In 1939, British codebreakers at Bletchley Park faced an impossible task: crack the German Enigma machine, which generated 159 million million million possible settings. Alan Turing's electromechanical computer eventually succeeded, shortening World War II by an estimated two years. Today, we're approaching another cryptographic inflection point, except this time the codebreakers aren't racing to save democracy—they're quietly collecting encrypted internet traffic, waiting for quantum computers to hand them the keys to everything.

The Math Problem That Protects (Almost) Everything

Every time you buy something online, check your bank account, or send a "secure" message, you're trusting a mathematical trick: multiplying two large prime numbers is easy, but factoring the result back into those primes is absurdly hard. RSA encryption, which secures much of the internet, relies entirely on this asymmetry. A classical computer would need thousands of years to factor a 2048-bit number. The lock appears unbreakable.

Quantum computers don't pick the lock—they redesign the entire mechanism. Unlike classical bits that are either 0 or 1, quantum bits (qubits) exist in superposition, processing multiple states simultaneously. When entangled, these qubits can explore solution spaces exponentially faster. Peter Shor proved in 1994 that a quantum algorithm could factor large numbers efficiently, turning RSA's thousand-year problem into a matter of hours or minutes.

The same vulnerability extends to Elliptic Curve Cryptography (ECC), the newer standard that achieves similar security with smaller key sizes. Both systems assumed attackers would be limited by classical physics. They weren't wrong then. They're catastrophically wrong now.

Harvest Now, Decrypt Later

Chinese researchers reported in 2024 that they'd successfully attacked RSA encryption using D-Wave quantum machines. While debate continues about the full implications, the announcement accelerated an already-ticking clock. Most experts predict a "cryptographically relevant" quantum computer—one powerful enough to break real-world encryption—within a decade.

But adversaries aren't waiting. "Harvest Now, Decrypt Later" attacks are already happening. State actors and sophisticated criminals are recording encrypted internet traffic in massive quantities. They can't read it today, but they don't need to. They're building digital time capsules, betting that quantum computers will eventually unlock everything inside.

This matters most for data with long shelf lives. Medical records, financial documents, classified communications, proprietary research—anything that needs to stay secret beyond the next ten years is already at risk. The breach isn't happening in the future when quantum computers arrive. It's happening right now, every time sensitive encrypted data crosses a network.

The Eight-Year Scramble for New Mathematics

In 2016, the National Institute of Standards and Technology (NIST) issued a global challenge: submit encryption algorithms that could withstand quantum attacks. Eighty-two proposals arrived from 25 countries. By August 2024, after rounds of analysis and attempted breaks, NIST finalized three standards.

The winners rely on different mathematical problems than RSA and ECC. ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) handles general encryption, based on the difficulty of finding short vectors in high-dimensional lattice structures. ML-DSA and SLH-DSA provide digital signatures—ML-DSA using similar lattice problems, while SLH-DSA relies on hash functions as a backup approach.

These aren't incremental updates. They represent entirely different cryptographic foundations, chosen because no known quantum algorithm can efficiently solve the underlying math problems. Of course, that's what we thought about factoring large primes before Shor's algorithm.

The Migration That Can't Wait

NIST targets deprecating RSA-2048 and ECC-256 by 2030, with complete phase-out by 2035. That timeline sounds generous until you consider what migration actually entails.

Organizations must first inventory every cryptographic implementation across their infrastructure—algorithms, key sizes, cipher suites, certificates, and protocols. Many companies have no comprehensive catalog. Legacy systems, internal networks, vendor-specific solutions, and forgotten APIs create a cryptographic sprawl that takes months just to map.

Then comes replacement. You can't simply swap algorithms like changing batteries. Applications need updates, hardware may require replacement, and systems must maintain backward compatibility during transition. Mosca's Theorem frames the risk: if the time your secrets need protection plus the time to migrate exceeds the time until quantum computers arrive, you're already too late.

NIST recommends hybrid approaches during transition—using both classical and post-quantum algorithms simultaneously. This hedges against undiscovered vulnerabilities in the new standards while providing quantum resistance. The strategy doubles computational overhead, but the alternative is worse.

What Survives the Quantum Transition

Interestingly, AES encryption—the symmetric algorithm securing most stored data—remains relatively safe. Quantum computers reduce its security, but doubling key lengths largely compensates. AES-256, already common for high-security applications, should withstand quantum attacks.

The vulnerability concentrates in asymmetric encryption: the public-key systems that let strangers establish secure communication without prior shared secrets. These enable everything from HTTPS to digital signatures to cryptocurrency wallets. Quantum computers won't break all encryption, but they'll shatter the protocols that make the modern internet possible.

Bitcoin and other cryptocurrencies face particular exposure. Their security depends on ECC for wallet addresses and digital signatures. A quantum computer could potentially steal funds from any address whose public key has been revealed. The blockchain itself—secured by hash functions—should survive, but the ownership layer becomes vulnerable.

The Intelligence Asymmetry

As NIST's Deputy Secretary of Commerce noted, quantum computing advancement is "essential to reaffirming America's status as a global technological powerhouse." That framing reveals the stakes. This isn't just about protecting data—it's about who gets to break encryption first.

The country or organization that achieves quantum supremacy in cryptography gains temporary access to everyone else's secrets. Past communications, current transactions, future plans—all potentially readable. That window closes once others deploy quantum-resistant encryption, but the intelligence gathered during that period could be immense.

This creates pressure to accelerate quantum computing development while simultaneously hardening defenses against it. The paradox is unavoidable: the same governments funding quantum research to break adversaries' codes must also protect their own infrastructure from identical attacks.

The Bletchley Park codebreakers kept their success secret for decades after the war ended. When quantum computers break modern encryption, we probably won't hear about it until long after the damage is done. The safest assumption is that the harvest has already begun, and the threshing machines are under construction. What you encrypt today with RSA might be readable tomorrow—or might already be queued for decryption, waiting patiently in a data center somewhere for the quantum age to arrive.