Post-Quantum Encryption: Is Your Data Safe from Tomorrow's Hackers?

Quantum computers powerful enough to break current public-key encryption don’t exist yet — but they’re expected within the next 10–15 years. If you’re encrypting data today that needs to remain confidential for decades, the post-quantum threat is already relevant.

The “Harvest Now, Decrypt Later” Problem

The most immediate concern isn’t a quantum computer breaking your encryption in real-time. It’s harvest now, decrypt later (HNDL):

1. An adversary intercepts and stores your encrypted data today
2. They archive it, waiting for quantum computing to mature
3. When a sufficiently powerful quantum computer exists, they decrypt the stored data

This is relevant for:

• Government and military communications
• Medical records with long confidentiality requirements
• Trade secrets and intellectual property
• Financial data with multi-decade relevance
• Personal data you want to remain private for your lifetime

If your encrypted data only needs to stay secret for a few years, the quantum threat is less urgent. If it needs to remain secret for 20+ years, you should start planning now.

What Quantum Computers Threaten

Broken by Quantum Computers

These algorithms are vulnerable to Shor’s algorithm on a sufficiently large quantum computer:

• RSA (public-key encryption and signatures)
• ECC / ECDSA (elliptic curve cryptography)
• Diffie-Hellman (key exchange)

These are used in TLS/HTTPS, VPNs, SSH, code signing, email encryption, and digital certificates.

NOT Broken by Quantum Computers

Symmetric encryption algorithms are affected but not broken. Grover’s algorithm provides a quadratic speedup, effectively halving the key strength:

• AES-128 → equivalent to 64-bit security (weak)
• AES-256 → equivalent to 128-bit security (still strong)

This means:

• BitLocker with AES-256 remains secure against quantum attacks
• VeraCrypt with AES-256 remains secure against quantum attacks
• Your encrypted containers and full-disk encryption are safe

The primary threat is to public-key cryptography used in internet protocols, not to the symmetric encryption protecting your local files.

NIST Post-Quantum Standards

In 2024, NIST finalized the first post-quantum cryptography (PQC) standards:

• ML-KEM (FIPS 203) — Key encapsulation (replaces RSA/ECC key exchange), based on the CRYSTALS-Kyber algorithm
• ML-DSA (FIPS 204) — Digital signatures (replaces RSA/ECDSA signatures), based on CRYSTALS-Dilithium
• SLH-DSA (FIPS 205) — Stateless hash-based digital signatures, based on SPHINCS+

These algorithms are designed to resist both classical and quantum attacks. Major software vendors (Microsoft, Google, Apple, Mozilla) are already integrating them into their products.

What This Means for Windows Users

Your Local Encryption Is Fine

BitLocker (AES-256), VeraCrypt, CryptoExpert, and similar tools use symmetric encryption. AES-256 provides adequate security against known quantum attacks. You don’t need to change your local encryption setup.

Internet Security Is Transitioning

Chrome, Edge, and Firefox are already experimenting with post-quantum key exchange (ML-KEM) for HTTPS connections. Windows will adopt PQC algorithms in TLS, VPN, and certificate infrastructure as the standards mature.

As a user, this transition will be mostly transparent — browser and OS updates will handle it.

Code Signing and Software Verification

GPG signatures and Authenticode certificates currently use RSA or ECC. These will need to transition to PQC signatures. Until then, existing signatures remain secure — quantum computers capable of forging them don’t exist yet.

For current verification practices, see How to Verify Checksums and Avoiding Trojanised Installers.

Practical Steps You Can Take Now

1. Use AES-256 for local encryption — not AES-128. Both BitLocker and VeraCrypt support AES-256. It’s quantum-resistant.
2. Keep software updated — PQC support will arrive through regular updates to browsers, operating systems, and encryption tools.
3. Evaluate your data’s longevity — if data needs to stay secret for 20+ years, consider the HNDL threat.
4. For data in transit: ensure your VPN and HTTPS connections use the latest TLS versions (TLS 1.3).
5. For long-term archives: encrypt with AES-256 and store securely. The symmetric encryption is quantum-safe.
6. Stay informed — NIST’s PQC standards are finalised, but implementation across all software will take years.

What You Don’t Need to Do

• Don’t panic. Quantum computers capable of breaking RSA-2048 are likely a decade or more away.
• Don’t abandon current encryption. Today’s encryption is still strong against today’s threats.
• Don’t buy “quantum-proof” marketing hype. If a product claims to be “quantum-proof,” ask specifically which PQC algorithms it implements.
• Don’t change your local encryption tools. AES-256 is already quantum-resistant.

For more on Windows encryption options and choosing between BitLocker and VeraCrypt, see our existing guides.

Key Takeaways

• Quantum computers threaten public-key cryptography (RSA, ECC), not symmetric encryption (AES-256)
• Your BitLocker and VeraCrypt encryption is safe from quantum attacks if using AES-256
• NIST has published the first PQC standards — software vendors are integrating them
• The “harvest now, decrypt later” threat is real for long-lived secrets
• Keep software updated and use AES-256; the transition will be mostly automatic

Further Reading

• NIST — Post-Quantum Cryptography — Official PQC standards and documentation
• NIST FIPS 203 (ML-KEM) — Post-quantum key encapsulation standard
• CISA — Post-Quantum Cryptography Initiative — Government transition guidance
• Microsoft — Quantum computing and cryptography — Microsoft’s PQC roadmap
• ETSI — Quantum-Safe Cryptography — European standards body guidance
• NSA — Quantum Computing and the Cybersecurity Challenge — NSA guidance on quantum readiness