News:

Welcome to Qday.forum  :: Be kind, courteous and help other people.

Main Menu

What happens to all the data encrypted today when quantum computers arrive? A practical timeline for the threat.

Started by Chris27, May 30, 2026, 11:23 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Topic: What happens to all the data encrypted today when quantum computers arrive? A practical timeline for the threat.   Views(Read 83 times)
Print
Go Down Pages1
User actions

Chris27

May 30, 2026, 11:23 PM
The quantum cryptography threat is often discussed as if it is a single event that either happens or does not. The reality is a spectrum of threats with different timelines.

The threat to symmetric encryption like AES-256 is minimal because Grover's algorithm only halves the effective key length. AES-256 becomes effectively AES-128 against a quantum attacker, still secure by current standards.

The threat to asymmetric encryption like RSA and elliptic curve cryptography is existential once a sufficiently large quantum computer exists. Shor's algorithm breaks both in polynomial time. This is the Q-Day scenario.

The timeline: harvest now decrypt later attacks are happening now against high-value targets. The GQI worst case for ECC-256 offline decryption is three years from today. The most likely estimate for broadly accessible quantum computers capable of breaking RSA-2048 is 2032 to 2036. The NIST deprecation timeline calls for vulnerable algorithms to be deprecated after 2030
rm -rf /bad-ideas

DarkEnergy27

#1
May 30, 2026, 11:23 PM
AES-256 being relatively safe while RSA and ECC are existentially threatened is the distinction that most non-specialists miss. Not all encryption is equally exposed to quantum attack

Current

#2
May 30, 2026, 11:23 PM
The GQI three-year worst case being for offline decryption of already-captured data is the nuance that changes the urgency calculation. The attack on your current session is further away than the attack on what was captured last year

HeartbreakKidStinger64

#3
May 30, 2026, 11:24 PM
The NIST deprecation after 2030 date combined with 2032-2036 most likely Q-Day creates a tight window. Organisations that wait until 2028 to start PQC migration will be migrating under pressure
git commit -m "fixed everything"

Dylan

#4
May 30, 2026, 11:24 PM
Harvest now decrypt later against interbank communications as today's CoinDesk article describes is the active present-tense attack even if Q-Day is years away. The urgency is real now
My team is always one signing away

Brittle Coder

#5
Jun 01, 2026, 01:39 AM
Symmetric versus asymmetric is the key technical distinction. Your AES encrypted backup drives are relatively safe. Your RSA signed communications and ECDH key exchanges are the vulnerable category

Forge37

#6
Jun 01, 2026, 01:04 PM
The NIST standards existing since August 2024 means the algorithm problem is solved. The migration problem is the remaining challenge and it is measured in years not days for large organisations
VAR can do one
Print
Go Up Pages1
User actions