Quantum Computing and Cybersecurity: Preparing for the Post-Quantum Era
From Google's Willow chip to Microsoft's Majorana 1, quantum computing is advancing fast. Here's what it means for encryption, blockchain security, and your organization's cryptographic future.
Introduction
On December 9, 2024, Google announced its latest quantum chip called Willow, a 105-qubit processor that achieves a breakthrough in quantum error correction and computational power. Willow performed a benchmark task in under five minutes that would take today’s fastest supercomputers an estimated 10 septillion (10^25) years to complete. This breakthrough not only demonstrated exponential error reduction as qubits scaled but also validated quantum computing’s potential to solve intractable problems across drug discovery, climate science, and cryptography.
While Google advances superconducting qubits, Microsoft is charting a distinct course with topological quantum computing. In February 2025, it unveiled Majorana 1, an 8-qubit chip based on a Topological Core architecture using non-abelian anyons to reduce decoherence and improve error resistance. CEO Satya Nadella called it “a significant leap toward scalable quantum systems.” Microsoft aims to scale this to millions of qubits for industrial-grade, fault-tolerant performance.
The transformative power of quantum computing lies in its ability to leverage quantum mechanics — superposition and entanglement — to process information exponentially faster than classical systems. However, this power also threatens the cryptographic foundations securing global digital infrastructure. Algorithms like RSA and ECC, which protect everything from financial transactions to state secrets, could be rendered obsolete by quantum attacks.
This article examines the rapidly evolving landscape of quantum computing and its profound implications for cybersecurity. Beginning with the recent breakthrough of Google’s Willow quantum chip as an illustrative milestone, it explores the fundamental principles of quantum computing and the significant threats quantum technology poses to current cryptographic systems. The discussion covers the development and adoption of post-quantum cryptography standards, quantum-enabled security enhancements such as quantum key distribution and quantum random number generation, and the emerging risks from quantum AI-enhanced cyberattacks. Additionally, the article reviews industry and policy responses aimed at preparing organizations for the quantum era, highlighting practical steps toward quantum-safe security and the ethical challenges accompanying these technological advances.
Quantum Computing Fundamentals
Quantum computing is a multidisciplinary field that harnesses the principles of quantum mechanics to process information in fundamentally new ways, enabling solutions to complex problems that are intractable for classical computers. At the heart of quantum computing are quantum bits, or qubits, which differ significantly from classical bits. While classical bits represent either a 0 or a 1, qubits can exist in a superposition of both states simultaneously, vastly increasing the computational power by allowing quantum computers to explore many possibilities at once.
Two core quantum phenomena enable this power: superposition and entanglement. Superposition allows qubits to be in multiple states at the same time, much like a spinning coin that is both heads and tails until observed. This property provides quantum computers with inherent parallelism, enabling them to perform millions of calculations simultaneously. Entanglement, on the other hand, links qubits such that the state of one instantly influences the state of another, regardless of the distance between them. This correlation allows quantum computers to solve complex problems more efficiently than classical systems by leveraging these interconnected states.
Unlike classical computers, which handle information one bit at a time using bits that can only be 0 or 1, quantum computers work with quantum bits, or qubits, that can exist in multiple states at once. These qubits are manipulated using quantum gates, which change their states by rotating them on what is called the Bloch Sphere — a way to visualize the different possible states of a qubit. Quantum algorithms apply a series of these gates to take advantage of two key quantum properties: superposition, where qubits represent many possibilities simultaneously, and entanglement, where qubits become linked so that the state of one affects the others. Through a process called interference, these algorithms strengthen the chances of correct answers and reduce the likelihood of wrong ones. Finally, when the qubits are measured, they collapse from their multiple possible states into a definite 0 or 1, providing the result of the computation.
As astrophysicist Neil deGrasse Tyson noted, the immense power of quantum computing is “not hype — it’s real”, enabling breakthroughs like simulating the gravitational interactions of entire galaxies or analyzing massive astronomical data from the Vera Rubin Telescope. Such capabilities define the frontier of science, where classical computers fall short.
