RSA and ECC Are Dying: Quantum Computing Is About to Break Today’s Encryption
Modern cybersecurity depends on encryption standards like RSA and ECC, which have reliably protected sensitive data for decades. But this foundation is now under serious threat. Quantum computing, a rapidly advancing technology, uses the unique properties of quantum mechanics to solve problems that classical computers cannot—most critically, the ability to break widely used cryptographic algorithms.
This shift is not theoretical. Nation-states and cyber adversaries are already collecting encrypted data, intending to decrypt it once quantum capabilities mature. The timeline for when quantum computers will break encryption is uncertain, but the outcome is inevitable—and the need to act is urgent.
Understanding Quantum Computing: A New Paradigm
Quantum computing is a radically new computational model that uses qubits instead of classical bits. Qubits can exist in superposition (representing both 0 and 1 simultaneously) and exhibit entanglement, enabling quantum computers to process many possibilities in parallel. This means they can potentially solve specific problems exponentially faster than classical machines.
Although today’s systems have just a few hundred physical qubits, the concept of quantum supremacy—achieved by companies like IBM and Google—proves that quantum machines can already outperform traditional supercomputers on niche tasks. However, to break strong encryption algorithms like RSA-2048, experts estimate the need for millions of error-corrected (logical) qubits, which we are still far from achieving.
The field continues to evolve rapidly, with efforts focused on increasing Quantum Volume (a metric reflecting qubit count, coherence, and error rate) and improving quantum error correction. While quantum computing isn’t a current threat to encryption, its fast-paced development signals inevitable disruption to today’s cryptographic systems.
The Quantum Threat to Classical Encryption
Modern cybersecurity depends heavily on public-key encryption algorithms like RSA and Elliptic Curve Cryptography (ECC), which protect data across VPNs, HTTPS, emails, and digital signatures. These systems are considered secure because the mathematical problems they rely on—integer factorization for RSA and discrete logarithms for ECC—are extremely time-consuming for classical computers to solve.
However, the development of Shor’s algorithm in 1994 changed everything. Shor’s method allows a quantum computer to solve these problems exponentially faster, enabling it to derive private keys from public ones in polynomial time. This would completely break RSA and ECC, leaving encrypted communications and digital signatures vulnerable to decryption and forgery.
The Implications of Breaking RSA and ECC
If RSA and ECC are compromised, attackers could derive private keys, decrypting sensitive information and impersonating legitimate entities. This would threaten:
- Secure web traffic (HTTPS)
- Digital signatures
- Email communications
- Blockchain transactions
- Software update authenticity
- Authentication systems
The fallout could affect critical sectors such as finance, healthcare, and government, disrupting trust in global digital infrastructure.
Symmetric Cryptography: Less Impact, Still Important
Symmetric encryption (e.g., AES) also faces challenges from quantum computing, but to a lesser extent. In 1996, Grover’s algorithm showed that quantum computers can search keyspaces in square-root time—essentially halving the effective bit-strength of symmetric keys.
- AES-128 would offer only 64 bits of security under quantum attack—insufficient for secure use.
- AES-256 would retain an effective strength of about 128 bits, making it a better post-quantum choice.
A simple rule: double symmetric key lengths to maintain equivalent security in the quantum era.
Shor’s Algorithm: A Quantum Kryptonite for RSA/ECC
Shor’s Algorithm poses a direct and powerful threat to public-key cryptography, such as RSA and ECC. It allows quantum computers to factor large integers and solve discrete logarithms exponentially faster than classical computers.
This undermines the mathematical foundations of RSA-2048 and similar systems, potentially allowing encrypted data to be decrypted if a quantum computer with enough high-quality, error-corrected qubits becomes available. Though such machines don’t exist yet, development is accelerating, with experts predicting cryptographically relevant quantum computers (CRQCs) could emerge by 2030. Organizations are being urged to prepare now, as a quantum breakthrough would have far-reaching security implications.
Grover’s Algorithm: Speeding Up Brute Force
Grover’s Algorithm targets symmetric encryption (like AES) and hash functions by offering a quadratic speed-up in brute-force searches. While it doesn’t break these systems, it effectively reduces their bit-level security by half (e.g., AES-128 becomes equivalent to 64-bit security).
