Beesley.tech

Where Cybersecurity Meets Network Architecture

Quantum Computing vs Encryption: What Engineers Must Know

Reading Time: 8 minutes

Over the last few years I’ve been learning about quantum computing here and there when I can. Recently, I came across the term Post-Quantum Cryptography (PQC) and it caught my interest — so I started reading more into it: what it actually is, the dangers it poses, what vendors and the rest of the industry are doing about it, and what we can do about it as engineers.

Here’s what I’ve learned.

In this post, I’d like to go over:

  • A short but real timeline of quantum computing — what’s actually happened, and what hasn’t
  • What quantum cryptography really means (and what people often get wrong)
  • How far off we are from quantum machines breaking today’s encryption
  • What companies like Google, IBM, Microsoft, Mozilla, and F5 are doing right now
  • What this means for us as engineers — and as people
  • Some big-picture questions to think about: risk, resilience, and responsibility

What is Quantum Computing, Really?

Let’s demystify this a bit.

Most of us work with classical computers every day — the kind that process information in binary: ones and zeros. Everything from your smartphone to massive cloud infrastructure operates on this foundation. These machines process bits in a linear, deterministic way — each operation is built on well-defined steps that manipulate data predictably. This is the digital world we’ve all grown up with.

Quantum computing flips that paradigm on its head.

Instead of bits, quantum computers use qubits — quantum bits — which are governed by the bizarre but proven rules of quantum mechanics. Two key principles define how qubits behave:

Superposition

A classical bit can only be in one state at a time — 0 or 1. But a qubit can exist in both states simultaneously. It’s not that it flips rapidly between 0 and 1 — it literally exists in a combination of both, until it’s measured. Once you observe it, the superposition collapses into a single state.

Entanglement

Qubits can also be entangled, meaning their states become linked in such a way that the state of one qubit directly affects the other — even across vast distances. Change one, and the other responds instantly. It’s a kind of coordination that defies classical logic.

This is where things get wild.

In classical computing, if you’re trying to brute-force a password, your machine checks each possible combination one at a time — linearly. But with quantum computing, superposition and entanglement allow the system to evaluate a huge number of possibilities simultaneously. It’s not just “faster” — it’s fundamentally different. Imagine not checking one key after another, but testing all keys in parallel through quantum interference.

That kind of power is exactly why quantum computing is seen as a threat to modern cryptography.

Much of today’s encryption — including RSA and ECC — relies on the fact that certain mathematical problems are computationally hard for classical machines. Factor a 2048-bit number? Good luck — it would take a classical supercomputer millions of years. But a sufficiently powerful quantum computer running Shor’s algorithm could do it in hours, maybe minutes.

That’s not sci-fi. That’s why governments, researchers, and companies are racing to prepare for what’s being called the quantum apocalypse — a moment when existing encryption can no longer be trusted.

But before we panic, it’s worth noting: building a large-scale, fault-tolerant quantum computer is insanely hard. Qubits are fragile. They have to be kept at near absolute zero, shielded from electromagnetic interference, and still suffer from high error rates. Most quantum computers today operate with tens or hundreds of qubits — nowhere near what’s needed to crack modern cryptography at scale.

That said, progress is happening. And the timelines are shrinking.

So while quantum computers aren’t breaking the internet today, the threat isn’t theoretical. It’s a real engineering and security concern — one we can’t afford to ignore.

A Short Timeline of Quantum Computing

  • 1960s–1980s: Physicists like Richard Feynman lay the groundwork, proposing quantum mechanical models for computing — ideas way ahead of their time.
  • 1994: Peter Shor introduces Shor’s Algorithm, showing that quantum computers could break RSA by factoring large primes exponentially faster than classical methods.
  • 1996: Lov Grover develops Grover’s Algorithm, which accelerates brute-force search. It doesn’t completely break symmetric encryption like AES, but it halves the effective key strength (128-bit AES becomes 64-bit secure).
  • 2000s: Labs begin experimenting with fragile qubits. These are mostly proof-of-concept and small-scale systems.
  • 2010: D-Wave releases the first commercial quantum annealer — it’s not a general-purpose quantum computer, but it sparks commercial interest.
  • 2019: Google claims quantum supremacy, solving a specific problem faster than any classical machine — though the result wasn’t useful for breaking encryption.
  • 2020s: IBM, Google, and others ramp up investment. Qubit counts increase, coherence times improve, and labs start targeting real-world cryptographic applications.
  • 2022–2024: NIST selects four algorithms for standardization in Post-Quantum Cryptography

What is Post-Quantum Cryptography (PQC)?

Post-Quantum Cryptography (PQC) isn’t about using quantum computers — it’s about surviving them.

So the goal of PQC is to build encryption that remains secure even when quantum computers arrive. The twist? These are still classical algorithms — just built around problems that quantum computers can’t easily crack.

