Quantum computing promises to solve problems that today feel impossible: better medicines, new materials and breakthroughs in energy. But that same power can undo the digital locks that protect bank transfers, private chats and trade secrets.
Does that sound exaggerated? It isn't. What today seems like science fiction already has a name in practice: CRQC (Critically Relevant Quantum Computer) and attack strategies like “store now, decrypt later.” Bad actors are collecting encrypted data today, waiting for the day a large quantum machine can open it.
What's really happening?
The key difference is that quantum computers can evaluate many options at once, which makes them especially powerful for certain kinds of problems. That’s a huge advantage for science, but a serious risk for public-key cryptography (like RSA or ECC) that we use today to guarantee privacy and integrity.
That’s why post-quantum cryptography, PQC, exists: algorithms designed to resist attacks from quantum computers. After an international process, NIST announced the first PQC standards in 2024, and for years companies and research centers have been working on the transition.
“Store now, decrypt later”: they capture encrypted data today to decrypt it later when quantum computing makes it possible.
What is industry doing and why it matters?
Companies like Google have been testing PQC since 2016, experimenting with implementations and rolling capabilities into products and infrastructure. The key approach is called crypto agility: the ability to swap encryption algorithms without paralyzing services.
This isn’t just technical. It’s coordination among cloud providers, certificate authorities, governments and security teams. Without that coordination the transition could be fragmented and slow, leaving gaps attackers can exploit.
Five actions experts propose (and you should know)
-
Push at the social and critical infrastructure level: energy, telecommunications and health should prioritize the transition. If infrastructure fails, trust fails.
-
Ensure artificial intelligence is designed with
PQCin mind: AI models and data also rely on keys and certificates; protecting that foundation protects innovation. -
Reduce global fragmentation: adopting consensus standards like NIST’s speeds migration and avoids piecemeal solutions.
-
Promote cloud-based modernization: moving legacy systems to the cloud can be more economical and secure than patching old components with embedded cryptography.
-
Rely on experts to avoid strategic surprises: a
CRQCcould arrive sooner than expected. Keeping a constant dialogue with the scientific community and specialized teams is essential.
What you can do today (if you're a company, organization or user)
-
If you run a company or institution: inventory systems that depend on public keys, prioritize critical assets and design a migration plan with
crypto agility. -
If you work in tech or security: start testing PQC algorithms and seek external support (cloud providers, academic consultants) so you don't reinvent the wheel.
-
If you're an everyday user: keep your devices and apps updated and prefer services that are transparent about their post-quantum strategy. You don't need to become a cryptographer to demand clarity.
Final reflection
Quantum computing offers enormous opportunities, but we shouldn’t wait until the problem is immediate to act. Preparing today reduces the chance that tomorrow’s advances become vulnerabilities. Ready to act together and turn this change into secure progress?