To mitigate this, experts recommend using AES-256 and longer hash outputs (e.g., SHA-384/512). Unlike Shor’s algorithm, Grover’s requires many sequential operations, making its impact less immediate—but still significant for long-term cryptographic planning.
How Soon Could Quantum Break Encryption? (Current State and Timeline)
Forecasting the arrival of quantum computers powerful enough to crack encryption – often dubbed “Q-Day” – is challenging.
Forecasting “Q-Day”: When Will Encryption Break?
Estimating the arrival of quantum computers capable of breaking encryption—commonly referred to as “Q-Day”—is complex and uncertain. It hinges on advances in quantum hardware, error correction, and engineering breakthroughs. Projections vary:
- Gartner predicts RSA and ECC will become unsafe by 2029, and potentially broken by 2034.
- Others estimate that 2048-bit RSA could be vulnerable by the early 2030s.
- On the conservative side, some researchers suggest 15–20 years may still be needed due to the immense complexity of building a fully error-corrected quantum machine.
Despite differing views, the overall consensus is that a practical threat to classical encryption will likely materialize within the next two decades—and possibly much sooner.
Current State of Quantum Computing (2025)
As of 2025, companies like IBM, Google, and IonQ have developed quantum processors with a few hundred physical qubits. Demonstrations of quantum supremacy and basic implementations of Shor’s algorithm have been achieved, but only on trivial problems. Breaking RSA-2048 remains vastly more difficult:
- Millions or billions of qubits may be needed to run Shor’s algorithm effectively for real-world encryption.
- Research is ongoing into more efficient algorithms and error-correcting codes to reduce this requirement.
- A sudden breakthrough in quantum error correction could dramatically speed up the timeline, adding unpredictability.
Due to this uncertainty, agencies like ENISA and CISA urge organizations to start preparing now rather than wait for a fully capable quantum computer to emerge.
The “Harvest Now, Decrypt Later” Risk
A major concern driving early action is the “Harvest Now, Decrypt Later” (HNDL) scenario. This refers to attackers collecting encrypted data today with the intent to decrypt it in the future once quantum technology matures. This is especially dangerous for:
- Healthcare data
- Government and military secrets
- Long-term financial records
- Intellectual property
Because of this looming risk, data confidentiality can’t be guaranteed just because quantum decryption hasn’t yet arrived.
Government Response and Urgency
Governments are not waiting for Q-Day. In May 2022, the White House issued NSM-10, prioritizing national defense against quantum threats. This was followed by:
- The Quantum Computing Cybersecurity Preparedness Act
- Directives for federal agencies to inventory cryptographic systems
- An NSA mandate for all federal systems to switch to quantum-resistant encryption by 2035
Post-Quantum Cryptography (PQC): The New Line of Defense
As the saying goes, “forewarned is forearmed.” The cybersecurity community isn’t sitting idle; in fact, a massive effort has been underway to develop and standardize post-quantum cryptography (PQC) – encryption algorithms designed to be secure against both classical and quantum attacks.
What Is Post-Quantum Cryptography?
Post-Quantum Cryptography (PQC) is a proactive effort by the cybersecurity community to build encryption algorithms resistant to both classical and quantum attacks. Unlike RSA and ECC, PQC relies on mathematical problems that quantum computers are not expected to solve efficiently, such as:
- Lattice-based cryptography (e.g., Shortest Vector Problem)
- Hash-based signatures
Code-based schemes - Multivariate polynomial problems
These techniques offer promising foundations for public-key encryption and digital signatures that can withstand future quantum threats.
NIST’s Standardization Effort
In 2016, NIST launched a global competition to evaluate PQC algorithms. By July 2022, four candidates were selected, and in August 2024, the first standards were finalized:
- CRYSTALS-Kyber (FIPS 203) – For encryption and key establishment, offering strong security and manageable key sizes.
- CRYSTALS-Dilithium (FIPS 204) – A digital signature scheme with robust quantum resistance.
- SPHINCS+ (FIPS 205) – A stateless, hash-based signature providing diversity in approach.
In March 2025, NIST also approved HQC (Hamming Quasi-Cyclic) as a backup encryption standard, ensuring cryptographic diversity and resilience.
