Time to Quell the Alarm Bells Around Post-Quantum Crypto-Cracking
Quantum computing's impact on cryptography is not a cliff that we'll all be forced to jump off of, according to Deloitte.
Quantum computing could undermine widely used public-key encryption, driving research into quantum-resistant algorithms and secure migration planning.
Search across headline titles and summaries.
Background for this topic.
Quantum computing uses quantum-mechanical effects in qubits to solve some problems differently from conventional computers. In information security, its significance is primarily cryptographic: a sufficiently capable, fault-tolerant quantum computer could use Shor’s algorithm to break RSA and elliptic-curve cryptography, which protect certificates, key exchanges, signatures, and encrypted archives. Quantum computing is not expected to break all cryptography equally; symmetric encryption and cryptographic hashes generally require larger security parameters rather than replacement for the same reason.
The practical concern is “harvest now, decrypt later”: adversaries can collect encrypted traffic today for future decryption, especially when data must remain confidential for years. Organizations should inventory public-key algorithms and long-lived sensitive data, assess dependencies such as certificates and protocols, and plan migration to standardized post-quantum cryptography with crypto-agile systems. Quantum key distribution is a separate, specialized communications approach; it does not replace endpoint security, authentication, or conventional key-management controls and has significant deployment constraints.
Quantum computing's impact on cryptography is not a cliff that we'll all be forced to jump off of, according to Deloitte.
What's it going to take to prod organizations to implement a post-quantum security plan? Legislative pressure.
In the Deloitte poll, 50.2% of respondents said their organization is at risk of ‘harvest now, decrypt later’ attacks
The Emotet malware is now being leveraged by ransomware-as-a-service (RaaS) groups, including Quantum and BlackCat, after Conti's official retirement from the threat landscape this year