top of page

Part 2: Breaking the Code—How Quantum Threatens Today’s Encryption

  • Writer: Bridge Connect
    Bridge Connect
  • Jul 7
  • 3 min read

Quantum computing doesn’t need to become mainstream to become dangerous. Once it reaches a certain threshold of capability—potentially within a decade—it will compromise the cryptographic systems that underpin digital identity, financial transactions, secure communications, and national defence. This article explores why traditional encryption is vulnerable to quantum attack, what adversaries are doing today to prepare for that future, and what boards and policymakers must prioritise to protect strategic assets and long-lived data.


1. The Foundation of Digital Trust: Today’s Encryption Landscape

Most modern digital systems depend on public key cryptography (PKC). Techniques like RSA, elliptic curve cryptography (ECC), and Diffie-Hellman (DH) allow parties to exchange information securely over insecure networks. These methods rely on the mathematical difficulty of certain problems:

  • RSA: Factoring large composite numbers

  • ECC: Solving elliptic curve discrete logarithm problems

  • DH: Computing discrete logarithms in finite fields

In classical computing, these problems are practically unsolvable at sufficient key lengths. But quantum computing changes that assumption.


2. The Quantum Threat: Why PKC Is at Risk

In 1994, mathematician Peter Shor developed a quantum algorithm that can efficiently solve the factoring and discrete logarithm problems. If a large enough quantum computer were built, Shor’s Algorithm would allow an attacker to break RSA, ECC, and DH in hours or minutes.

This isn’t just theoretical:

  • RSA-2048, widely used in VPNs and TLS, is estimated to fall to quantum attack with around 4,000 fault-tolerant qubits.

  • ECC, used in blockchain and mobile authentication, is even more susceptible due to shorter key lengths.

Adversaries aren’t waiting. State-sponsored actors are believed to be harvesting encrypted traffic now, storing it for future decryption when quantum capabilities mature.


3. Harvest Now, Decrypt Later: The Quiet Arms Race

The concept is straightforward: intercept sensitive data today—diplomatic cables, trade secrets, financial records—and store it until quantum computers are capable of breaking the encryption.

While these data are protected by classical encryption today, they may still hold value when eventually decrypted:

  • Military plans and troop movement archives

  • Proprietary R&D or IP

  • Identity credentials that enable persistent access

Nation-state cyber programs in China, Russia, and others are suspected of engaging in long-term quantum preparation by stockpiling encrypted data and investing heavily in quantum research.


4. What’s at Stake: Vulnerable Systems and Sectors

Quantum decryption threatens a broad swathe of infrastructure:

  • Telecoms: SIM authentication, network access protocols, GNSS timing.

  • Finance: Interbank communications (e.g., SWIFT), digital signatures, blockchain keys.

  • Energy and utilities: SCADA systems with VPN protection.

  • Healthcare and government: Long-term medical records, identity systems, secure cloud platforms.

Encryption isn't merely a privacy feature—it's a foundational assumption for operational integrity and institutional trust. Its failure would cascade through every digital interaction.


5. Time Horizons: When Will This Happen?

Forecasts vary, but consensus is forming around a 5–20 year window for a cryptographically relevant quantum computer (CRQC):

  • IBM and IonQ predict substantial breakthroughs by 2030.

  • NSA guidance urges transition planning now, not later.

  • Google’s estimates suggest Shor-capable systems may emerge before 2035.

Importantly, these dates do not reflect when action should begin. The risk exists today due to the deferred consequences of harvest-now tactics.


6. Strategic Responses: What Boards and Leaders Must Do

This threat demands an executive response. Security teams alone cannot resolve systemic encryption risk. Boards and C-suites must:

  • Inventory cryptographic dependencies: Where is RSA, ECC, or DH embedded?

  • Assess data retention risk: What needs to stay secure for 10–20+ years?

  • Engage vendors and partners: Are your supply chains quantum-aware?

  • Demand algorithm agility: Can your systems swap crypto algorithms without overhaul?

These aren’t just technical adjustments. They require governance, funding, and oversight.


"Quantum computers don’t have to exist yet to pose a threat. Encrypted data is already being harvested for decryption in the post-quantum era. The risk is deferred, not distant."

Footnotes and References

  1. Shor, Peter W. (1994). Algorithms for Quantum Computation: Discrete Logarithms and Factoring. https://doi.org/10.1109/SFCS.1994.365700

  2. NSA CNSA 2.0 Migration Timeline: https://media.defense.gov/2022/Sep/07/2003065093/-1/-1/0/CSI_CNSA_2.0_FACT_SHEET.PDF

  3. Google Quantum Risk Estimate: https://quantumai.google/cirq/education/why-quantum/

  4. PQC and CRQC Timelines: https://www.gao.gov/assets/gao-21-104500.pdf

  5. RAND Corp: Security Implications of Quantum Computing: https://www.rand.org/pubs/research_reports/RR3102.html


Next in the Series: Part 3 — Anatomy of Post-Quantum Cryptography (PQC)

Related Posts

See All

Subscribe for more Insights

Thanks for submitting!

bottom of page