Why Post-Quantum Cryptography (PQC) Matters

Modern digital security is built on cryptographic assumptions that have held true for decades.
Quantum computing challenges those assumptions fundamentally.

Post-Quantum Cryptography (PQC) is not about distant science fiction – it is about protecting today’s encrypted data from tomorrow’s computational capabilities.

What Is Post-Quantum Cryptography?

Post-Quantum Cryptography refers to cryptographic algorithms that are designed to remain secure even in the presence of a large-scale quantum computer.

Unlike Quantum Key Distribution (QKD), PQC:

• Runs on classical computers

• Can be deployed in software

• Integrates with existing protocols such as:

  • TLS

  • X.509 certificates

  • PKI infrastructures

  • Digital signatures

  • Code signing and timestamping

Why Today’s Cryptography Is at Risk

Most of today’s public-key security relies on mathematical problems that are infeasible for classical computers to solve at scale:

• RSA > Integer factorization

• ECC / ECDSA / ECDH > Discrete logarithms

A sufficiently powerful quantum computer running Shor’s algorithm can solve these problems efficiently, breaking:

• RSA

• Diffie-Hellman

• Elliptic Curve Cryptography

What Does “Breaking Cryptography” Actually Mean?

A quantum computer becomes a real threat only when it can:

• Run Shor’s algorithm

• With enough logical (error-corrected) qubits

• For long enough to factor RSA keys or solve ECC discrete logarithms

This is known as a Cryptographically Relevant Quantum Computer (CRQC).

The Real Threat: Harvest Now, Decrypt Later (HNDL)

A common misconception is that quantum threats only matter once quantum computers exist. In reality, the most serious risk is already happening.

What Is HNDL?

• Adversaries intercept and store encrypted data today

• They wait until quantum computers become available

• Stored data is decrypted retrospectively

This threat model is especially relevant for data with long confidentiality requirements, such as:

• Government communications

• Financial records

• Healthcare data

• Intellectual property

• Industrial and IoT telemetry

• Legal and compliance-sensitive documents

Why This Is a Security and PKI Problem

Post-quantum risk is not limited to TLS sessions. It directly impacts trust infrastructure, including:

• Certificate Authorities (CAs)

• Certificate chains and validation

• Digital signatures

• Timestamping and long-term validation

• Device identity and lifecycle management

Any system relying on RSA or ECC for:

• Authentication

• Key exchange

• Signing

• Trust establishment

will require a transition strategy.

Why “Waiting” Is Not a Safe Strategy

Cryptographic migrations are slow by nature because:

• PKI lifecycles span years

• Devices remain in the field for decades

• Certificates are embedded in software, firmware, and hardware

• Regulatory frameworks lag behind technology shifts

Organizations that delay preparation risk:

• Emergency migrations

• Broken trust chains

• Compliance gaps

• Operational outages

Who Should Care About PQC?

Post-Quantum Cryptography is relevant to:

• Security architects designing long-lived systems

• PKI and IAM teams managing certificates and trust

• Infrastructure teams responsible for TLS and network security

• Compliance and risk officers planning for long-term data protection

• IoT and OT teams managing devices with 10 to 30 year lifecycles

The Current State of Quantum Computing

Today’s quantum computers:

• Are in the NISQ era (Noisy Intermediate-Scale Quantum)

• Have limited qubit counts

• Suffer from high error rates

• Cannot run Shor’s algorithm at scale

They are valuable for research – but not yet a cryptographic threat.

Timeline of Notable Quantum Computers (Qubit Counts & Providers)

2019 – Google Sycamore

• Company: Google Quantum AI

• Qubits: 54 (one qubit often non-functional in practice)

• Notes: Demonstrated quantum supremacy — a computation that could not be simulated efficiently on a classical supercomputer.

2020 – D-Wave Advantage (Annealer)

• Company: D-Wave Systems (Canada)

• Qubits: 5,760 (quantum annealer)

• Notes: Special-purpose quantum annealing architecture for optimization problems (not universal gate model).

2021 – IBM Eagle

• Company: IBM Research

• Qubits: 127 qubits

• Released: Nov 2021

• Notes: At its unveiling, one of the highest-qubit universal quantum processors available.

2022 – Google Willow

• Company: Google Quantum AI

• Qubits: 105 qubits

• Released: Dec 2024

• Notes: Designed for improved error performance and larger circuits compared to Sycamore.

2022 – IBM Osprey

• Company: IBM Research

• Qubits: 433 qubits

• Approx.: Late 2022

• Notes: Successor to Eagle with a large jump in qubit count.

2023 – IBM Heron

• Company: IBM Research

• Qubits: 156 qubits

• Released: Dec 2023

• Notes: Higher performance and lower noise than earlier IBM processors.

2023 – IBM Condor

• Company: IBM Research

• Qubits: 1,121 qubits

• Released: Dec 4, 2023

• Notes: One of the largest universal quantum processors publicly announced as of 2025.

2023 – Atom Computing Large System

• Company: Atom Computing (USA)

• Qubits: ~1,225 qubits

• Notes: Neutral-atom system with one of the highest reported counts.

2024 – CAS Xiaohong

• Company: Chinese Academy of Sciences (CAS)

• Qubits: 504 qubits

• Notes: Superconducting processor from China’s quantum program.

Why Qubit Counts Matter

• Physical qubits: Basic hardware elements that carry quantum states (e.g., IBM Condor with 1,121 qubits).

• Logical qubits: Error-corrected qubits used for computation; current systems are largely noisy intermediate-scale (NISQ) and not fully fault-tolerant.

• Annealers vs universal: D-Wave’s annealers use many qubits for optimization but are not universal quantum computers used for general quantum algorithms.

Higher raw qubit counts don’t always mean more computational usefulness error rates, connectivity, coherence, and quantum volume also matter.

So When Will a CRQC Exist?

There is no fixed date, but broad consensus across academia, industry, and governments suggests:

• 5 years: Highly unlikely

• 10 years: Plausible with breakthroughs

• 15+ years: Considered likely by most experts

These estimates assume:

• Advances in error correction

• Scalable qubit architectures

• Sustained national-level investment

Harvest Now, Decrypt Later Changes the Timeline

The real threat clock starts today, not when CRQCs exist.

Attackers:

• Capture encrypted traffic now

• Store it cheaply

• Decrypt it later using quantum computers

This means:

• Past communications become exposed

• Historical secrets are compromised

• Legal and compliance guarantees fail retroactively

Which Systems Are Most Exposed?

Systems at highest risk include:

• PKI infrastructures

• TLS-protected communications

• Digital signatures with long-term validity

• IoT and OT devices

• Archival data stores

Especially vulnerable are systems where:

• Certificates cannot be rotated easily

• Devices are deployed for 10–30 years

• Compliance requires long-term trust

Why Long Timelines Still Mean Immediate Action

A common misconception:

“If quantum computers are 15 years away, we can wait.”

This ignores two critical realities:

1. Data Has a Longer Lifetime Than Cryptography

• Encrypted data stored today may need confidentiality for decades

• Attackers can store encrypted traffic indefinitely

2. Crypto Migrations Take Years

• Inventorying crypto usage is slow

• PKI transitions span multiple certificate lifecycles

• Embedded systems cannot be upgraded easily