Beginner's guide to quantum encryption: what it is, what it protects against, and why you might already need to care

[RadekVítek]

Quantum encryption is one of those terms that appears in security news with increasing frequency and almost zero useful explanation. This guide covers what it actually means, how it is different from regular encryption, and the part that most people do not know: why some of it is already real and deployed.

There are two separate things people call quantum encryption and they are easy to confuse.

The first is quantum key distribution, or QKD. This uses the physical properties of individual photons to share an encryption key between two parties in a way that is theoretically impossible to intercept without being detected. China operates a 2000 kilometre QKD network connecting major cities. The EPB quantum hub in Chattanooga and Europe's EuroQCI initiative are building similar infrastructure. This technology exists and works today. It requires new physical infrastructure, fibre or free space optical links, and it does not replace regular encryption so much as add a layer of key sharing that cannot be secretly copied.

The second is post-quantum cryptography, often shortened to PQC. This is classical encryption, running on normal computers, but using mathematical problems that quantum computers cannot solve efficiently. NIST in the United States finalised four post-quantum cryptographic standards in August 2024. This is the one most organisations need to start thinking about right now because existing encryption is at risk from future quantum computers.

The threat model goes like this. Quantum computers powerful enough to break current encryption do not exist yet. The honest expert estimate is seven to fifteen years. But data being collected and stored today, medical records, intelligence communications, financial records, can be held and decrypted later when the computers exist. This is called harvest now decrypt later and it is the reason urgency is front-loaded relative to the actual threat.

What should you do right now? If you are an individual the answer is limited but real. Use end-to-end encrypted messaging apps, use a password manager, keep software updated. If you are responsible for any organisation's data or security, start a cryptographic inventory of what algorithms you use and read the NIST PQC standards

[Quanta]

The harvest now decrypt later concept is the thing that changes how urgent this feels. The attack is happening now even though the capability does not exist yet

[Ruby_50]

QKD versus PQC is the distinction I have been trying to explain to my organisation for months. This framing is much cleaner than anything I have used

[Forge89]

Is QKD actually practical for most businesses or is this a government and critical infrastructure technology

[Fan]

Mostly critical infrastructure and high security government applications right now. The physical infrastructure cost is significant and the distance limitations require repeater networks. Not practical for a small business

[Oscar73]

The NIST standards finalised last year are the practical answer for most organisations. PQC can run on existing hardware with a software update. QKD requires new physical links

[Slate Mike]

How long do most organisations have before current encryption is actually at risk

[Delulu66]

For most data: longer than the headlines suggest. For data that needs to stay secret for 15 or more years: act now. The timeline depends entirely on what you are protecting and for how long

[Harry64]

Google Chrome has had ML-KEM hybrid key exchange enabled by default since version 124. If you are using Chrome your browser is already doing post-quantum key exchange for HTTPS connections

[Bussin]

That browser fact is the one that makes it feel real rather than theoretical. The migration is already underway in the infrastructure most people use every day

[Fox]

Can someone explain what harvest now decrypt later means for end-to-end encrypted messages specifically

[Ridge]

If someone recorded your encrypted Signal messages today and a quantum computer is built in 2033, they could potentially decrypt those 2026 messages retroactively. Signal is already rolling out post-quantum protections in response to this