| Use Case | Description | Current Status | Potential Impact |
|---|---|---|---|
| Cryptography & Cybersecurity | Breaking current encryption methods (RSA, ECC) and developing quantum-resistant cryptography | Research phase; NIST standardizing post-quantum cryptography | Revolutionary — will require complete overhaul of current security infrastructure |
| Drug Discovery & Molecular Simulation | Simulating complex molecular interactions, protein folding, and chemical reactions | Early commercial applications by companies like Roche, Merck | Could reduce drug development time from 10-15 years to 3-5 years |
| Financial Modeling & Risk Analysis | Portfolio optimization, fraud detection, high-frequency trading | Pilot programs at Goldman Sachs, JPMorgan, Wells Fargo | Enhanced trading strategies and risk management worth billions |
| Machine Learning & AI Enhancement | Quantum machine learning algorithms, pattern recognition | Research phase; IBM, Google developing quantum ML frameworks | Could accelerate AI breakthroughs and enable processing of previously impossible datasets |
Quantum Threats to Cybersecurity
How Quantum Computers Threaten Current Cryptographic Systems
Quantum computers pose a fundamental threat to widely used cryptographic systems such as RSA and ECC. The core vulnerability arises from Shor’s algorithm, a quantum algorithm developed in 1994 that can efficiently factor large integers and compute discrete logarithms — mathematical problems that form the security backbone of RSA and ECC.
The security of RSA relies on the computational difficulty of factoring large numbers, while ECC depends on the hardness of the elliptic curve discrete logarithm problem. Both are considered infeasible to break with classical computers, requiring timeframes far exceeding the age of the universe for sufficiently large keys.
Shor’s algorithm allows a sufficiently powerful quantum computer to solve these problems in polynomial time, rendering RSA and ECC vulnerable to rapid decryption and digital signature forgery. For example, recent research from Google Quantum AI suggests that breaking a 2048-bit RSA key could require fewer than one million noisy qubits, a 20-fold reduction from earlier estimates.
As of 2025, the largest quantum computers (e.g., IBM’s Condor at 1,100+ qubits) are still far from the scale needed to break modern encryption, but the pace of development is accelerating.
The Risk of “Harvest Now, Decrypt Later” Attacks
A major and immediate concern is the strategy known as “harvest now, decrypt later” (HNDL). In these attacks, adversaries collect and store encrypted data today, anticipating that future quantum computers will be able to decrypt it once quantum capabilities mature.
Attackers target data with long-term value — such as government secrets, intellectual property, or personal health records — by capturing encrypted communications and storing them for future decryption.
There is consensus that sophisticated threat actors are already harvesting encrypted data, even though quantum computers capable of breaking RSA or ECC do not yet exist. This creates a silent, long-term risk to the confidentiality of sensitive information. Once quantum computers reach the necessary scale, all previously harvested data protected by classical encryption could be decrypted retroactively, exposing years or decades of sensitive communications and records.
Timeline and Likelihood of Quantum Computers Breaking Existing Encryption
The timeline for when quantum computers will become powerful enough to break current encryption standards remains uncertain, but expert consensus places this event — sometimes called “Q-Day” — in the future, not before the mid-to-late 2020s.
Recent expert studies highlight that the threat quantum computers pose to current encryption methods is becoming increasingly urgent. According to the Global Risk Institute’s 2024 Quantum Threat Timeline report, there is a 17-34% chance that a cryptographically relevant quantum computer (CRQC) capable of breaking RSA-2048 in 24 hours will exist by 2034. This probability rises to 79% by 2044.
In response to these projections, governments and industry leaders are settling concrete deadlines to mitigate the risks posed by quantum computing. The U.S. National Security Memorandum 10 (NSM-10) requires all federal agencies to migrate to quantum-resistant cryptography by 2035, with some agencies targeting 2030 or sooner.
Despite the rapid progress in quantum computing, most experts agree that public key encryption (PKE) systems such as RSA and ECC are expected to remain secure through at least 2025. However, the window for organizations to proactively migrate to post-quantum cryptography is closing quickly.
Quantum-Safe Cryptography (Post-Quantum Cryptography)
Post-Quantum Cryptography (PQC) refers to cryptographic algorithms specifically designed to withstand attacks from quantum computers. Unlike classical cryptography methods such as RSA and ECC, which rely on mathematical problems vulnerable to quantum algorithms like Shor’s, PQC uses new mathematical foundations — such as lattice-based, code-based, and multivariate polynomial problems — that remain computationally difficult even for quantum machines.
