Encryption is used for both data in motion (i.e., data that’s being transmitted) and data at rest (i.e., data that’s being stored). Symmetric key algorithms use a shared secret key to encrypt and decrypt and are highly efficient for bulk data encryption. Data at rest is typically encrypted with symmetric key algorithms, and data in motion is encrypted with symmetric keys as well — but only after a shared secret key can be securely established between two parties.
Asymmetric algorithms use different keys — one public, one private — to validate two parties’ identities and then to securely establish the shared secret (symmetric) key between them. Once the shared secret key is established, a symmetric key algorithm takes over to bulk-encrypt the communication. Public key infrastructure (PKI) describes the set of systems and standards that support today’s asymmetric cryptography, including components like digital certificates that contain public keys, digital signatures that validate identities and certificate authorities that establish trust in digital certificates, among many others.
Encryption deployment and methodologies have evolved as the Internet and applications have changed, but the algorithms have been fairly stable for the last 10 years. As the advent of quantum computing draws closer, there’s a significant risk that quantum computers will have the power to crack today’s entire PKI ecosystem.
Quantum computing has been a commonly held goal for many years. It holds great promise for solving many chemical, material and other difficult computing concerns that modern computers cannot address. As of mid-2024, the belief was that a practical quantum computer would be available in 10 to 15 years. However, in the last three months, Microsoft, Google and Meta have introduced new quantum chips, and many now believe a practical quantum computer could be available in five to 10 years. This is a win for researchers and many industries that will benefit from these systems, but it greatly accelerates the risk to all digital communication around the world.
If we are still five to 10 years away from a quantum computer, why are we worried about this today? There are two main reasons why this is a concern today: (1) the ability of cyber criminals to harvest now and decrypt later and (2) the need to migrate cryptographic components.
Harvest Now, Decrypt Later. The most critical concern and area to address today is with data in transit. This can be constituents responding to government sites with personal information or government systems posting data to the cloud. Today, adversaries can intercept and store encrypted data transmissions, even if they are currently secure. Once quantum computing becomes viable, these archived transmissions could be decrypted, exposing sensitive information that was previously protected.
Deploying New Cryptographic Algorithms. As seen in the past, replacing encryption algorithms across large systems can take more than a decade. Transitioning to quantum-resistant cryptography will require extensive coordination, time and resources.
These challenges are especially critical for industries, such as health care and government, where data holds long-term value. Given the potential risks, there is an urgent need to accelerate the adoption of post-quantum cryptographic solutions to ensure data remains secure in the quantum era. Fortunately, industry, with guidance and leadership from the National Institute of Standards and Technology (NIST), has been working on developing quantum-secure cryptography over the last decade.
In November 2024, NIST finalized several post-quantum cryptography algorithms for standardization, creating the foundation for widespread adoption. CRYSTALS-Kyber has emerged as the primary key establishment mechanism, while CRYSTALS-Dilithium, FALCON and SPHINCS+ provide options for digital signatures with different performance characteristics and security assumptions.
To support both security and compatibility, hybrid approaches combining classical and quantum-safe algorithms dominate current implementations. These approaches typically layer quantum-safe algorithms alongside traditional cryptography, ensuring protection against both conventional and quantum threats while minimizing disruption.
There is also an increased focus on crypto-agility to enable smooth transitions between algorithms as standards evolve and vulnerabilities are discovered. This emphasizes flexible cryptographic architectures that can rapidly swap algorithms without requiring extensive system redesigns.
6 STEPS TO PREPARE FOR QUANTUM-SAFE ENCRYPTION
By taking a proactive, structured approach now, government agencies can avoid being caught off guard when quantum computing reaches a point where it can threaten today’s encryption. The cost of preparation is far less than the cost of a future data breach enabled by quantum decryption. Below is a simple playbook to get you started.
1. Conduct a Cryptographic Inventory
Identify where and how cryptographic algorithms are used across your systems (e.g., TLS/SSL, VPNs, secure emails, encrypted databases). Include third-party systems and cloud services in your review.
2. Assess Data Sensitivity and Longevity
Classify data based on its sensitivity and how long it needs to remain confidential. Prioritize data that must be protected for more than 10 years (e.g., health records, financial info, government contracts).
3. Monitor Developments in Post-Quantum Cryptography (PQC)
Stay updated on standards from NIST’s Post-Quantum Cryptography project. Begin evaluating these algorithms for integration into your systems.
4. Develop a Post-Quantum Transition Plan
Create a migration strategy for transitioning current cryptographic protocols to quantum-resistant alternatives. Include a dual cryptography or “hybrid” model during the transition period, using both classical and post-quantum algorithms to hedge risk.
5. Train and Educate Key Staff
Provide training for security, engineering and compliance teams on the implications of quantum computing. Ensure leadership understands both the technical and business risks involved.
6. Test and Simulate
Use labs or test environments to simulate PQC implementation and identify performance, compatibility or integration issues early. Evaluate hybrid models and run cost/impact analyses.
At Cloudflare, we've been researching, developing and standardizing post-quantum cryptography since 2017. We firmly believe that quantum-safe cryptography should be accessible to all and simple to deploy. Our approach provides immediate protection while eliminating the need for complex cryptographic implementations, certificate management or compatibility testing. Simply tunnel your traffic through Cloudflare’s quantum-safe connections to immediately protect against harvest-now-decrypt-later attacks, without the burden of upgrading every cryptographic library yourself.
Learn more today by visiting https://www.cloudflare.com/pqc/.
