Post-Quantum Cryptography: How the U.S. Plans to Secure Data in a Quantum World (Introduction) For decades, encryption has been used to protect sensitive information — from financial data privacy, to personal communication confidentiality. Today’s systems make use of mathematical problems that are so hard that virtually no classical computer can solve them. But the advent of quantum computing is
Table of Contents
challenging this cornerstone. Quantum machines could crack commonly used encryption in seconds. To that, the United States is getting ready for a future in which data must be able to withstand quantum attacks. Post-quantum cryptography is evolving as the frontier in this battle to secure our digital future. Why Quantum Computing’s Threat to Crypto Is a Long Way Off Quantum computing operates on the principles of quantum mechanics. Quantum computers don’t manipulate bits by flipping them, the way conventional computers do. They use quantum bits, or qubits. These are units of information that are stored in subatomic particles rather than electronics. hs then giving them the capability to compute results at blazing speeds. And although they remain very much in the works, when you have true quantum machines, well, you can throw industries from health care to finance into upheaval. And more urgently, they might break the encryption that keeps banking and medical records private across the globe. Algorithms such as RSA and ECC, which we previously deemed secure might become outdated over night. The Exposure of Current Encryptio The encryption used today is based on hard mathematical problems. RSA is based on the factorizing of large prime numbers, whereas ECC is based on elliptic curve equations. These are problems that would take classical computers centuries to solve. However, quantum computers can break them using Shor’s algorithm in minutes or hours. This makes current cryptography vulnerable. When large-scale quantum computers do become practical, data across banks, governments and personal devices could be compromised. The need for quantum-proofing is apparent. The Emergence of Post-Quantum Cryptography Post-quantum cryptography (PQC) means cryptographic algorithms that could withstand quantum computer attacks. Unlike existing algorithms, these rely on mathematical problems that are still hard even for quantum machines. Lattice, code-based and multivariate polynomial systems are some of the most competitive primitives. Quantum computers that PQC strives to secure are those of conventional variety, which are already deployed for digital communication and transaction today. The problem is that these algorithms need to be both secure, efficient, and scalable for use on a worldwide basis. The U.S. Government’s Approach The U.S. has been proactive in laying the groundwork for a quantum future. In 2016, we joined a global initiative with the National Institute of Standards and Technology (NIST) for organizations around the world to submit quantum-resistant algorithms in an open competition. After years of review, NIST approved its first batch of standardized PQC algorithms in 2022. These guidelines will support all federal and private sector agencies as they move to secure systems. The U.S. government also requires that federal networks transition to PQC by the beginning of the 2030s. NIST’s Post-Quantum Standards The NIST effort is a milestone in cybersecurity history. Among the chosen algorithms are CRYSTALS-Kyber and CRYSTALS-Dilithium for encryption and digital signatures. Unfortunately, quantum computers can break most lattices more efficiently besides, identity-based constructions are known to be less efficient than the lattice counterparts. Other candidates like Falcon and SPHINCS+ are alternatives for certain scenarios. Standardization was needed to give an organization something solid to turn security into. It also drives international convergence and helps to mitigate fragmentation risks in the digital ecosystem. Federal Agencies’ Role The national government, via agencies such as the National Security Agency (NSA) and the Department of Defense, has a substantial stake in PQC. Safeguarding national security data from quantum attacks is a significant challenge. Already, the NSA has published a recommendation for businesses to plan migration strategies. Research, pilot projects and partnerships with private industry are funded in part at the federal level. By attacking quantum systems, it guarantees that government infrastructure will be one of the first to have a quantum-resistant encryption in place. Private Sector Mobilization The role of the private sector is as important in this endeavor. The tech giants like Google, IBM and Microsoft are not only building quantum computers themselves but also driving advances in PQC. Banks, medical organizations, and cloud vendors are starting to test NIST-endorsed algorithms. Many companies are also doing “crypto agility” assessments to see how fast they can flip encryption techniques. Government-private cooperation will be needed to secure U.S. infrastructure. The Risk of “Harvest Now, Decrypt Later” Among the biggest risks is that adversaries could already be stealing encrypted data. Even if they couldn’t decode it today, they could save the data and decipher when quantum computing reaches a stage where it becomes possible. This approach — “harvest now, decrypt later” — leaves long-term sensitive data exposed. Medical records, defense communications and trade secrets could all be exposed in the future. PQC provides protection today against an attacker who records encrypted traffic and decrypts it in the future. Barriers to Migrating to PQC Migrating to post-quantum cryptography is not easy. Current encryption underpins billions of devices, from smartphones to satellites. Retrofitting these systems is both resource and time costly. There may be problems with compatibility, particularly in older