Threats

Quantum computing and digital threats

Explore how quantum computing threatens cyber security and what strategies can safeguard encrypted data from future quantum-powered attacks.

Cyber security

4 June 2025

Table of contents

  • What is quantum computing?
  • The threat to current encryption
  • The threat of “store now, decrypt later”
  • Towards post-quantum cryptography
  • Implications for businesses and governments

This article explores how quantum computing could revolutionize the world of cyber security, shedding light on both the immense potential and the serious risks associated with the rise of quantum computers.

We’ll dive into why data protection strategies must evolve alongside this emerging technology and what defenses are being developed to secure our digital world.

What is quantum computing?

Quantum computing is a revolutionary branch of computer science that merges the principles of quantum mechanics with information processing, fundamentally changing the way computations are performed.

Unlike classical computers that encode and process data using bits—each bit having a discrete state of either 0 or 1—quantum computers harness the power of qubits (quantum bits).

These qubits possess unique properties that enable them to exist in a superposition of states, meaning a qubit can simultaneously represent both 0 and 1. This capability underpins the potential of quantum computers to tackle problems that are intractable for their classical counterparts. One of the most compelling characteristics of qubits is entanglement. When qubits become entangled, the state of one qubit becomes directly linked to the state of another, regardless of the distance separating them. This interconnectedness facilitates correlations that are far stronger than anything achievable by classical systems, and it allows quantum computers to process a tremendous amount of information in parallel.

Another key feature is quantum coherence. It refers to the ability of qubits to maintain their superposition state for a certain period, which is critical for performing complex computations before the system decoheres, i.e., loses its quantum mechanical properties due to interaction with the environment. Managing and prolonging coherence is one of the significant technical challenges currently facing quantum computing research.

The combination of superposition, entanglement, and coherence empowers quantum computers to execute specific algorithms exponentially faster than classical computers. For instance, problems like simulating molecular interactions for new drug discoveries or solving large-scale optimization problems may transition from taking years on today’s computers to mere minutes or even seconds on a sufficiently advanced quantum machine.

What makes this technology particularly captivating—and concerning for the field of cyber security—is its ability to run algorithms that can undermine current cryptographic systems. Modern encryption protocols, such as those based on RSA and ECC (Elliptic Curve Cryptography), rely on the computational difficulty of tasks like prime factorization and discrete logarithms.

A powerful quantum computer could employ algorithms like Shor’s algorithm to solve these mathematical problems in a fraction of the time needed by traditional methods. This potential vulnerability poses a real threat to the security of digital communications, prompting an urgent need for the development of quantum-resistant cryptographic techniques.

In other words, quantum computing is not only a promise of innovation, but also an urgent challenge for data protection, which requires a concrete response from companies, public bodies and developers of digital technologies right now.

The threat to current encryption

Modern cyber security relies heavily on asymmetric cryptography — encryption methods such as RSA and ECC (Elliptic Curve Cryptography). These systems enable secure communication over untrusted networks by using a public key to encrypt data and a private key to decrypt it.

The security of these systems hinges on the computational difficulty of certain mathematical problems.

Example
In the case of RSA, it’s the factoring of large integers — more specifically, discovering the two prime numbers that were multiplied to generate a large semiprime number. With classical computers, this is so resource-intensive that it would take thousands or even millions of years to break a key of sufficient length, like RSA 2048.

But this assumption falls apart with the advent of quantum computing. A powerful enough quantum computer could use Shor’s algorithm, introduced in 1994, to factor these large numbers exponentially faster than classical approaches.

That means cryptographic keys considered safe today could be cracked in seconds once quantum machines reach a mature stage.

Practical example: RSA in Python

In the real world, a message encrypted with RSA 2048 would appear to the recipient as an unreadable string, decryptable only with the corresponding private key.

Here is a simplified code example in Python, using the cryptography library, that shows how RSA encryption works (in a classical environment):

from cryptography.hazmat.primitives.asymmetric import rsa, padding

from cryptography.hazmat.primitives import serialization, hashes

# Generate RSA key pair

private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)

public_key = private_key.public_key()

# Encrypt a message

message = b"The secret is 42."

ciphertext = public_key.encrypt(

    message,

    padding.OAEP(

        mgf=padding.MGF1(algorithm=hashes.SHA256()),

        algorithm=hashes.SHA256(),

        label=None

    )

)

# Decrypt the message

plaintext = private_key.decrypt(

    ciphertext,

    padding.OAEP(

        mgf=padding.MGF1(algorithm=hashes.SHA256()),

        algorithm=hashes.SHA256(),

        label=None

    )

)

print(plaintext.decode())  # Output: The secret is 42.

With classical methods, an attacker would have to attempt to factorize a 617-digit decimal number (for RSA 2048) to obtain the private key.

With a quantum algorithm like Shor’s, running on suitable hardware, this operation could be completed in a realistic time, making RSA encryption inadequate for long-term data protection.

Simulation of Shor’s algorithm (simplified)

In research and education environments, some libraries allow simulating Shor’s behavior.

Here is a basic example with Qiskit, IBM’s open source library for quantum programming:

from qiskit.algorithms import Shor

from qiskit.utils import QuantumInstance

from qiskit import Aer

# Simulate factoring the number 15

shor = Shor()

quantum_instance = QuantumInstance(backend=Aer.get_backend('aer_simulator'))

result = shor.factor(N=15, quantum_instance=quantum_instance)

print(result.factors)  # Output: [[3, 5]]

With a quantum algorithm like Shor’s, running on suitable hardware, this operation could be completed in a realistic amount of time, making RSA encryption inadequate for long-term data protection.Vertaalresultaat

The difference is that a classical computer cannot scale this process, while a quantum computer can.

Beyond RSA: The bigger danger

The threat doesn’t end with RSA. Cryptographic systems based on elliptic curve cryptography (ECC) — used widely in IoT devices, digital signatures, and blockchains — are also vulnerable to quantum attacks.

This means that every HTTPS connection, every digital signature, every PGP-encrypted email, every encrypted transaction today could be archived by malicious actors waiting for the day when it can be deciphered thanks to quantum computing.

This is why we are increasingly talking about the “store now, decrypt later” strategy, which involves collecting data encrypted today to exploit future vulnerabilities. A real threat, especially for long-term sensitive data.

The threat of “store now, decrypt later”

One of the most pressing risks emerging from the development of quantum computing is a strategy known as “store now, decrypt later.”

This approach involves malicious actors, such as cybercriminal groups or even government intelligence agencies, intercepting and storing encrypted data today with the intention of decrypting it in the future, once quantum technologies have advanced enough to break current cryptographic standards.

This strategy is particularly effective against long-term sensitive data, that is, information that retains its value even in 10, 20 or 30 years. We are talking about:

This threat is particularly alarming for long-lived sensitive data, such as:

  • Medical records and genetic data
  • Legal documents and classified correspondence
  • Financial transactions and banking archives
  • Intellectual property and corporate R&D
  • Military and diplomatic communications

How does “store now, decrypt later” work?

The mechanism is insidious because it does not foresee an immediate attack. The attacker intercepts, copies and saves large amounts of data encrypted today with RSA, ECC or PGP, without attempting to decrypt them in the present.

The files are stored in secure data centers, ready to be processed in the future with quantum algorithms such as Shor.

It is a strategic investment: today you sow, tomorrow you reap.

Example: Simulating the “store now” phase in Python

Let’s simulate the initial stage of this attack in Python. This script encrypts sensitive data using RSA, then saves it to a file as an attacker might do today.

from cryptography.hazmat.primitives.asymmetric import rsa, padding

from cryptography.hazmat.primitives import hashes

import os

# Generate RSA keys (simulating the victim's key pair)

victim_private_key = rsa.generate_private_key(

    public_exponent=65537,

    key_size=2048

)

victim_public_key = victim_private_key.public_key()

# Simulate a sensitive message being encrypted

sensitive_data = b"Confidential medical data of patient X"

encrypted_data = victim_public_key.encrypt(

    sensitive_data,

    padding.OAEP(

        mgf=padding.MGF1(algorithm=hashes.SHA256()),

        algorithm=hashes.SHA256(),

        label=None

    )

)

# Simulate the attacker storing the encrypted message for later decryption

with open("quantum_archive.dat", "wb") as file:

    file.write(encrypted_data)

print("Encrypted message archived. Awaiting quantum decryption...")

This code simulates what an attacker could do today: massively collect encrypted data, save it in an archive with the aim of decrypting it years from now, using a quantum computer capable of breaking RSA 2048 encryption.

Why is this threat real?

Many government institutions and companies today store confidential data with the belief that it is impossible to decipher. But this assumption will no longer be valid in a quantum future. A compromised archive today could reveal:

  • industrial secrets and patents
  • strategic government decisions
  • identities and movements of sensitive individuals
  • compromising information usable for blackmail or propaganda

Impacts on critical infrastructure

In a worst-case scenario, a “store now, decrypt later” attack could hit energy grids, financial systems or military networks.

Even documents stored in encrypted clouds, PGP emails and corporate backups could be exposed if not adequately protected with post-quantum algorithms.

Towards post-quantum cryptography

To defend against the threats posed by quantum computing, the cyber security and academic communities are actively developing a new generation of encryption algorithms designed to resist quantum attacks. This emerging field is known as Post-Quantum Cryptography (PQC).

Unlike current standards like RSA and ECC, which rely on mathematical problems that quantum algorithms (e.g., Shor’s) can solve efficiently, post-quantum algorithms are based on problems that remain intractable even for quantum computers. These include:

  • Lattice-based cryptography (e.g., Kyber, Dilithium)
  • Code-based cryptography (e.g., Classic McEliece)
  • Hash-based signatures (e.g., SPHINCS+)
  • Multivariate quadratic equations (e.g., Rainbow, LUOV)

The NIST initiative

In 2016, the National Institute of Standards and Technology (NIST) launched a global call to identify and standardize quantum-safe cryptographic algorithms.

After years of testing and peer review, NIST announced in 2022 the first finalists for standardization, officially moving to implement the first PQC standards in 2024.

The selected algorithms include:

  • Kyber (for key encapsulation and encryption)
  • Dilithium (for digital signatures)
  • SPHINCS+ (a stateless hash-based signature scheme)
  • Falcon (for efficient, compact digital signatures)

Example: Post-quantum encryption using Kyber

One of the great strengths of PQC is that many of these algorithms can already be used today in classical environments. Kyber, for instance, is a lattice-based encryption algorithm based on the Module Learning with Errors (MLWE) problem — considered hard even for quantum computers.

Below is a simplified example using Kyber512 in Python. Note: to run this code, you’ll need a library such as pqcrypto, or ideally a wrapper for liboqs — the C-based Open Quantum Safe library maintained by the open-source community.

Python example (Kyber key exchange)

# Requires: pip install pqcrypto

from pqcrypto.kem.kyber512 import generate_keypair, encrypt, decrypt

# Step 1: Generate keypair

public_key, private_key = generate_keypair()

# Step 2: Sender encrypts a shared secret using recipient's public key

ciphertext, shared_secret_sender = encrypt(public_key)

# Step 3: Recipient decrypts and derives the same shared secret

shared_secret_receiver = decrypt(ciphertext, private_key)

# Step 4: Compare shared secrets

print("Sender's shared secret:     ", shared_secret_sender.hex())

print("Receiver's shared secret:   ", shared_secret_receiver.hex())

print("Secrets match:", shared_secret_sender == shared_secret_receiver)

In this example, Kyber512 is used to establish a shared secret key in a quantum-resistant way. The algorithm is based on a problem known as Module Learning with Errors (MLWE), which remains computationally hard even for quantum computers.

The real-world challenges of PQC adoption

Transitioning to post-quantum cryptography won’t be as simple as installing a software patch. It involves:

  • Updating major cryptographic protocols (e.g., TLS, SSH, VPNs, blockchain)
  • Ensuring compatibility with legacy hardware and embedded systems
  • Retrofitting IoT devices, smart cards, and constrained environments
  • Educating security teams and engineers on new algorithm families

Huge companies like, Google, Microsoft, and Cloudflare have already begun integrating PQC into real-world infrastructure. Google, for example, ran experiments incorporating Kyber into TLS to secure HTTPS connections — part of their “hybrid cryptography” approach that combines classical and quantum-resistant encryption.

Crypto agility: planning for an uncertain future

Given that we don’t know when quantum computers will reach cryptographically relevant scale, a principle known as crypto agility is essential. It means designing systems that:

  • Can quickly switch to new cryptographic algorithms
  • Support hybrid schemes that combine classical and post-quantum methods
  • Maintain backward compatibility with legacy systems

Crypto agility isn’t a luxury — it’s a strategic necessity for protecting critical systems over the long term.

Businesses, governments, and technology providers must start planning for quantum-safe algorithms now, because the impact of the change will be profound, slow, and inevitable.