Government and Industry Push Toward PQC
PQC adoption is now a major policy and strategy goal:
- The U.S. Department of Homeland Security published a PQC Roadmap urging organizations to identify and upgrade vulnerable cryptographic systems.
- The White House estimated that migrating federal systems to PQC could cost $7.1 billion by 2035.
- Gartner has declared PQC a top strategic technology trend for 2025, emphasizing the importance of crypto agility—the ability to quickly adopt new algorithms.
Major companies like IBM, Cloudflare, Google, and consultancies like Accenture have launched quantum-readiness assessments, quantum-safe architecture planning, and pilot tests of PQC algorithms in real-world applications like TLS and VPNs.
Global Collaboration
The PQC movement is global. Key international efforts include:
- ENISA and ETSI in Europe publishing guidance on quantum-safe cryptography.
- Canada, Japan, and Australia developing national transition strategies.
- The World Economic Forum assembling a multi-country alliance focused on standardizing and promoting PQC.
In essence, PQC is now a global initiative aimed at ensuring cryptographic security before the arrival of large-scale quantum computers.
Transitioning to Quantum-Resilient Strategies (Act Now, Not Later)
Transitioning to post-quantum cryptography is a complex, multi-year journey – and starting early is crucial.
The Complexity of Migration
Moving to post-quantum cryptography (PQC) is not a routine software update—it’s a multi-year transition that touches nearly every aspect of modern IT. From browsers and VPNs to IoT devices and authentication systems, many infrastructures were not designed for crypto agility.
Because of long hardware refresh cycles and deeply embedded cryptographic components, updates can be time-consuming and expensive. This makes early planning essential. Gartner forecasts that by 2026, one in five organizations will already be budgeting for quantum threats.
Mapping and Prioritizing Cryptographic Assets
The transition begins with a full cryptographic inventory—identifying where and how RSA/ECC is used across applications, protocols (e.g., TLS, SSH, IPSec), and third-party tools. This often reveals outdated protocols or hardcoded keys still in production.
Once the inventory is complete, organizations must prioritize systems and data for PQC based on sensitivity and lifespan. Long-term confidential data like medical records or national secrets should be protected first. Systems that can be upgraded via software get attention before those needing hardware overhauls.
Implementing Hybrid Encryption
Hybrid encryption combines classical and post-quantum algorithms, enabling organizations to secure systems now while preparing for the future.
It offers backward compatibility and resistance to quantum threats. Standards like RFC 8784 and RFC 9370 guide the development of quantum-safe VPNs, and companies like Palo Alto Networks already support hybrid modes in protocols like IKEv2. This approach buys time for a gradual shift without leaving systems exposed.
Updating Protocols and Vendors
As NIST’s PQC standards roll out (starting in 2024), organizations will need to upgrade libraries, protocols, and vendors to support them. That means preparing for:
- New TLS cipher suites
- PQC-enhanced versions of SSH and VPNs
- Quantum-resistant certificates from CAs
- Hardware updates to support new crypto standards
Choosing vendors with clear quantum-readiness roadmaps will be essential for a smoother transition.
Piloting and Training for PQC
Post-quantum algorithms often differ in performance and key size, so real-world testing is vital. Early pilots (e.g., setting up a quantum-safe VPN or using PQC for authentication) help uncover issues before full deployment.
At the same time, training cybersecurity teams on quantum fundamentals is critical. The shift isn’t only technical—it’s organizational. Upskilling teams and engaging leadership fosters a security-first mindset.
Building Crypto Agility
A long-term strategy must include crypto agility—the ability to swap out cryptographic algorithms easily. That involves modular design, governance (e.g., crypto steering committees), and embedding cryptographic updates into change management workflows.
The lesson from recent PQC developments, such as the breakage of SIKE during the NIST competition, is that flexibility is crucial. Agility ensures systems can pivot when an algorithm is compromised or standards evolve.
Why You Should Act Now
This isn’t just a theoretical threat. Like the Y2K crisis, waiting too long could trigger widespread disruption—but the quantum risk is deeper, threatening the core of digital trust. Deadlines like 2035 from the NSA are designed for massive public systems, but private enterprises should act well before then.
Those who prepare now will not only reduce risk but also gain a competitive advantage by signaling resilience and forward-thinking security leadership. Delay, on the other hand, could result in data breaches, compliance violations, and reputation damage once quantum computers become a reality.