infrastructure. Performance is another problem since some of the PQC algorithms require so much processing and bandwidth. Security teams need to weigh security against its impact on productivity and what it will do to the overall comfort level for an end user. In spite of these risks, the importance of early adoption cannot be emphasized enough to mitigate future risks. International Cooperation and Competition The competition as New York City position themselves to get a leg up is, in fact, international. The EU, China, and Japan are all tracing research and standardization projects in PQC. Global collaboration is also necessary, because in a networked world, data does not respect national borders. But competition is also a factor. Leaders in PQC will give countries a strategic advantage when it comes to cyber security and digital sovereignty. The U.S. seeks to lead through its NIST effort, along with work of allies. Quantum-Safe Infrastructure in Key Sectors Key sectors such as banks, hospitals and the military cannot risk waiting for PQC. Banks need to guard transactions from being read in the future. Hospitals often have to lock down patient records that can be sensitive for decades. Accounts handling classified communications must be secure from foreign opponents. Each of them has a specific set of challenges in the transition, but there is urgency for all. Quantum computing and PQC Quantum computing represents a new age of computer processing, drug discovery, cybersecurity and more, with PQC serving as the trust foundation for this future. Public Awareness and Education Ensuring a quantum future is more than just a technical issue that needs to be pursued with public awareness. Navalny has himself called for nationwide PQC, but few organizations understand how urgent this would be. Educational campaigns are required to raise awareness among business leaders, government officials, and the public. The next generation of cybersecurity professionals needs to be trained by universities and training programs. Ground-level understanding can be a big step towards mainstream adoption and minimal resistance to change. Learning is as important as technology in fostering resilience. Beyond PQC: Quantum Key Distribution Although PQC is the main objective, other methods such as Quantum Key Distribution (QKD) are being researched. QKD is believed to be immune to eavesdropping attempts by the laws of quantum physics. It is highly secured, although that requires special hardware and
Chip Tariffs on the Horizoninfrastructure. For the time being, QKD remains confined to niche sectors like secure government and financial networks. Post-quantum cryptography (PQC), on the other hand, is a scalable solution for all of the digital world. However, at least in the future both strategies could have a synergistic place. The Transition: TimelineExperts say they expect quantum computers to be large enough within the next decade to 20 years to crack encryption. Are they worth waiting for? PQC is expected to be a 10-year-plus effort, due to the size of global infrastructure. This makes early adoption critical. By 2025, early adopter organizations are now exploring PQC. Widespread adoption will be critical by the 2030’s. The earlier migration starts, the safer data will be down the road. The Humanitarian Dimension At its most basic, cybersecurity is a humanitarian issue. From privacy to security, that data is protecting human rights and freedoms. Post-quantum cryptography is more than a technical transition; it’s a humanitarian cause. They know that without it, our medical histories, financial details and private communications are all potentially exposed. Villages and states risk ceding critical infrastructure. To realize quantum-safe systems is to promote the dignity, the security and a future of all who are part of this planet’s digital economy. Conclusion: Constructing a Secure Quantum Future The quantum age is upon us, and that infers both promise and peril. Quantum computing offers the tantalizing promise of breakthroughs in fields like cryptography and chemistry, but has also been described as a threat to data encryption, and therefore cybersecurity itself. The U.S. is now working diligently to be prepared for post-quantum cryptography. From NIST standards to private sector innovation, there is ongoing effort to protect the digital terrain. The road ahead won’t be easy, but the stakes are too high to put this off. Safeguarding data in a quantum future is just as much about protecting humanity.
Post-Quantum Cryptography: How the U.S. Plans to Secure Data in a Quantum Future
As quantum computing advances, the foundations of modern encryption face an unprecedented threat. Post-Quantum Cryptography (PQC) has therefore become a critical focus for the U.S. government’s long-term data security strategy. Unlike traditional algorithms, which could be easily broken by quantum processors, Post-Quantum Cryptography offers encryption methods designed to resist even the most powerful quantum attacks.
To prepare for this shift, the National Institute of Standards and Technology (NIST) has developed new Post-Quantum Cryptography standards, selecting algorithms that can replace vulnerable ones like RSA and ECC. Meanwhile, the Cybersecurity and Infrastructure Security Agency (CISA) is guiding federal agencies and private organizations through its Quantum Readiness Initiative, helping them identify, test, and deploy PQC solutions.
These national efforts mark a major milestone in securing critical infrastructure, defense systems, and sensitive communications for the quantum era. By adopting Post-Quantum Cryptography early, organizations can future-proof their operations, protect long-lived data, and stay ahead of evolving cybersecurity standards. The transition may take years, but the foundation being built today will define the safety of America’s digital landscape for decades to come.