Preparing for the Quantum Leap

Quantum computing offers transformative potential for industry and governments by enabling faster, more accurate, and innovative solutions across various domains. It can revolutionize drug discovery and materials science, finance and logistics, climate modeling, and healthcare. Quantum algorithms could significantly improve machine learning processes, enabling advancements in AI applications like autonomous vehicles and natural language processing. 

While quantum computing offers transformative potential overall, its ability to undermine current cryptographic systems represents a critical threat that demands proactive preparation and global collaboration. Quantum computing is poised to significantly impact cryptography by challenging the security of many current encryption methods we rely upon for digital trust. Quantum computers could break widely used public-key cryptographic algorithms (e.g., RSA, ECC) that secure financial transactions and sensitive data. This advancement creates an “encryption cliff,” where current encryption methods may become obsolete once quantum computers reach sufficient power. The “harvest now, decrypt later” strategy is also a pressing concern, where attackers collect encrypted data today to decrypt it in the future using quantum capabilities.

A breach of cryptographic systems could lead to widespread instability, as quantum-powered attacks could compromise financial systems, logistic platforms, government operations, critical infrastructure, and customer data across institutions. For example, failure to secure financial systems could lead to widespread fraud, theft, and loss of trust in digital transactions. The economic impact could be catastrophic if attackers gain the ability to forge digital signatures or disrupt blockchain systems. If encryption becomes unreliable, trust in digital communications, e-commerce, and online services will erode.

The threat posed by quantum computing does not affect cryptography equally.   There are two primary forms of cryptographic vulnerability:

• Asymmetric cryptography: Public-key cryptographic systems like RSA, Diffie-Hellman, and Elliptic Curve Cryptography (ECC) rely on the difficulty of mathematical problems such as factoring large integers or solving discrete logarithms. Quantum algorithms, notably Shor’s algorithm, can solve these problems exponentially faster than classical computers, rendering these systems insecure once sufficiently powerful quantum computers become available.
• Symmetric cryptography: Symmetric encryption algorithms like AES are less vulnerable but not immune. Grover’s algorithm can reduce the security of symmetric algorithms by effectively halving their key length. For instance, AES-256 would offer the equivalent protection of AES-128 against quantum attacks, necessitating longer key lengths to maintain robustness.

The good news is that the cryptographic innovation we need to address this risk now exists. In August 2024, NIST published the first Federal Information Processing Standards (FIPS) for PQC Algorithms. These include:

• ML-KEM for key encapsulation mechanisms.
• ML-DSA for digital signatures.
• SLH-DSA for stateless hash-based signatures.

A fourth digital signature scheme, Falcon (FIPS-206), is expected to be certified by mid-2025. NIST recently announced HQC, a new key encapsulation mechanism for future certification as well.

The most recent benchmark results for NIST’s finalized post-quantum cryptography (PQC) algorithms, as of 2025, highlight their performance and readiness for deployment. The performance characteristics of the new post-quantum cryptographic (PQC) algorithms and quantum approximate optimization algorithms are encouraging and offer strong security and efficient performance. While the suite of PQC algorithms generally requires larger key sizes compared to traditional cryptography, early results are promising for making them less efficient for bandwidth-constrained systems.

NIST has not finished its search for additional digital signature algorithms during its PQC standardization process. NIST advanced fourteen (14) candidates to the second round of evaluation in October 2024. Second-round candidates were a refined subset of the first-round submissions, chosen based on their potential for robustness, efficiency, and practicality. Key reasons for NIST starting the second round include the desire to introduce various cryptographic methods to provide additional security, performance, and implementation characteristics of the selected algorithms. The rationale for the second round includes addressing feedback from the cryptographic community and improving confidence in their robustness against quantum and classical attacks. 

The PQC process has reached a pivotal stage with the publication of initial standards and ongoing evaluations of additional algorithms. The transition to quantum-resistant systems will require sustained effort from governments, industries, and standards organizations over the next decade to ensure widespread adoption and security against evolving threats. 

Our next post will explore advances in PQC and the global advisory and regulatory landscape propelling the industry forward.