How Quantum Computers Will Break Encryption, and What to Do About It
Quantum computers will break widely used encryption systems like RSA, ECC, and Diffie-Hellman through Shor’s algorithm, and weaken symmetric algorithms like AES via Grover’s algorithm. To stay secure, organizations must adopt post-quantum cryptography (PQC) standards, such as Kyber and Dilithium, and begin transitioning now to hybrid cryptographic systems that resist both classical and quantum attacks.
By Tim Uhlott|Last updated: August 3, 2025|6 minutes read
cybersecurityencryptionquantum computing
When large quantum computers finally arrive, they will fundamentally change how we approach security and the cryptographic algorithms that we rely on today.
1. End of the Road for RSA, ECC, DH by Shor’s Algorithm
Quantum computers running Shor’s algorithm can break the mathematical problems at the foundation of most public-key systems in use today:- It factors 2048-bit RSA keys in polynomial time.
- It solves the discrete logarithm problem for Diffie-Hellman and elliptic-curve cryptography.
2. Symmetric Ciphers and Hashes Lose Half Their Security Strength, Grover’s Algorithm
Grover’s algorithm speeds up brute-force searches, like guessing AES keys or reversing hash functions, by giving a quadratic speed-up. The result:- AES-128 drops from 128-bit to 64-bit security.
- AES-256 drops to 128-bit security, still acceptable for most data in the long term.
3. The New Ecosystem: Post-Quantum Cryptography (PQC)
To replace vulnerable public-key systems, researchers are standardizing a fresh set of algorithms that resist both classical and quantum attacks. By August 2024, NIST finalized its first three PQC standards:- CRYSTALS-Kyber (now called ML-KEM): general encryption / key encapsulation (TLS, e-mail, VPN).
- CRYSTALS-Dilithium (ML-DSA): lattice-based digital signatures.
- SPHINCS+ (SLH-DSA): hash-based backup signature method (NIST, Fortinet).
4. What This Means in Practice
Store-now-decrypt-later
Encrypted data intercepted today, no matter how strong, could be recorded and later decrypted once a quantum-capable adversary obtains a working machine. Critical organisations handling health, government, intellectual property, and legal data must act now.Crypto agility and migration
- Start migrating TLS, VPN, SSH, and document signing systems to PQC-hybrid and eventually PQC×PQC modes.
- Hybrid mode (e.g. combining X25519 with Kyber in a key agreement) is seen as prudent; Signal’s PQXDH protocol is an example (Wikipedia).
- Vendor tools such as OpenSSL 3.2 and Windows 2025+ are including PQC algos.
5. Physical Security of Keys: Quantum Key Distribution (QKD)
While PQC protects the math, QKD offers complimentary protection at the physical layer:- Quantum key distribution encodes keys into photons so any eavesdrop attempt is detectable.
- In April 2025, Toshiba Europe demonstrated twin-field QKD over 254 km of standard fibre between Frankfurt and Kehl, without cryogenic cooling (Tech Monitor, spectrum.ieee.org).
- UK start-up KETS is embedding QKD modules inside telecom switches in BT’s test network (Tech Monitor).
6. Updating Common Algorithms , What to Do Now
| Algorithm / Protocol | Status Today | Quantum-Safe Replacement |
|---|---|---|
| RSA-2048 or ECDSA/ECDH | Broken by Shor’s algorithm | Use Kyber (key exchange), Dilithium or SPHINCS+ (signatures) |
| AES-128, MD5/SHA-256 | Weakened by Grover’s algorithm | Move to AES-256, SHA-384 or SHA-512 |
| Diffie-Hellman handshakes | Compromised by quantum attackers | Migrate to PQKEM like Kyber or hybrid approach |
| Digital Signatures | Falsifiable by quantum forgers | Use PQ signature schemes: Dilithium, FALCON, SPHINCS+ |