GuardingPearSoftware Logo

How Quantum Computers Will Break Encryption, and What to Do About It

Quantum computers will break widely used encryption systems like RSA, ECC, and Diffie-Hellman through Shor’s algorithm, and weaken symmetric algorithms like AES via Grover’s algorithm. To stay secure, organizations must adopt post-quantum cryptography (PQC) standards, such as Kyber and Dilithium, and begin transitioning now to hybrid cryptographic systems that resist both classical and quantum attacks.

By Tim Uhlott|Last updated: August 2, 2025|6 minutes read
cybersecurityencryptionquantum computing
How Quantum Computers Will Break Encryption, and What to Do About It
When large quantum computers finally arrive, they will fundamentally change how we approach security and the cryptographic algorithms that we rely on today.

1. End of the Road for RSA, ECC, DH by Shor’s Algorithm

Quantum computers running Shor’s algorithm can break the mathematical problems at the foundation of most public-key systems in use today:
  • It factors 2048-bit RSA keys in polynomial time.
  • It solves the discrete logarithm problem for Diffie-Hellman and elliptic-curve cryptography.
Once a fault-tolerant quantum machine with thousands (or millions) of logical qubits exists, all systems depending on RSA, DSA, ECDSA, or ECDH will become insecure instantly (Tech Monitor, arXiv). This means that secret exchanges, digital signatures, VPN tunnels, SSH keys, and blockchain wallets could be broken.

2. Symmetric Ciphers and Hashes Lose Half Their Security Strength, Grover’s Algorithm

Grover’s algorithm speeds up brute-force searches, like guessing AES keys or reversing hash functions, by giving a quadratic speed-up. The result:
  • AES-128 drops from 128-bit to 64-bit security.
  • AES-256 drops to 128-bit security, still acceptable for most data in the long term.
Doubling the key length, for example upgrading to AES-256 and SHA-512, is the best defense for symmetric tasks (PostQuantum.com, Encrypthos). Be aware that any system still using keys under 128-bit becomes dangerously weak in a post-quantum world.

3. The New Ecosystem: Post-Quantum Cryptography (PQC)

To replace vulnerable public-key systems, researchers are standardizing a fresh set of algorithms that resist both classical and quantum attacks. By August 2024, NIST finalized its first three PQC standards:
  • CRYSTALS-Kyber (now called ML-KEM): general encryption / key encapsulation (TLS, e-mail, VPN).
  • CRYSTALS-Dilithium (ML-DSA): lattice-based digital signatures.
  • SPHINCS+ (SLH-DSA): hash-based backup signature method (NIST, Fortinet).
In March 2025, HQC, based on error-correcting codes, was chosen as a backup public-key algorithm, expected to be standardized by 2027 (Reddit). Other promising approaches include NTRU (used by OpenSSH since 2022), multivariate cryptography, and code-based schemes (isaca.org, Fortinet).

4. What This Means in Practice

Store-now-decrypt-later

Encrypted data intercepted today, no matter how strong, could be recorded and later decrypted once a quantum-capable adversary obtains a working machine. Critical organisations handling health, government, intellectual property, and legal data must act now.

Crypto agility and migration

  • Start migrating TLS, VPN, SSH, and document signing systems to PQC-hybrid and eventually PQC×PQC modes.
  • Hybrid mode (e.g. combining X25519 with Kyber in a key agreement) is seen as prudent; Signal’s PQXDH protocol is an example (Wikipedia).
  • Vendor tools such as OpenSSL 3.2 and Windows 2025+ are including PQC algos.
Complete transition could take 5-10 years; larger organisations should proceed even faster.

5. Physical Security of Keys: Quantum Key Distribution (QKD)

While PQC protects the math, QKD offers complimentary protection at the physical layer:
  • Quantum key distribution encodes keys into photons so any eavesdrop attempt is detectable.
  • In April 2025, Toshiba Europe demonstrated twin-field QKD over 254 km of standard fibre between Frankfurt and Kehl, without cryogenic cooling (Tech Monitor, spectrum.ieee.org).
  • UK start-up KETS is embedding QKD modules inside telecom switches in BT’s test network (Tech Monitor).
QKD is compelling for infrastructures that need keys generated within a secure enclave or for layered defence in highly regulated industries, but it is not yet a full replacement for PQC because of cost, complexity, and integration challenges.

6. Updating Common Algorithms , What to Do Now

Algorithm / ProtocolStatus TodayQuantum-Safe Replacement
RSA-2048 or ECDSA/ECDHBroken by Shor’s algorithmUse Kyber (key exchange), Dilithium or SPHINCS+ (signatures)
AES-128, MD5/SHA-256Weakened by Grover’s algorithmMove to AES-256, SHA-384 or SHA-512
Diffie-Hellman handshakesCompromised by quantum attackersMigrate to PQKEM like Kyber or hybrid approach
Digital SignaturesFalsifiable by quantum forgersUse PQ signature schemes: Dilithium, FALCON, SPHINCS+

Final Word

A quantum-safe future isn’t just about building hardware, it is about re-engineering trust. Shor’s and Grover’s algorithms change the game completely. The clock is already ticking in large organisations, and from 2025 onwards, NIST-approved PQC will be the foundation of secure systems. Wherever possible, start developing migration strategies today, use PQC hybrid modes early, and revisit your key lifetimes. Security is no longer just software or network, it is a race against the quantum clock.
Newsletter

Stay in the Loop.

Subscribe to our newsletter to receive the latest news, updates, and special offers directly in your inbox. Don't miss out!