Security Intelligence

The Quantum
Cryptography
Transition

A sufficiently powerful quantum computer will render RSA, elliptic-curve, and Diffie-Hellman cryptography obsolete overnight. The window to migrate is now — attackers are already harvesting encrypted traffic for future decryption. This guide covers the science, the threat, the new NIST standards, and how to act.

Understand the Threat → Migration Playbook
Q-Day estimate
2030–40
cryptographically relevant QC
HNDL risk
Active
harvest now, decrypt later
NIST FIPS finalized
3+1
Aug 13, 2024 — ML-KEM, ML-DSA, SLH-DSA
US NSS deadline
2035
CNSA 2.0 full transition

Six pillars

Everything you need to understand PQC

From first principles on quantum physics to a practical migration checklist — each section is self-contained but builds on the previous one.

⚛️
Part 1

Quantum Computing Primer

Qubits, superposition, entanglement, hardware approaches, and what "cryptographically relevant" actually means for the threat timeline.

Read → Quantum
⚠️
Part 2

The Cryptographic Threat

Shor's algorithm breaks RSA and ECC. Grover's weakens symmetric keys. Harvest Now Decrypt Later means the attack starts today.

Read → Threat
🔐
Part 3

PQC Algorithms & NIST Standards

FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA). Lattice, hash-based, and code-based families explained. IETF, BSI, and Chinese standards too.

Read → Algorithms
🔄
Part 4

Migration Playbook

A five-phase framework: from cryptographic inventory (CBOM) through hybrid rollout to full PQC. Protocol-level guidance for TLS, SSH, VPN, and code signing.

Read → Migration
📚
Part 5

Curated Resources

Annotated links to NIST FIPS documents, IETF drafts, BSI recommendations, CSTC standards, Cloudflare/Google/IBM blogs, and PKI Consortium forums.

Read → Resources
🧑‍💻
Advisory

Need Expert Guidance?

Qifei Li offers cryptographic architecture review, PQC migration roadmaps, and technical due diligence for tech teams and investors.

Contact Qifei →

Why act now

The clock is already running

🚨

Harvest Now, Decrypt Later

Nation-state adversaries are recording TLS-encrypted traffic today. When a cryptographically relevant quantum computer arrives, they will decrypt it retroactively. Classified data from 2025 will be readable in 2035.

Mosca's Inequality: X + Y > Z

X = how long your data needs to remain secret  ·  Y = how long your migration will take  ·  Z = time until a CRQC arrives.
If X + Y > Z, you are already at risk. Enterprise migrations routinely take 5–10 years.

Standards are ready

NIST finalized FIPS 203, 204, and 205 on August 13, 2024. Chrome already deploys ML-KEM hybrid key exchange. Cloudflare, AWS, and Signal have shipped PQC in production. The tooling is available; migration can start now.

Quick reference

What breaks, what survives

A quick orientation before diving into the details.

Algorithm / Protocol Type Classical security Post-quantum status
RSA-2048 / RSA-4096Asymmetric KEM / Sig112 / 140 bit✗ Broken by Shor's
ECDH / ECDSA (P-256)Asymmetric KEM / Sig128 bit✗ Broken by Shor's
DH-2048 / DH-4096Asymmetric KEM112 / 140 bit✗ Broken by Shor's
AES-128Symmetric cipher128 bit⚠ Grover → ~64 bit effective
AES-256Symmetric cipher256 bit✓ Safe (128-bit PQ security)
SHA-256Hash function256 bit preimage⚠ Grover → ~128 bit; prefer SHA-384+
SHA-384 / SHA-512 / SHA3-384Hash function384 / 512 bit✓ Safe
ML-KEM (FIPS 203)PQC KEM✓ NIST standardized 2024
ML-DSA (FIPS 204)PQC Signature✓ NIST standardized 2024
SLH-DSA (FIPS 205)PQC Signature✓ NIST standardized 2024

Ready to start your migration?

Qifei Li provides cryptographic architecture reviews, PQC readiness assessments, and migration roadmaps for engineering teams.

Migration Playbook → Contact Qifei