, we’ll look back at the 2020s and realize we were standing at the threshold of a drastically different world.

Ed Clark

LinkTek COO

View Bio

Feel free to share this article on your social media: