With the progress in Shor’s algorithm and quantum hardware, I’m concerned about the "Store Now, Decrypt Later" threat. When should our IT department start migrating our RSA and ECC-based encryption to NIST-approved post-quantum algorithms? Is 2026 too early to begin testing these PQC integrations in a production-like hybrid cloud environment?
3 answers
2026 is actually the perfect time to start your crypto-agility roadmaps. The NIST has already finalized several PQC standards like ML-KEM and ML-DSA. You don't need a quantum computer to start implementing these; they run on classical hardware. The "Store Now, Decrypt Later" risk is real for data with long-term sensitivity, like medical or government records. I recommend a "Hybrid" approach where you wrap your existing RSA/ECC keys with a PQC layer. This ensures that even if the new PQC algorithm has a hidden flaw, you still have your traditional security as a fallback.
We started our PQC transition last quarter. The biggest hurdle wasn't the code, but the governance. Updating all our security policies to include "quantum-ready" standards took months of internal legal reviews.
Will the implementation of these new NIST-approved quantum-safe algorithms significantly increase our network latency or computational overhead on mobile devices compared to our current SSL/TLS setups?
David, that’s a very valid concern. Most PQC algorithms involve larger key sizes and signature lengths. For example, Kyber (ML-KEM) has a larger memory footprint than ECC. While modern iPhones and laptops can handle this easily, your IoT devices or legacy hardware might struggle. You’ll need to perform a thorough audit of your edge devices to see which ones can support the new overhead without causing a bottleneck in your data throughput.
Exactly, Barbara. The technical swap is often easier than the organizational shift. Getting stakeholders to understand that "quantum-safe" is a 2025 priority, not a 2035 one, is the real challenge.