Hard drives are silently building up somewhere in an unremarkable server farm, perhaps in Virginia or a Chinese state that neither nation will openly admit. Anyone who touches the data that is currently arriving there will find it useless.
Traffic that has been encrypted includes bank transfers, intercepted emails, and possibly orders from a general. It was all jumbled and unintelligible. Nevertheless, a significant amount of money is being spent to retain it. It’s worth pausing to consider that detail.
| Topic Overview: The Coming Crisis in Cryptography | |
|---|---|
| Core Subject | Post-Quantum Cryptography & the threat of quantum computing to RSA/ECC encryption |
| Key Algorithm at Risk | RSA (Rivest–Shamir–Adleman) and ECC (Elliptic Curve Cryptography) — both computationally secure, not information-theoretically secure |
| The Threat | Shor’s Algorithm (1994), which can factor large primes exponentially faster using quantum computation |
| Originator of Threat | Peter Williston Shor, born August 14, 1959 — American theoretical computer scientist at MIT |
| Timeline to Risk | Private sector estimates: 5–15 years; academic estimates: 15–25 years for a fully capable quantum computer |
| Qubits Required to Break RSA-2048 | Between 4,000 and 10,000 qubits (depending on quantum gate configuration) |
| NIST Estimate | Attack-capable quantum computer possible by 2030, at an estimated cost of $1 billion USD |
| Global Government R&D Investment | Estimated at $1.7 billion USD across the U.S., China, Canada, UK, Germany, and EU nations |
| Private Sector Players | IBM, Google, Microsoft, Intel, HP, Toshiba, Mitsubishi, Nokia Bell Labs, Lockheed Martin, Raytheon |
| VC Funding in Quantum (since 2012) | Over $334 million invested, with more than 80% concentrated in recent funding rounds |
| Key Strategy by Adversaries | “Store Now, Decrypt Later” (SNDL) — intercepting and archiving encrypted data today for future decryption |
| Response Framework | Post-quantum / quantum-safe cryptography development led by NSA, NIST, and ETSI |
| Governing Bodies on Standards | U.S. National Security Agency (NSA), National Institute of Standards and Technology (NIST), European Telecommunications Standards Institute (ETSI) |
This is not a conspiracy idea; rather, it is the “Store Now, Decrypt Later” approach. For years, cybersecurity researchers and intelligence professionals have been discussing it publicly. The reasoning is coldly logical: RSA and ECC, the most powerful encryption methods available today, are not mathematically unbreakable. Simply speaking, cracking them is computationally taxing. To brute-force a 2048-bit RSA key, a classical computer—even one with millions of operations per second—would require more time than the universe. Therefore, enemies aren’t attempting to breach it at this time. A machine that can is what they are waiting for.
The theoretical foundation for that machine dates back to 1994, when a mathematician by the name of Peter Shor unveiled an algorithm that, on paper, completely destroys the arithmetic supporting the majority of internet security. Nothing was built by Shor. He only demonstrated that it was feasible.
Instead of using fatigue to guess the private key, his algorithm finds a shortcut through the prime number structure itself, reducing what should take millennia to perhaps hours. It was practically an academic curiosity at the time. It didn’t have the quantum computer needed to operate it. It was like to releasing a flawless map of a hidden treasure beneath the sea.
The submarines are improving after thirty years. A number of national governments, IBM, Google, Microsoft, and a number of well-funded startups are competing with one another to construct a machine with enough stable qubits to enable Shor’s algorithm to function at scale. When that occurs is estimated to vary greatly. Voices from the private sector are generally upbeat: five to fifteen years. Scholarly investigators are typically more circumspect, recommending fifteen to twenty-five. NIST has discreetly set a deadline of 2030 for the development of an attack-capable quantum computer, which would cost approximately $1 billion. It tells something that agencies are taking that estimate seriously.
The term “computationally secure” does a lot of quiet work in contemporary technology, so it’s important to grasp what it really implies. Nearly everything we rely on on the internet is safeguarded by mathematical discomfort rather than mathematical impossibility, including banking, messaging, government communications, and medical records. The difficulty of factoring large prime numbers is the foundation of RSA. Reverse-engineering a point as it bounces across an elliptic curve is nearly impossible, which is the foundation of ECC. Both presumptions are false in the case of classical computers. If Shor’s algorithm is implemented by a sufficiently strong quantum machine, neither assumption is true. The lock is genuine. It’s simply designed for a different type of key.
Researchers in this field believe that the public is unaware of the seriousness of the situation or how near the deadline may actually be. Building the quantum computer is not the only issue. Before the machine is delivered, the new encryption standards are being developed, and the entire worldwide internet will then switch to them. The difficult part is the last one. It took years to switch to HTTPS. The deprecation of SHA-1 took longer than anyone had anticipated. The clock doesn’t care about procurement processes or legacy infrastructure; post-quantum cryptography standards must be developed, tested, implemented, and embraced across billions of devices and systems.
In an effort to standardize post-quantum algorithms, NIST has been holding a formal competition from 2016. The first finished candidates were announced in 2024. That is real progress. However, it’s possible that development is still moving too slowly or that the new algorithms will have flaws of their own that we haven’t yet discovered. The unsettling tendency of cryptographic history is to expose flaws in standards once they have been widely accepted. The effectiveness of the new strategies against unimagined attack vectors is still unknown.
As I see this develop, the problem’s structure seems almost unsettling. The repercussions are nearly impossible to visualize, the threat is mostly imperceptible, and the timing is unclear. A world in which communication that has been encrypted for decades suddenly becomes readable is not one of minor annoyances. In this world, anyone who has the patience to wait can access secret medical diagnoses, financial negotiations, classified military strategies, and private discussions. Even if it doesn’t always make headlines, there is a true race to stay ahead of that moment. The researchers who are working on it are aware of what lies ahead. Whether everyone else will move quickly enough to be significant is the question.
