What Quantum Computing Means for Encryption (And When to Worry)

Quantum computers can break today’s encryption. That’s the headline. But when will it actually matter? And what can you do about it?

The short answer: not tomorrow, but sooner than you might think. Here’s what you need to know.

The Threat

Most modern encryption relies on hard math problems: factoring large numbers (RSA), or finding discrete logarithms (Diffie-Hellman, elliptic curves). Classical computers struggle with these—they’d take billions of years to crack a 2048-bit RSA key. Quantum computers, in theory, can do it in hours.

Shor’s algorithm, developed in the 1990s, can factor large numbers efficiently on a quantum computer. If you have a large enough quantum computer, you can break RSA, Diffie-Hellman, and most of the encryption that secures the internet today.

The catch: we don’t have quantum computers that big yet. Current machines have hundreds of qubits, not the millions needed for Shor’s algorithm on real-world keys. But the gap is narrowing. IBM, Google, and others are scaling up. Timeline estimates range from 5 to 20 years. Nobody knows for sure.

Grover’s algorithm is another quantum threat: it speeds up brute-force search by a square root. That halves the effective key length. A 256-bit symmetric key becomes 128-bit equivalent—still hard, but less margin. AES-256 remains quantum-resistant for practical purposes. The main concern is public-key systems: RSA, Diffie-Hellman, ECDH.

Store Now, Decrypt Later

Here’s the scary part. Attackers can capture encrypted data today and decrypt it later—when quantum computers are ready. If someone records your encrypted traffic today, they can store it and wait. In 10 or 15 years, a quantum computer might crack it.

That matters for long-term secrets: government intelligence, corporate trade secrets, medical records. If the data needs to stay secret for decades, “store now, decrypt later” is a real threat. For most consumer data—passwords, credit cards, casual email—the window is shorter. By the time quantum computers can crack today’s encryption, that data may already be obsolete.

But for high-value targets, the threat is real. Organisations handling sensitive long-term data need to plan now.

Post-Quantum Cryptography

The response is post-quantum cryptography (PQC): algorithms designed to resist quantum attacks. Instead of factoring and discrete logarithms, PQC uses different math—lattice-based, hash-based, code-based—that quantum computers can’t easily break.

NIST has standardised several PQC algorithms. The transition is underway. Browsers, operating systems, and protocols will add PQC support over the next few years. The goal is to have PQC deployed before quantum computers become a practical threat.

The transition will be gradual. Hybrid schemes—combining classical and post-quantum algorithms—let you add PQC without breaking compatibility with older clients. Chrome, Firefox, and other browsers are already testing PQC in TLS. The migration will take years, but it’s started.

Developers don’t need to implement PQC themselves. Use libraries and frameworks that support it when available. OpenSSL, BoringSSL, and others are adding PQC support. Keep your dependencies updated.

When to Worry

Most individuals don’t need to worry yet. Use strong passwords, enable 2FA, keep software updated. The immediate threats—phishing, ransomware, data breaches—are classical, not quantum.

Organisations handling long-term secrets should start planning. Evaluate PQC options. Monitor NIST and vendor timelines. When PQC support is available, adopt it. Don’t panic, but don’t ignore it.

The Takeaway

Quantum computing will eventually threaten today’s encryption. The timeline is uncertain—years, not months. Post-quantum cryptography is the fix, and the transition is already happening. For most people, stay the course. For high-value targets, plan ahead.