Post-Quantum Cryptography: Why Companies Need to Act Now

1 min Reading Time

Quantum computers capable of breaking current public-key encryption do not yet exist in sufficient strength. But the “Harvest Now, Decrypt Later” concept makes post-quantum security an urgent issue: Attackers are collecting encrypted data today to decrypt it once quantum computers are powerful enough. This is a real threat for long-lasting secrets.

TL;DR

• NIST PQC Standards finalized (2024): CRYSTALS-Kyber (key exchange) and CRYSTALS-Dilithium (signatures) are the new standards.
• “Harvest Now, Decrypt Later”: Attackers are collecting encrypted data today – this is relevant for secrets with a protection need of 10+ years.
• Migration takes years: Cryptography migration is complex – all systems, all certificates, and all protocols must be adapted.
• Crypto-Agility as the goal: Architectures that can easily switch to new algorithms are the right approach.
• Timeline: Experts estimate “Cryptographically Relevant Quantum Computer” (CRQC) earliest 2030-2035.

Why the Threat is Real – Even Without Today’s Quantum Computers

The argument for early action is not “Quantum computers are breaking your encryption today.” It is “Harvest Now, Decrypt Later”: Intelligence services and well-equipped attackers are collecting encrypted data traffic today, storing it, and waiting for the next generation of quantum computers.

For which data is this relevant? State secrets (obviously), but also: Medical data with long-term protection requirements, financial transactions with long-term archiving, business secrets with lasting competitive relevance, and digital signatures on documents that need to be valid for decades.

NIST Post-Quantum Standards: What Applies Now

In August 2024, NIST published the first final post-quantum cryptography standards:

FIPS 203 (CRYSTALS-Kyber / ML-KEM): Key Encapsulation Mechanism – replaces RSA and Diffie-Hellman for secure key exchange.

FIPS 204 (CRYSTALS-Dilithium / ML-DSA): Digital signatures – replaces RSA signatures and ECDSA.

FIPS 205 (SPHINCS+ / SLH-DSA): Hash-based signature scheme as an alternative, particularly conservative and well-analyzed.

These standards are the basis for all migrations. TLS, VPNs, code signing, PKI certificates – all must be transitioned to these algorithms in the long term.

What Companies Can Do Now

Create a cryptography inventory: Which cryptographic methods are used where? RSA key sizes, ECC curves, hash functions, protocols (TLS version, cipher suites). No migration without an inventory.

Plan crypto-agile architecture: Design systems so that algorithm exchange is possible without complete redevelopment. Algorithm abstraction in code, configurable cipher suites, modular PKI components.

Set priorities: Long-lasting secrets first. Data that will still be worth protecting in 2030 needs PQC protection today. Short-lived session keys are less urgent.

Consult suppliers: Which manufacturers offer PQC support in which products and when? Obtain roadmaps from VPN, PKI, HSM, and TLS stack manufacturers.

Key Facts at a Glance

NIST PQC Standards finalized: August 2024 (FIPS 203, 204, 205)

Estimated CRQC timeframe: Earliest 2030-2035 (BSI, NIST, BIS)

Algorithms that will be broken: RSA, ECC, DH – all based on asymmetric cryptography

Secure post-quantum algorithms: CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+ (NIST-finalized)

Estimated migration duration: 5-10 years for complete enterprise migration

Fact: In August 2024, NIST finalized the first post-quantum cryptography standards with FIPS 203 (ML-KEM) and FIPS 204 (ML-DSA) – companies should plan the migration now.

Fact: According to a Munich Re study, 61% of surveyed companies are not yet prepared for post-quantum cryptography, although they rate the risk as “high.”

Frequently Asked Questions

What does “Cryptographically Relevant Quantum Computer” (CRQC) mean?

A quantum computer with sufficiently stable qubits (estimate: several million error-corrected logical qubits) to break RSA-2048 in a reasonable time. Today’s quantum computers have a few hundred to a thousand physical qubits – far from CRQC.

Is AES threatened by quantum computers?

Only partially. Grover’s algorithm halves the effective key length of symmetric methods. AES-256 is reduced to AES-128 level with quantum computers – still secure. AES-128 is reduced to 64-bit security level – critically important in the long term. Recommendation: Use AES-256.

What is crypto-agility?

Crypto-agility is the ability to quickly exchange cryptographic algorithms in a system without redeveloping the overall architecture. It is the opposite of “algorithm hardcoding.” Crypto-agile systems can respond to new threats or new standards without complete redevelopment.

Do we need to migrate immediately?

Not immediately, but start now. Immediate action required: Create crypto inventory, develop PQC roadmap, identify long-lasting secrets. Begin technical migration in 2-3 years when products offer PQC support. Aim for complete migration by 2030.

Which German authorities provide guidance on PQC?

The BSI (Federal Office for Information Security) has published extensive technical guidelines on post-quantum cryptography (TR-02102). These provide clear recommendations on algorithms, key lengths, and migration paths. Available for free at bsi.bund.de.

Further Articles on the Topic

→ CNAPP and CSPM 2025: Building Cloud-Native Security Correctly

→ Zero Trust for SMEs

Further Reading in the Network

Technology Innovations: cloudmagazin.com

Future Technologies: mybusinessfuture.com

Related Articles

• Post-Quantum Cryptography and Bitcoin: Security Architecture of the Future
• Cryptography in Everyday Life: How Bitcoin Technology Inspires the Security Industry
• Cybersecurity Trends 2026: The 7 Most Important Developments for Companies

More from the MBF Media Network

cloudmagazin | MyBusinessFuture | Digital Chiefs

Header Image Source: Pexels / Markus Winkler

About the author: Tobias Massow

More articles by Tobias Massow