INSIGHT

Harvest now, decrypt later: why post-quantum security starts today

The public-key cryptography that protects most internet traffic, VPNs, signatures and stored data relies on mathematical problems that are hard for classical computers. A sufficiently powerful quantum computer running Shor's algorithm would solve those problems efficiently, which would break RSA and elliptic-curve cryptography as we use them today.

The threat arrives before the computer

No quantum computer today can break modern encryption, and estimates of when one will differ widely. The uncomfortable part is that the risk does not wait for the machine. An attacker who captures encrypted traffic or steals encrypted archives today can simply store them and decrypt them once a capable quantum computer exists. For data that must stay confidential for ten or twenty years, such as health records, state and defence information, intellectual property and long-term contracts, the exposure has already started. This attack pattern is known as harvest now, decrypt later.

The standards are ready

In August 2024 the US standards institute NIST published its first finalized post-quantum cryptography standards, including ML-KEM for key exchange and ML-DSA for digital signatures. Browsers, operating systems and cloud providers have started rolling them out. The open question for most organisations is no longer which algorithms to use, but how to get their own landscape migrated.

What a realistic migration looks like

Inventory. Most organisations do not know where all their cryptography lives. The first step is a cryptographic inventory: which systems use which algorithms, for which data, with which partners.

Prioritisation. Data with a long confidentiality lifetime and systems that exchange keys over public networks come first. Data that loses its value quickly can wait.

Crypto-agility. The deeper fix is designing systems so that algorithms can be replaced without rebuilding the application. Organisations that invested in crypto-agility will treat the next algorithm transition as maintenance instead of as a programme.

Pilots and rollout. Hybrid schemes, which combine a classical and a post-quantum algorithm, allow a gradual and reversible rollout, starting with external connections and the most sensitive data flows.

Start with an assessment

A quantum-readiness assessment answers three questions: what is exposed, what has to move first, and how much time do you realistically have. Our quantum security practice runs these assessments and builds the migration plans that follow from them.

Questions about this topic?

We are happy to discuss how this applies to your organisation.

Contact us