The push for quantum-resistant security is a collaborative effort across government, academia, and industry. Here are some noteworthy initiatives and milestones driving the transition:
NIST and Global Standardization
The National Institute of Standards and Technology (NIST) has been at the forefront of the quantum-safe movement. Its PQC standardization competition, which began in 2016, has now finalized its first set of quantum-resistant algorithms, with ongoing work in Round 4 to assess additional candidates like HQC and Classic McEliece.
NIST is also developing implementation guidelines, reference libraries, and testing tools to assist organizations in the transition. Globally, standards bodies like ISO, ETSI, and ENISA in Europe are aligning with NIST’s efforts, while China is reportedly crafting its own national standards in parallel.
Government Policies and Funding
Governments worldwide are actively preparing for the post-quantum future. In the U.S., NSM-10 and the PQC Cybersecurity Preparedness Act have mandated that federal agencies inventory existing cryptographic systems and begin planning their migration.
The NSA’s CNSA 2.0 roadmap outlines interim measures and final adoption of NIST PQC algorithms. The EU, China, and other nations are also funding quantum R&D at scale—billions of dollars are being poured into quantum technologies and security infrastructure, reflecting the strategic urgency of staying ahead in what some describe as a “quantum arms race.”
Tech Industry Momentum
Tech giants are not waiting. IBM, Microsoft, AWS, and Google are incorporating PQC into their platforms and services. For instance, AWS has introduced post-quantum cipher support in KMS, while Microsoft is exploring PQC for Azure and open-source projects.
Google began PQC testing in TLS as early as 2019. Hardware vendors like Intel and AMD are designing next-gen encryption accelerators tailored for PQC’s unique performance demands.
Cybersecurity vendors are innovating too: Thales, Entrust, and emerging startups like PQShield, Quantum Xchange, and QuSecure are rolling out quantum-safe products, including network encryptors, key management tools, and quantum key distribution (QKD) solutions.
Collaboration and Industry Readiness
Collaboration is key to scaling quantum security. Initiatives like the Quantum Economic Development Consortium (QED-C) and the Global Quantum Safe Security Working Group foster cross-sector cooperation.
In 2024, CISA launched a “Quantum-Readiness” challenge to encourage tools for automated cryptographic discovery and agile migration. Major sectors—finance, telecom, and tech—are testing interoperability pilots to ensure quantum-safe communications work across institutions.
Awareness and Training Initiatives
Awareness-building is in full swing. The U.S. Department of Homeland Security (DHS) has released educational infographics and roadmaps, while the World Economic Forum has issued briefs targeted at executives.
Cybersecurity leaders like Trend Micro, CrowdStrike, and Kaspersky are publishing threat intelligence reports emphasizing the timeliness of quantum risk preparedness. Gartner’s recognition of PQC as a top strategic trend for 2025 has also brought the topic into the boardroom, pushing CISOs and CIOs to plan ahead.
Secure IT Consult: Guiding Your Quantum-Resilient Journey
Secure IT Consult helps organizations transition to quantum-safe encryption through a structured, expert-led approach. As a cybersecurity managed services provider, the firm offers support at every stage of the post-quantum journey—from assessment to implementation and ongoing compliance.
The process begins with a Quantum Readiness Assessment, where Secure IT Consult audits your current cryptographic systems using discovery tools to identify vulnerabilities. Based on this, they create a phased migration roadmap tailored to your organization, aligned with NIST and CISA guidelines.
Our implementation strategy emphasizes crypto agility and involves integrating post-quantum algorithms like CRYSTALS-Kyber or Dilithium, upgrading VPNs and certificates, and future-proofing critical systems. Their close alignment with NIST standards ensures your security investments are compliant and up to date.
Secure IT Consult also leverages Palo Alto Networks Strata, configuring next-gen firewalls and VPNs with hybrid quantum-resistant protocols, ensuring your network is prepared against future quantum threats. They utilize Strata’s centralized management to roll out updates quickly and maintain strong security without compromising performance.
Beyond deployment, Secure IT Consult offers continuous monitoring and compliance support, keeping your encryption aligned with emerging regulations and threat landscapes. They also provide training and executive briefings, helping your team stay informed and prepared.