Cryptographically relevant quantum computers (CRQCs) are rapidly approaching, with the potential to disrupt major digital critical infrastructure around the world. Researchers believe that CRQCs, quantum computers capable of bypassing current cryptographic algorithms used in digital communications, could emerge within the next 10 to 20 years, if not sooner. 

CRQCs pose a significant threat to the security of today’s cryptographic standards and algorithms. Traditional encryption methods rely on the complexity of certain mathematical problems, like factoring large numbers or solving discrete logarithms, being computationally infeasible for computers. However, CRQCs can solve these problems exponentially faster than today’s computers. 

This means that once CRQCs are operational, they could easily break the encryption protecting everything from online transactions to government communications, rendering current cryptographic methods obsolete. To stay ahead of this threat, new cryptographic standards that can withstand the power of quantum computing must be developed and deployed.

To hear more about the challenges with CRQCs, join the Cybersecurity Coalition and Cyber Threat Alliance in Brussels for the second annual CyberNext BRU conference on 5 March at the Stanhope Hotel. The event offers a range of sessions addressing today’s most pressing cybersecurity challenges, including a Fireside Chat discussing the PQC transition with MEP Bart Groothuis (Renew - Netherlands).

The conversations will look at work done by the European Union, the United States, and other key stakeholders who have started development of post quantum cryptography (PQC) algorithms and standards and are prioritizing their implementation. In November 2024, partners from 18 EU member states issued a joint statement, entitled Securing Tomorrow, Today: Transitioning to Post-Quantum Cryptography. In the statement, the signatories urged public administration, critical infrastructure providers, IT providers, and industry to make the transition to post-quantum cryptography a top priority. It also announced the creation of a Work Stream on PQC co-chaired by the Netherlands, Germany, and France within the NIS Cooperation Group, following the Commission’s April 2024 Recommendations document.

The U.S. National Institute of Standards and Technology (NIST) has released several Post-Quantum Encryption Standards. These algorithms belong to NIST’s larger PQC standardization project, and are ready for immediate use.

It is crucial that adoption of PQC algorithms starts now for many reasons, including two widely accepted threats to delaying adoption. First is the threat of the “store-now, decrypt-later” scenario in which adversaries store encrypted data until a CRQC can decrypt it. For important systems containing confidential information, updating to PQC standard algorithms now will protect critical information from future decryption. 

Second is the inherent long migration period for new encryption standards. Previously, a full cryptographic transition has taken up to a decade to complete. For example, NIST adopted a symmetrical algorithm standard in 2001, yet the average adoption year for surveyed organizations was 2014. Relevant entities should implement PQC now, beginning with the most important data and systems, with the understanding that a full migration will take time. 

‍