A quantum computer fundamentally breaks today's encryption.
Imagine locking your front door with a lock that anyone can open in seconds with a special magnet. That is exactly what happens with current public-key methods (the mathematical methods that have so far guaranteed secure data exchange on the internet) like RSA or those based on elliptic curves (ECC) once a powerful quantum computer exists. In these public-key methods (encryption with a key pair: a public one for encrypting and a private one for decrypting) such as RSA or ECC, the methods rely on mathematical problems that classical computers can only solve with enormous effort. A quantum computer, however, uses the laws of quantum mechanics to crack these problems in seconds. This affects not only the encryption of emails or websites but also digital signatures that verify the identity of senders.
The good news: alternatives already exist. Post-quantum cryptography (PQC) is a class of cryptographic methods that remain secure even when attackers have a powerful quantum computer. They are based on different mathematical foundations, such as lattices (mathematical structures arranged like a grid of points in space, where certain computational problems remain extremely hard even for quantum computers) or hash functions (one-way functions that turn any data into a unique, short 'fingerprint' that cannot be reversed), which remain hard for quantum computers to solve. The transition is complex but feasible. Those who start today secure their data for the future.
What is the harvest-now-decrypt-later (HNDL) problem?
„Harvest now, decrypt later“ (HNDL) is an attack scenario where actors intercept and store encrypted data today in order to decrypt it later with quantum computers. A quantum computer that breaks RSA or ECC may still be several years away. But that is no reason for complacency. Attackers can already intercept and store encrypted data today. As soon as a quantum computer becomes available, they can decrypt this data retroactively. This scenario is called 'harvest now, decrypt later' (HNDL). It affects all information that must remain secret for a long time: medical records, patents, government documents, or trade secrets.
The question is not whether a quantum computer will arrive, but when. Estimates from experts like the German Federal Office for Information Security (BSI) and the National Institute of Standards and Technology (NIST) suggest a timeframe of 10 to 20 years. For many companies, this means that data encrypted today must still be secret in 20 years. So anyone who does not switch to PQC now risks that today's secrets will be exposed tomorrow.
Our position: migration must start immediately. We consider the HNDL problem to be the most urgent security policy challenge of the next decade. Companies that start planning today have a decisive advantage.
Which NIST standards for PQC exist?
In August 2024, NIST published three final standards for post-quantum cryptography. These standards define concrete algorithms that companies can use now. The most important ones are:
| Standard | Algorithm | Purpose | Replaces | Properties |
|---|---|---|---|---|
| FIPS 203 | ML-KEM | Key exchange (secure establishment of a shared secret between two parties) | Kyber | Efficient, for encryption |
| FIPS 204 | ML-DSA | Digital signatures (verification of sender identity) | Dilithium | Fast, for signatures |
| FIPS 205 | SLH-DSA | Digital signatures (alternative, particularly robust signature) | SPHINCS+ | Robust, more computationally intensive |
The BSI recommends using these standards in hybrid schemes. This means a classical method (such as ECC) and a PQC method (such as ML-KEM) are used together. This way, security is maintained even if a PQC algorithm later turns out to have a vulnerability. Hybrid migration is the pragmatic path we recommend for getting started.
How does PQC migration succeed in 3 steps?
The switch to PQC is not a simple update. It requires a fundamental review of all cryptographic methods in use. The first step is a crypto inventory: which algorithms are used where? This includes not only encryption and signatures but also certificates, VPNs, email security, and IoT devices. Many companies lack a complete overview of their cryptographic infrastructure.
- Crypto inventory: Record all cryptographic methods in use, from encryption and signatures to certificates and IoT devices.
- Crypto-agility: Build the ability to exchange algorithms without rebuilding the entire system architecture. It requires modular interfaces, clearly defined junctions between software components where an algorithm can be swapped out, like a power socket you can plug a different device into.
- Prioritization by protection duration: Data that must remain secret for a particularly long time has priority. This includes personal data under GDPR, trade secrets, and security-relevant information. For this data, we recommend the immediate use of hybrid methods. For less critical systems, migration can happen later, but planning should start now.
Our position: hybrid migration is the only sensible path. It combines the security of proven methods with protection against quantum attacks. Companies that start with the inventory now create the basis for an orderly transition.
The outlook: those who act now secure a competitive advantage.
Post-quantum cryptography is not distant future music. It is a concrete requirement that affects companies today. The NIST standards are available, the threat from HNDL is real. Those who start migration now not only protect their data but also position themselves as a trustworthy partner. Customers and business partners expect that sensitive information will still be secure in 20 years.
At Mountain Road, we support companies in analyzing their cryptographic infrastructure and planning migration. Our approach is pragmatic: we start with a crypto inventory, prioritize by protection duration, and rely on hybrid methods. This ensures that the transition is controlled and secure.
The time to act is now. Those who wait until the quantum computer is at the door have already lost.