Quantum Crypto Planning for Analog Folks

Before AI became the defining item in tech and cybersecurity discussions we were all starting to prepare for the quantum computing era. Well, news flash: quantum computing is still on the way, and if you believe some folks much sooner than later.

In some ways quantum computing is really just going to boil down to much faster processing. Faster processing opens up new opportunities for how many things we do with computers will be able to impact our real lives, such as making complex AI interactions even more instantaneous than they currently are, and modeling complex math much faster, such as the wind tunnel simulations needed for everyone from F1 to NASA.

But one of the things that will definitely impact all of us more than we may expect is the impact on quantum computing on cryptography and the encryption that makes the Internet work relatively safely and reliably.

Modern Cryptography Explained With No Math

Cryptography is based on extremely complicated math that it generally takes a lifetime of study to really get the ins and outs of. But here are the key points we all need to understand:

1. Encryption allows us to have private conversations across the public space. In fact more than 90% of your actual web browsing uses encrypted connections between your browser and the web server you're connecting to.
2. Encryption actually allows us to authenticate who we are talking to, or who wrote the code we've downloaded. This is critical in the fight against impersonation and supply chain attacks that are attempted continuously by "the bad guys." It is also the key methodology by which blockchain solutions track transactions. Put another way, the entire digital currency world (think Bitcoin, etc.) depends on this to function.
3. Encryption ciphers and algorithms are extremely difficult to get right, and we've already retired many, many of them for not being robust enough for the present day. Sometimes because they had unidentified flaws, and sometimes because the math was just too simple for modern computing power, rendering them incapable of securing data in a meaningful way.
4. All encryption is just a stall tactic. This is a tough one for people to grasp, but it is perhaps the most important concept in cryptography: there is no such thing as an unbreakable code, only code that takes more time and effort to break than it is worth. That means we can use relatively simple encryption to protect data that only needs to be protected for a short period - minutes through months - but much stronger encryption for data that needs to be protected for years or decades.

The Quantum Encryption Threat

The big scary threat of quantum computing is that encryption which is currently too difficult to meaningfully decrypt over the course of years becomes trivial to decrypt in minutes, because of the extreme leap in computing capabilities that quantum computing represents. Part of this is pure speed, part of it is in processing the math in a different way than we do with computers today. This threatens not only the data we're trying to keep safe for short periods of time, but data we need to keep safe for a lifetime, such as your medical records, personal identification records such as your social security number, and even your passwords and MFA codes stored in your password manager. Oh, and that blockchain that runs things like cryptocurrencies? Yeah, the whole thing could literally collapse overnight once quantum computing is unleashed against that particular system.

Mandated Migration Already Happening

The good news is that governments around the world are already mandating "quantum-ready" encryption systems be deployed soon. The US, France, and other nations are pushing aggressively to keep up with the concerns. There are also already some approved "quantum-ready" encryption ciphers that are starting to roll out, but those are rolling out slowly. Many encryption solutions have already been designed as modular, and capable of adjusting to new ciphers with a minimum of effort. For example, the TLS systems that run so much of the Internet are modular, and just need the new ciphers to be installed into their libraries: the functionality of the process they use to do encryption and decryption will remain largely unchanged beyond that.

The bad news is that older systems with slower processors and smaller address spaces may experience significant overhead related to these new ciphers compared to the ones in use today. That project you're running on a 15 year old Raspberry Pi might not be able to hack it going forward. The other bad news is this: we're demonstrably very bad at updating our systems. For example, in a study published in June of 2026, almost 16% of inspected domains still rely on TLS 1.2 for encryption, a standard that is incapable of supporting quantum-ready encryption solutions. For reference, TLS 1.2 was published in 2008 (almost 20 years ago) and was superseded by TLS 1.3 - which can support quantum-ready encryption - in 2018. Even worse, many of those legacy systems trace back to government and banking systems - you know, things we really want to protect. I can't even begin to imagine what the state of encryption is for systems that aren't typically Internet accessible: we tend to assume that we can relax controls like this if we are operating inside our own networks.

Harvest Now, Decrypt Later

So it gets a bit worse than that as well. There's an attack methodology described as "harvest now, decrypt later" (HNDL). This methodology is extremely simple to describe: I simply copy all the encrypted traffic, files, etc. that I can get my hands on and I store it somewhere (storage is relatively inexpensive at this time in our history) until such time as I can decrypt it with a quantum system at a fraction of the time and effort it would take today. This would seem to be an extremely effective attack against the types of data that need to be protected for decades, such as government communications, healthcare data, and identity information.

That said, there are some drawbacks to this sort of attack.

1. We've seen how efficient attacks are against unencrypted data inside of organizations. The success of foreign government in infiltrating US government environments, and the success we've seen from ransomware groups suggests that HNDL attacks may still be more work than they're worth.
2. Contrary to popular belief, traffic on the Internet isn't visible to everyone everywhere anyway. For traffic between two systems in the US, for example, there's extremely little chance that the encrypted traffic would reach Canada or Mexico, let alone get routed through an unfriendly country. That means mass surveillance of this type isn't the most likely - and would be pretty easy to identify the duplicate traffic being redirected to a storage solution somewhere.
3. So HNDL attacks are most likely to be carried out against specific targets where other means of getting inside the environment to reach the unencrypted data is more difficult. So if you're a person with an elevated risk level due to your job or activities you may want to be on guard against this type of attack, but for a great many of us we're not quite as likely to be caught up in this specific attack type.

Preparing For the Age of Quantum Cryptography

Whether you're concerned for your organization or concerned for yourself, there are concrete steps you can take to prepare for the upcoming quantum cryptography paradigm shift:

1. Find and upgrade legacy encryption solutions in your environment, deploy quantum-ready encryption solutions wherever possible. There are both commercial and free solutions for scanning your environment both inside and out.
2. Disable TLS 1.2 (and older) protocols in your browser. Yes, this may break access to some websites, (about 16% of them, per the study quoted earlier) but that's worth knowing if you're interacting with them regularly. Every browser has slightly different ways of adjusting this, you'll need to look up how to do it in yours.
3. Minimize the sensitive data you send and receive over the Internet. Keep things like PHI, PII, and data you need to keep confidential and safe for years and decades to yourself as much as possible. If you're a business, don't ask for that data unless you absolutely need it.
4. Plan now to replace hardware that can't reasonably support quantum-ready encryption and start that replacement as soon as possible: it may take longer than you expect.

Quantum computing is a revolution that is still coming. The intersection of it and AI is going to be revolutionary. But we can begin preparing for it now so we aren't unprepared when it arrives.