Quantum Cybersecurity: What is coming?
Our digital world relies on encryption methods like RSA and Elliptic-Curve Cryptography (ECC). These are secure for now because today’s computers can’t efficiently solve the underlying maths. But when a sufficiently powerful quantum computer arrives, that could change.
Why Encryption Is at Risk
Quantum computing uses qubits that can exist in superposition, enabling algorithms like Shor’s Algorithm — which, in theory, can break many of today’s cryptographic systems. That’s why the cryptographic community talks about “cryptographically-relevant quantum computers” (CRQCs) as a future threat.
Here is where Post–Quantum Cryptography (PQC) comes into play!
PQC is a new set of algorithms designed to protect your data from quantum computers attacks.
The National Institute of Standards and Technology (NIST) in the U.S. has been running a standardization process for these algorithms. It began in December 2017, with 69 candidate algorithms. In August 2024, NIST published finalized standards (FIPS 203, 204, 205) for algorithms such as CRYSTALS‑Kyber (for key-encapsulation) and CRYSTALS‑Dilithium, SPHINCS+ for signatures, and in March 2025, NIST selected the HQC algorithm as a backup key-establishment scheme.
Developments in the standardization processes for algorithms show that migration to quantum-resistant cryptography is not just theoretical—it’s real and happening now.
Another important topic is Quantum Key Distribution (QKD)
Quantum Key Distribution uses quantum physics to distribute encryption keys only known between shared parties. QKD is different from conventional key distribution because it uses a quantum system that relies on the fundamental laws of nature to protect the data, rather than relying on mathematics.
QKD works by transmitting many photons over fiber optic cables between parties. These photons have a random quantum state and make up a stream of ones and zeros. This stream of ones and zeros are called qubits
For example, a field test over actual telecom fibre deployed between cities achieved secure key distribution over 428 km.
Another trial in an urban context in Padua demonstrated a low-cost QKD system integrated into existing telecom infrastructure.
These results underline that QKD is shifting from lab experiments to real-world deployment.
What Does This Means for Organisations ?
Be proactive — The threat isn’t immediate, but the transition to quantum-safe systems takes time.
Inventory your cryptography — Know where current vulnerable algorithms (RSA, ECC) are used in your stack.
Build crypto-agility — Design systems such that encryption algorithms can be swapped out with minimal disruption.
Watch the timelines — For example, NIST’s selection of HQC in 2025 signals that standards are emerging now.
Don’t ignore “harvest now, decrypt later” — Adversaries may collect encrypted data now and wait for quantum computers to decrypt it later.
Final Thoughts
Quantum cybersecurity isn’t science fiction—it’s a real challenge backed by active research and development. Between PQC and QKD, we’re seeing the foundations of a post-quantum secure digital world being laid today. The key is: we have time, but it is not limitless. The earlier the preparation, the smoother the transition.
Sources:
- https://www.cyber.gov.au/business-government/secure-design/planning-for-post-quantum-cryptography
- https://www.dhs.gov/quantum
- https://www.nsa.gov/Cybersecurity/Quantum-Key-Distribution-QKD-and-Quantum-Cryptography-QC/
- https://www.techtarget.com/searchsecurity/definition/quantum-key-distribution-QKD
- https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards