Post-Quantum Cryptography Readiness
Posted: March 6, 2026 to Quantum Computing.
Post-quantum cryptography (PQC) readiness is your organization's preparedness to replace RSA, ECC, and Diffie-Hellman encryption with quantum-resistant algorithms before quantum computers can break them. NIST finalized three PQC standards in August 2024 (ML-KEM, ML-DSA, SLH-DSA), and Google announced a 2029 migration deadline on March 25, 2026. With harvest-now-decrypt-later attacks already underway and cryptographic migration historically taking 5 to 10 years, the window to act is now, not when the first cryptographically relevant quantum computer (CRQC) arrives.
Key Takeaways
- NIST finalized three PQC algorithms in August 2024: ML-KEM (key exchange), ML-DSA (signatures), and SLH-DSA (hash-based signatures).
- Harvest-now-decrypt-later attacks are active today; any data that must stay confidential for 5+ years is already at risk.
- Google set a 2029 PQC migration deadline (March 25, 2026); NSA CNSA 2.0 mandates PQC for NSS acquisitions by January 2027.
- Start with a cryptographic inventory, prioritize by data sensitivity and longevity, then pilot hybrid TLS before full migration.
- Defense contractors face the most urgent timelines; CMMC and NIST frameworks will incorporate PQC requirements as standards mature.
Post-Quantum Cryptography Readiness: Why Your Business Must Start Preparing for Quantum Computing Threats Now
Quantum computers capable of breaking current encryption standards are no longer a distant theoretical threat. NIST finalized its first three post-quantum cryptographic standards in 2024, and the migration timeline is measured in years, not decades. Organizations that wait until quantum computers can crack RSA and ECC encryption will find themselves scrambling to replace cryptographic infrastructure across every system, application, and communication channel simultaneously.
The threat is not just future-facing. "Harvest now, decrypt later" attacks are happening today. Adversaries, particularly nation-state actors, are intercepting and storing encrypted communications and data with the intention of decrypting them once quantum computing makes current encryption obsolete. If your data has long-term sensitivity, measured in years or decades, it is already at risk from quantum threats.
Understanding the Quantum Threat to Encryption
What Quantum Computing Changes
Current encryption relies on mathematical problems that classical computers cannot solve in reasonable time. RSA encryption depends on the difficulty of factoring large numbers. Elliptic curve cryptography depends on the discrete logarithm problem. These problems are computationally infeasible for classical computers but can be solved efficiently by a sufficiently powerful quantum computer running Shor's algorithm.
This means that RSA, ECC, Diffie-Hellman key exchange, and DSA digital signatures, the cryptographic foundations of virtually all secure communications and data protection, will become breakable. TLS/SSL connections, VPN tunnels, encrypted email, digital signatures, code signing, blockchain, and encrypted storage all rely on these algorithms.
What Remains Secure
Symmetric encryption algorithms like AES are less affected by quantum computing. Grover's algorithm provides a quadratic speedup for brute-force attacks on symmetric keys, which means AES-256 provides roughly AES-128 equivalent security against quantum attacks. This is still considered secure for most applications. The primary threat is to asymmetric (public key) cryptography.
Hash functions
SHA-256 and SHA-3 are also quantum-resistant with larger output sizes. The cryptographic infrastructure that needs replacement is primarily the public key algorithms used for key exchange, digital signatures, and authentication.
NIST Post-Quantum Cryptographic Standards
NIST finalized three post-quantum cryptographic algorithms that will replace current standards:
ML-KEM (formerly CRYSTALS-Kyber): A key encapsulation mechanism for secure key exchange. This replaces RSA and Diffie-Hellman for establishing encrypted connections. ML-KEM is recommended for TLS, VPN, and any application requiring secure key agreement.
ML-DSA (formerly CRYSTALS-Dilithium): A digital signature algorithm for authentication and integrity verification. This replaces RSA and ECDSA signatures used in code signing, document signing, certificate authorities, and authentication protocols.
SLH-DSA (formerly SPHINCS+): A hash-based digital signature algorithm providing an alternative signature scheme based on different mathematical assumptions. This serves as a backup in case lattice-based cryptography faces unexpected attacks.
A fourth algorithm, HQC, is in the final stages of standardization and will provide an alternative key encapsulation mechanism based on code-based cryptography.
Why Migration Must Start Now
Cryptographic Migration Takes Years
The last major cryptographic migration, from SHA-1 to SHA-2, took over a decade despite being a relatively simple hash algorithm replacement. Post-quantum migration is exponentially more complex because it affects key exchange, digital signatures, and authentication across every connected system. Large organizations have thousands of systems, applications, and integrations that rely on public key cryptography.
Harvest Now, Decrypt Later
Data encrypted today using RSA or ECC can be stored by adversaries and decrypted later when quantum computers become available. This means that data with long-term confidentiality requirements, including classified information, trade secrets, medical records, attorney-client communications, and intellectual property, is effectively at risk now. Organizations handling this type of data must begin transitioning to post-quantum encryption immediately.
Regulatory Requirements Are Emerging
Federal agencies are mandating post-quantum readiness timelines. NSA has directed National Security Systems to begin migration planning. CMMC and NIST frameworks will incorporate post-quantum requirements as standards mature. FIPS 140-3 will include post-quantum algorithms. Organizations that begin preparation now will be ahead of regulatory mandates rather than scrambling to meet deadlines.
Post-Quantum Readiness Assessment
Step 1: Cryptographic Inventory
Identify every use of public key cryptography in your environment. This includes TLS certificates, VPN configurations, SSH keys, code signing certificates, email encryption, disk encryption key management, database encryption, API authentication, and any custom applications that implement cryptographic functions. Most organizations are surprised by the breadth of their cryptographic footprint.
Step 2: Prioritize by Risk
Classify cryptographic usage by data sensitivity and longevity. Systems protecting data that must remain confidential for ten or more years are highest priority for migration. Systems with short-lived data sensitivity have more time but should still be included in migration planning.
Step 3: Evaluate Vendor Readiness
Contact your major software and infrastructure vendors to understand their post-quantum migration plans. Operating system vendors, cloud providers, VPN vendors, PKI providers, and application developers all have roles in the migration. Vendor readiness will determine your migration timeline for many systems.
Step 4: Test Hybrid Approaches
Hybrid cryptographic implementations that combine classical and post-quantum algorithms provide a transition path. TLS connections can negotiate hybrid key exchange that is secure against both classical and quantum attacks. Testing hybrid approaches in non-production environments builds organizational experience before production migration.
Step 5: Develop Migration Roadmap
Create a phased migration plan that addresses highest-risk systems first, accounts for vendor readiness timelines, includes testing and validation procedures, and maintains backward compatibility during the transition period. Budget for the migration over multiple fiscal years.
Post-Quantum Cryptography for Specific Industries
Defense contractors: Organizations handling CUI and classified information face the most urgent timelines. NSA and DoD directives will require post-quantum migration on specific schedules. Begin cryptographic inventory and planning immediately.
Healthcare: HIPAA requires encryption of protected health information. As post-quantum standards are incorporated into HIPAA guidance, organizations must be prepared to upgrade encryption across all PHI-handling systems.
Financial services: Banking and financial data has long-term confidentiality requirements that make it a prime target for harvest-now-decrypt-later attacks. Financial regulators will incorporate post-quantum requirements into existing cybersecurity frameworks.
Legal and professional services: Attorney-client privilege and confidential business information require long-term protection. Law firms and consulting organizations handling sensitive client data should prioritize post-quantum readiness.
Frequently Asked Questions
When will quantum computers break current encryption?
Expert estimates range from 5 to 15 years for cryptographically relevant quantum computers. Google announced a 2029 PQC migration target on March 25, 2026. The exact timeline is uncertain, but given that cryptographic migration takes years, waiting for certainty is itself a risk. Start preparation now.
Is AES-256 encryption safe from quantum attacks?
Yes. AES-256 is considered quantum-resistant because Grover's algorithm only reduces its effective security to approximately AES-128 equivalent, which remains computationally infeasible to break. The primary quantum threat is to asymmetric (public key) algorithms like RSA and ECC used for key exchange and digital signatures.
What is a harvest-now-decrypt-later attack?
A harvest-now-decrypt-later (HNDL) attack is when adversaries, particularly nation-state actors, intercept and store encrypted communications today with the intention of decrypting them once quantum computers can break current RSA and ECC encryption. This makes any data with long-term sensitivity immediately at risk.
How much does post-quantum migration cost?
Costs vary by organizational size. Small businesses may spend $10,000 to $50,000 on assessment and initial migration. Mid-size enterprises face $200,000 to $1 million over a multi-year program. Large enterprises with complex PKI, IoT fleets, and legacy systems face costs in the millions. The cost of emergency migration after a quantum breakthrough would be far higher.
Should we wait for standards to mature before starting PQC migration?
No. NIST finalized three PQC algorithms in August 2024, and the standards are ready for adoption. Start with cryptographic inventory and risk assessment now. These activities are valuable regardless of which specific algorithms you deploy and will significantly accelerate implementation when you begin migration.
Can our managed IT provider handle post-quantum migration?
Post-quantum migration requires specialized cryptographic expertise beyond typical managed IT services. Look for a provider with cryptographic assessment capabilities, NIST PQC standards knowledge, and experience with hybrid deployment models. Petronella Technology Group offers quantum readiness assessments backed by CMMC-RP and CMMC-CCA credentials.
About the Author
Craig Petronella is the CEO of Petronella Technology Group, Inc. and a recognized authority on cybersecurity, compliance, and emerging technology threats. Craig holds credentials as a CMMC Registered Practitioner (CMMC-RP), Certified CMMC Assessor (CMMC-CCA), and Licensed Digital Forensic Examiner. He is the author of 15 published books on cybersecurity and technology. With over 24 years of experience protecting businesses from evolving threats, Craig advises organizations on post-quantum cryptography readiness, compliance frameworks, and secure AI adoption.
Start Your Quantum Readiness Assessment
Petronella Technology Group, Inc. helps businesses assess their cryptographic posture and build a migration roadmap to post-quantum standards. Our team holds CMMC-RP and CMMC-CCA credentials with deep expertise in compliance-driven security.
BBB A+ Rated • 24+ Years in Business • 2,500+ Clients Served
