Harvest Now, Decrypt Later: Hackers are mass-harvesting our encrypted data, waiting for the arrival of quantum computers. The web is no longer secure, and it’s time to understand why.
Imagine a burglar breaks into your home. He doesn't touch your jewelry or steal any cash. Instead, he simply grabs your safe, still locked, and walks away. Why? Because he knows he doesn't have the key yet, but a "universal grinder" will be invented in 5 or 10 years. This day has a name: Q-Day. It will mark the day when all your secrets, from bank accounts and medical records to trade secrets, will be pried open as easily as a tin can.
This safe, in our digital world, is represented by Encryption, the virtual lock that keeps your sensitive data hidden from prying eyes, at least for now…
What is Encryption?
At its core, Encryption is the mechanism that turns readable information, often containing sensitive Personally Identifiable Information (PII) or strategic Organizational Intellectual Property (IP), into an unreadable string of data known as ciphertext. This process involves passing plain text through an algorithm using a specific mathematical key.
Think of it like a public mailbox: anyone can drop a letter inside using your Public Key, but only you, the owner, have the Private Key required to open the box and read the message. It can only be turned back into Plain Text by using the corresponding Private Key. This allows data to be transmitted across public networks or stored in databases without the fear of an attacker reading its content.
Every day, we rely on this technology for all sorts of critical business transactions. Cryptography works because these algorithms are built on hard mathematical problems that even the most advanced supercomputers today cannot solve in a thousand years.
Inside the Algorithm
Most modern encryption relies on what mathematicians call trapdoor functions. These are operations that are easy to perform in one direction but almost impossible to reverse without a specific piece of information, the Private Key. Let’s deep dive into these digital locks, which are virtually unbreakable with today’s technology.
A. Prime Factorization (RSA)
This is the foundation of algorithms like RSA. The principle is simple to understand but impossible to break. For instance, factoring the number 21 into its prime components, 3 and 7, is something a child can do. However, trying to factor a number with 1024 digits into its original prime components is a task that even a modern supercomputer cannot solve in a human lifetime. The mathematical effort required grows exponentially with the size of the number.
B. The Discrete Logarithm Problem (ECC)
This is the engine behind Elliptic Curve Cryptography (ECC). This method uses the complex geometric properties of curves to secure data. Imagine a game of "Mathematical Pool" on a curve:
The Process (Easy): You start at Point A. You "hit" the ball against the curve to land on Point B, then C, and so on, exactly 1,457,892 times. Your final position is Point P. A computer can do these jumps instantly.
The Challenge (Impossible): You show a computer Point A and Point P. Then ask it to find the secret number of jumps (1,457,892). It has no shortcut. The computer must test every possibility one by one.
These two mathematical walls, factorization and discrete logarithms, are the only reasons your secrets remain secrets.
“Technology evolves at a speed that requires constant adaptation. Models considered unbreakable today are not eternal, a reality that history has already proven many times.”
Breaking the Enigma
In 1940, Alan Turing and his team accomplished the impossible: decoding messages from the Enigma machine used during World War II. This mechanical masterpiece is widely considered the ancestor of modern cryptography, as it paved the way for the algorithmic logic and computational power we use to protect data today. Historians estimate that by breaking this secret, they shortened World War II by two to four years.
The most chilling part of this story is that the German high command remained convinced until the very end of the war that their communications were impenetrable. They were operating in total transparency, unaware that their "secure" messages were being read in real-time. Today, we are living in a similar state of misplaced confidence. Facing the next challenge in cryptography is not a choice, it is a strategic imperative. In an age where data is the most valuable asset, PQC readiness is the only way to ensure an organization’s survival when Q-Day arrives.
Inside the Quantum Engine
“If you think you understand quantum mechanics, you don't understand quantum mechanics."
In our classical world, everything is binary: a coin is either Heads OR Tails. A cat is Alive OR Dead. This same logic applies to the computers we use every day. Every device is essentially a massive addition of zeros and ones known as bits. Combined together, these bits allow you to run your applications, view your pictures, and navigate the digital world. In this model, a bit is strictly a zero or a one, never both at once.
The quantum computer breaks these classical rules through the principle of superposition. In the quantum world, states overlap, allowing a qubit to be both zero and one at the same time.
To return to our examples, The coin spins so fast that it is both Heads AND Tails at the same time. Schrödinger's cat, in its iron box, is both dead AND alive as long as it hasn't been observed.
You can see where this is going: if these famous qubits can be two things at once, it means they can test encryptions simultaneously. This effect is exponential for every qubit in the machine, turning our old mathematical problems into child's play.
Shor’s Algorithm
In 1994, Peter Shor proved that quantum computing could dismantle the very foundations of modern security. His algorithm is what we call a hybrid algorithm, combining classical processing with quantum power to find the "order" of a mathematical function.
While it would take a classical computer approximately 3 million years to factor a 1024-bit number, a quantum computer with sufficient stable qubits could achieve this in just 3 minutes. By transforming exponential problems into polynomial ones, Shor's algorithm renders the universal padlock of the Internet obsolete, threatening key exchange, digital signatures, and global data privacy.
From Theoretical to Practical Use
If Shor's algorithm is so devastating, why is the Internet still functioning? The answer lies in the gap between mathematical theory and hardware stability.
Today, qubits are extremely "noisy" and fragile. Any minor change in temperature or vibration causes them to lose their quantum state, a phenomenon called decoherence. To break a modern RSA 2048 key, we would need roughly 20 million physical qubits to create a few thousand logical and stable qubits. For now, the most advanced machines from IBM or Google currently hover around 1,000 physical qubits (far from what is necessary to run Shor's algorithm)
These machines are complex, room-sized industrial refrigerators, making it difficult to envision any consumer use for the moment. However, migrating all the world's digital infrastructure is a massive project that requires time and resources. If the quantum threat matures by 2035, the time to act is not tomorrow, but right now.
NIST (National Institute of Standards and Technology)
The good news is that NIST has taken the issue very seriously and, in August 2024, presented new standards for encryption algorithms that can resist attacks from quantum computers.
For instance, Apple has already integrated these concepts into iMessage via its new PQ3 protocol, Cloudflare is securing its infrastructure with these new quantum-compliant methods, and everyone else is following suit. NIST now explicitly urges system administrators to start migrating their systems immediately, as these standards are the completed blueprints for our future digital safety.
“Quantum computing technology could become a force for solving many of society’s most intractable problems, and the new standards represent NIST’s commitment to ensuring it will not simultaneously disrupt our security”