The National Institute of Standards and Technology (NIST) has been leading the global effort to standardize PQC algorithms. Beginning in 2016 with about 80 candidate algorithms, NIST conducted four rounds of evaluation and, in August 2024, finalized its first three PQC standards: CRYSTALS-Kyber for key encapsulation and CRYSTALS-Dilithium and SPHINCS+ (SLH-DSA) for digital signatures. These algorithms are designed to replace quantum-vulnerable cryptographic schemes and are expected to be widely adopted in the coming years. A fourth standard based on FALCON (FN-DSA, FIPS 206) is expected to follow as a future addition.
Industry adoption of PQC is accelerating but faces several challenges. Many PQC algorithms require larger key sizes and more computational resources compared to classical counterparts, impacting performance and integration with existing infrastructure. Organizations must update hardware, software, and protocols to support these new algorithms. Vendors are responding by announcing PQC capabilities and introducing quantum-safe hardware security modules (HSMs), with many planning full PQC support by 2026.
An essential component of preparing for the quantum era is crypto-agility — the capability of systems to rapidly adopt and switch between cryptographic algorithms as new threats emerge or standards evolve. Crypto-agility enables timely responses to vulnerabilities and facilitates smoother migrations to quantum-safe cryptography, reducing operational risks and ensuring long-term data protection.
Quantum-Enabled Cybersecurity Enhancements
Quantum-enabled cybersecurity enhancements harness the unique principles of quantum mechanics to strengthen the security of digital communications and data protection. Among these, Quantum Key Distribution (QKD) stands out as a groundbreaking method for secure communication. QKD uses quantum particles, typically photons, to generate and distribute encryption keys between two parties. Due to principles like superposition and entanglement, any attempt by an eavesdropper to intercept or measure the quantum key disturbs the system, introducing detectable anomalies.
Modern QKD protocols, such as BB84 and E91, have been successfully implemented over fiber optic cables and satellite links, enabling secure key exchange over hundreds to thousands of kilometers. For instance, China’s Quantum Science Satellite (Micius) has demonstrated satellite-based QKD over distances exceeding 1,200 kilometers, paving the way for a global quantum-secure communication network.
Another critical quantum technology enhancing cybersecurity is Quantum Random Number Generation (QRNG). Random numbers are essential for cryptographic keys, and classical random number generators can be vulnerable to prediction or manipulation. QRNG devices exploit the inherent randomness of quantum processes, such as photon detection events, to produce truly unpredictable numbers.
Beyond key distribution and generation, quantum computing also promises to improve security analytics and threat detection through Quantum Machine Learning (QML). QML algorithms can analyze vast and complex datasets more efficiently than classical methods, identifying subtle patterns and anomalies indicative of cyber threats.
Real-world implementations of these quantum cybersecurity technologies are already underway. In the United States, companies like IBM and Rigetti are conducting pilot projects integrating QKD and QRNG into secure communication infrastructures.
Microsoft has also taken a leading role by integrating PQC algorithms such as ML-KEM and ML-DSA into Windows Insider builds and Linux environments since May 2025, adopting a hybrid cryptographic approach. Microsoft’s Azure Quantum platform offers cloud-based access to quantum hardware and simulators, enabling enterprises to experiment with quantum algorithms and develop quantum-safe solutions.
Emerging Quantum Cyber Threats
Emerging quantum cyber threats introduce a complex and evolving challenge within the cybersecurity landscape, driven by the intersection of quantum computing and AI. In July 2025, cybersecurity firm Naoris Protocol emphasized that the “quantum countdown has begun” and that blockchain vulnerabilities are no longer theoretical.
A particularly alarming development is the potential rise of quantum AI-enhanced malware and cyberattacks. According to the Thales 2025 Data Threat Report, 63% of cybersecurity professionals are concerned about the possibility of future encryption being compromised by quantum computing, while 61% point to vulnerabilities in key distribution systems.
Quantum AI has the potential to significantly enhance the precision and effectiveness of cyberattacks by enabling adversaries to develop highly targeted and adaptive malware that can evade traditional detection mechanisms. When combined with quantum computing, these attacks could become even more powerful, utilizing quantum-enhanced machine learning to process vast amounts of data and detect system vulnerabilities with unprecedented speed and accuracy.
Cloud security and multi-tenant environments are especially vulnerable to emerging quantum threats. With 76% of enterprises now utilizing two or more public cloud platforms, the complexity of protecting data and applications across these distributed systems has significantly increased.
Quantum Blockchain and Distributed Ledger Security
Quantum computing presents substantial risks to blockchain security because it can break the cryptographic algorithms that secure most existing blockchain networks.