Implications for businesses and governments

The rise of quantum computing is not just a concern for researchers and cryptographers — it’s a profound shift that affects enterprises, governments, and the very foundations of national cyber defense.

It is a strategic issue, which directly involves companies, governments and critical infrastructures of each nation. The balance between innovative potential and systemic risk makes this technology a geopolitical issue, not just a technological one.

Why businesses need to act now

For businesses — particularly in sectors like healthcare, finance, telecommunications, manufacturing, and infrastructure — the risk is not theoretical. Any system that stores or transmits sensitive long-term data must start preparing for post-quantum threats today.

Why? Because the transition won’t be instantaneous. Updating cryptographic infrastructure — from legacy systemsand IoT devices to enterprise software, VPNs, and cloud backups — will take years of planning and implementation.

Example: A healthcare provider

Imagine a large hospital system storing millions of encrypted patient records using RSA or ECC. If quantum computing becomes viable within the next decade and those systems haven’t been updated, an attacker who used a “store now, decrypt later” strategy could retroactively unlock and expose all patient data, violating privacy laws and incurring severe reputational and financial damage.

To prevent this, the provider should begin testing post-quantum cryptographic libraries (such as Kyber for key exchange and Dilithium for digital signatures), and develop a roadmap for crypto migration across all critical systems.

Recommended actions for businesses:

  • Identify systems that rely on RSA or ECC
  • Conduct a crypto audit across all data storage and communication layers
  • Introduce crypto agility into development pipelines
  • Begin piloting hybrid cryptographic solutions (classical + post-quantum)
  • Train cyber security teams on post-quantum algorithms and tools

Governments: defense, sovereignty, and readiness

For governments, the challenge is both defensive and strategic. On one hand, they must protect national infrastructure, and on the other, ensure technological independence in a possible quantum arms race.

Example: Critical infrastructure

Systems controlling electric grids, water treatment plants, transportation, elections, and military operations must be quantum-secure.

If an adversarial nation deploys a quantum system first, unprotected infrastructure could be compromised without warning, leading to massive disruptions or covert data theft.

Recommended government actions:

  • Invest in post-quantum workforce development
  • Fund national PQC research and algorithm implementation
  • Establish certification labs for quantum-safe software and hardware
  • Gradually require PQC compliance in public procurement contracts
  • Collaborate internationally (e.g., NATO, EU, OECD) on cyber resilience

Cyber security is national security

In the age of cyberwarfare, post-quantum cyber security must be treated with the same level of urgency and resources as physical defense. Protecting today’s digital assets from tomorrow’s quantum threats means preserving economic stability, sovereignty, and civil liberties.

Some experts warn of a looming “global cryptographic crisis” if quantum computers emerge before a widespread transition to post-quantum cryptography is complete. In such a scenario, nations and companies that are prepared early will gain a decisive advantage — both in defense and innovation.

Conclusion

Quantum computing is poised to reshape the cyber security landscape. While it promises breakthroughs in various fields, it also presents unprecedented risks to data protection and encrypted communication.

The global transition to post-quantum encryption will be a defining challenge of the next decade. This isn’t science fiction — it’s a reality that requires action now to avoid catastrophic consequences in the near future.

Questions and answers

  1. What is quantum computing?
    It’s a new computing model based on quantum mechanics, using qubits that can represent multiple states simultaneously.
  2. Why is it a threat to cyber security?
    Quantum computers can break traditional encryption algorithms that secure today’s internet.
  3. What is post-quantum cryptography?
    It refers to encryption methods that are resistant to quantum attacks.
  4. What does “store now, decrypt later” mean?
    Attackers may save encrypted data now and decrypt it in the future with quantum computers.
  5. Are quantum attacks possible today?
    Not yet, but they’re expected within the next decade as quantum hardware improves.
  6. Who is working on solutions?
    Organizations like NIST and private companies are developing quantum-safe cryptographic standards.
  7. Are all types of encryption vulnerable?
    Mainly asymmetric encryption; symmetric encryption may be more adaptable with larger key sizes.
  8. Should companies worry now?
    Yes — updating systems takes time, so preparation must begin now.
  9. Will today’s encrypted data be safe tomorrow?
    Not necessarily. Sensitive data stored today might be compromised in the future.
  10. Is quantum computing only a threat?
    No, it also offers major advancements — but it must be carefully managed to avoid misuse.
4
To top