In August 2024, the National Institute of Standards and Technologie (NIST) published its first finalized post-quantum cryptography standards — the result of an eight-year global competition to find encryption algorithms that quantum computers cannot break. It was a milestone decades in the making. Now comes the harder part: getting the world to actually use them.
What makes an algorithm "post-quantum"?
Post-quantum cryptography (PQC) refers to encryption methods based on mathematical problems that remain hard even for quantum computers. The three NIST standards — ML-KEM, ML-DSA, and SLH-DSA — rely on lattice-based and hash-based mathematics rather than the integer factorization and discrete logarithm problems that make RSA and elliptic curve cryptography vulnerable to Shor's algorithm.
These are not quantum algorithms themselves. They run on ordinary computers. The point is that no known quantum algorithm — including Shor's — can efficiently break them. That makes them the bridge between the classical internet and the quantum era.
The adoption challenge
The NSA has mandated that US national security systems complete the transition to post-quantum algorithms by 2035. But that deadline assumes organizations begin now. In practice, cryptographic migration is one of the most complex infrastructure projects an organization can undertake. Every system that encrypts or signs data — web servers, VPNs, email systems, hardware security modules, embedded devices — needs to be updated or replaced.
Many organizations don't know what cryptography they are running, let alone where. The first step for most is a cryptographic inventory: a systematic audit of every place encryption is used. Without that, migration cannot begin.
Harvest now, decrypt later
The urgency is compounded by an attack strategy that requires no quantum computer today. Nation-state adversaries are believed to be collecting encrypted internet traffic now, storing it until quantum computers mature enough to decrypt it. Sensitive data with a long shelf life — state secrets, medical records, financial data — is already at risk, even if Q-Day is still years away.
This is why security agencies worldwide are not waiting. The question is whether the rest of the internet will move fast enough to match them.