Traditional blockchains rely heavily on asymmetric cryptography methods, such as RSA and ECC, to manage digital signatures and key exchanges. However, quantum algorithms — most notably Shor’s algorithm — can efficiently factor large numbers and solve discrete logarithm problems. This capability threatens to undermine the integrity and immutability of blockchain ledgers.
To address these quantum vulnerabilities, researchers and developers are actively working on quantum-resistant blockchain protocols that integrate PQC algorithms. Lattice-based cryptography has emerged as a leading candidate due to its strong security guarantees and relatively efficient performance.
In addition to cryptographic upgrades, blockchain consensus mechanisms are being adapted to resist quantum attacks. Quantum-safe consensus protocols incorporate principles such as QKD and QRNG to enhance security.
Several pioneering projects demonstrate the practical potential of quantum-resistant blockchain. For instance, a recent study developed a quantum-resilient blockchain framework that achieves high transaction throughput (around 50 transactions per second), reduced encryption time (approximately 2.8 milliseconds), and security accuracy of 99.9%.
Policy, Regulation, and Industry Response
Policy, regulation, and industry responses to the quantum cybersecurity challenge are rapidly evolving at both national and global levels. In the United States, several key regulatory initiatives emphasize urgent quantum cybersecurity preparedness. The Presidential Executive Order 14028 (2021) and its subsequent amendments in 2025 direct federal agencies to accelerate the transition to PQC. The National Security Memorandum sets specific 2030 milestones — including deprecation of certain vulnerable algorithms and NSS firmware updates — with the overall federal migration target being 2035.
On the global stage, many countries are aligning with similar priorities. NIST has been central in this effort, having finalized the first set of PQC standards in 2024. Standards bodies and cybersecurity organizations such as ISO and IETF are working to integrate PQC algorithms into global standards and protocols.
Practical Steps for Organizations
Organizations preparing for the quantum era must take practical, structured steps to safeguard their IT infrastructure against emerging quantum threats.
Assessing Quantum Risk in Current IT Infrastructure: Conduct a thorough inventory of all cryptographic assets — certificates, keys, algorithms, and applications — across on-premises, cloud, and hybrid environments. Tools such as agent-based or network scanners help identify vulnerable cryptographic components. According to NIST and the PQCC, early risk assessment is critical for prioritizing migration efforts.
Planning Migration to Post-Quantum Cryptography: Develop a detailed migration roadmap with phased implementation aligned with risk levels and system criticality. Phase 1 (2025-2026) focuses on pilot deployments; Phase 2 (2026-2029) targets migration of high-risk services; Phase 3 (2029-2035) plans full transition. Hybrid cryptography — combining classical and PQC algorithms — is recommended during transition.
Investing in Quantum-Safe Communication and Data Storage: Prioritize upgrading hardware and software to support PQC algorithms. This includes updating cryptographic libraries, ensuring HSMs support PQC, and engaging cloud providers to understand their PQC adoption timelines.
Training Cybersecurity Teams: Build expertise on quantum risks, PQC standards, migration strategies, and crypto-agility principles. Establishing a dedicated cryptography governance team can facilitate ongoing monitoring and migration progress.
Conclusion
Quantum computing stands at the intersection of extraordinary promise and profound risk for cybersecurity. As this technology advances rapidly, it has the potential to fundamentally reshape the security foundations that support our global economy, critical infrastructure, and personal privacy.
The timeline for quantum computers capable of breaking classical encryption is shortening, with experts forecasting that this could occur as soon as the early 2030s. The risks of inaction are considerable: adversaries may already be collecting encrypted data with the intention of decrypting it once quantum capabilities are available.
Transitioning to PQC is not just a technical upgrade, but a strategic necessity. Early adoption of PQC standards should be accompanied by investments in crypto-agility, quantum-safe communication protocols, and comprehensive risk assessment strategies.
Technical solutions alone are not enough. The quantum era also brings complex ethical and privacy considerations, especially as quantum computing and AI make more powerful data analysis and surveillance possible. Policymakers, regulators, and cybersecurity professionals must work together to create governance frameworks that balance technological innovation with security, transparency, and the protection of individual rights.
About the Author
Ethan Seow is a Centre for AI Leadership Co-Founder and Cybersecurity Expert. He’s ISACA Singapore’s 2023 Infosec Leader, ISC2 2023 APAC Rising Star Professional in Cybersecurity, TEDx and Black Hat Asia speaker, educator, culture hacker and entrepreneur with over 13 years in entrepreneurship, training and education.