Which Algorithms Are Vulnerable to Quantum Attacks?

Not all cryptography is at risk — but many widely used standards are.

Quantum computers, using Shor’s algorithm, can efficiently solve the mathematical problems behind the most common public-key encryption systems:

  • RSA – Based on factoring large integers. Broken by Shor’s algorithm.
  • ECC (Elliptic Curve Cryptography) – Based on the discrete logarithm problem on elliptic curves. Also broken by Shor’s algorithm.
  • DSA, ECDSA, DH, ECDH – Other algorithms based on discrete logarithms or factoring — all vulnerable.

What’s safe (for now)? Symmetric algorithms like AES and hash functions like SHA-2 are not easily broken by quantum computers. However, Grover’s algorithm gives a quadratic speedup, which means key sizes should be doubled to maintain the same level of security.

What Are the Quantum-Resistant Alternatives?

Researchers are developing new cryptographic systems built around quantum-resistant mathematical problems. These are the major classes of post-quantum cryptography:

  • Lattice-based cryptography
    Based on geometric structures in high-dimensional space. Think of it like finding a needle in a multi-dimensional haystack — even quantum computers can’t do it efficiently.
  • Hash-based signatures
    Relies on hash functions (like SHA-256) to sign data. These are simple, well-understood, and quantum-safe — but can be large or single-use.
  • Multivariate polynomial equations
    Based on solving systems of nonlinear equations — hard to reverse, even with quantum help.
  • Code-based cryptography
    Uses techniques from error-correcting codes. It’s one of the oldest and most studied quantum-resistant approaches.

NIST’s Selected Algorithms

These aren’t just theoretical.

The U.S. National Institute of Standards and Technology (NIST) has been running a multi-year competition to standardize post-quantum algorithms. In July 2022, NIST announced the first four candidates for standardization:

  1. CRYSTALS-Kyber – key encapsulation mechanism (KEM)
  2. CRYSTALS-Dilithium – digital signatures
  3. FALCON – digital signatures (focused on speed and compact size)
  4. SPHINCS+ – hash-based signatures

Full NIST PQC Overview

Major vendors are now preparing to adopt these. This is where the shift begins.

How far off are we from quantum machines breaking today’s encryption?

This is the big question. And the answer is: we don’t know exactly — but it’s likely sooner than most people think.

Today’s most powerful quantum computers can only handle a few hundred qubits, and those are noisy, error-prone, and extremely delicate. Breaking RSA-2048 or ECC-256 would require thousands of stable, error-corrected logical qubits — which likely translates to millions of physical qubits, depending on the hardware architecture and error correction overhead.

Estimates vary, but here are some reasonable ranges from the research:

  • RSA-2048: Would require ~4,000 logical qubits and ~100 million gate operations using Shor’s algorithm.
  • ECC (like P-256): Even more fragile — potentially needing more operations than RSA.
  • AES-128: Still considered quantum-resistant in practice, though Grover’s algorithm reduces the effective key strength from 128 bits to 64. That’s still tough to brute-force, but AES-256 is recommended for future safety.

Recent forecasts:

Some experts say 10–20 years until full-blown quantum threats are a real concern. Others think it could happen sooner — and the crypto community is pushing hard on migration now because cryptographic agility takes years to roll out globally.

One more thing: encrypted data captured today can still be decrypted later. So if you’re transmitting sensitive info now, and it’s intercepted and stored, a future quantum machine could unlock it retroactively. That’s what’s called a “store now, decrypt later” attack — and it’s one of the reasons post-quantum efforts are ramping up.

What the Industry Is Doing Towards a Post Quantum Future

Post-quantum readiness isn’t just academic — it’s actively happening across major tech companies, standards bodies, and cloud providers. Here’s a look at how the industry is preparing for the quantum age:

Google

Google is rolling out hybrid post-quantum TLS using RSA + Kyber in Chrome. This ensures backward compatibility while preparing for a quantum-resistant future.

https://security.googleblog.com/2023/08/protecting-chrome-traffic-with-hybrid.html
https://www.imperialviolet.org/2023/08/09/pqcx.html

IBM

IBM is a pioneer in quantum computing. They’re publishing public roadmaps to 100,000+ qubits and helping organizations assess post-quantum crypto risks and readiness.

https://research.ibm.com/blog/roadmap-to-quantum-utility
https://www.ibm.com/blog/quantum-safe-crypto-transition/

Microsoft

Microsoft supports crypto-agility and post-quantum readiness across Azure and Windows. They’ve released PQCrypto-VPN and contributed to hybrid key exchange research.

https://www.microsoft.com/en-us/security/blog/2022/07/05/advancing-post-quantum-cryptography-with-microsofts-new-project-and-guidance/
https://github.com/microsoft/PQCrypto-VPN

Mozilla

Mozilla has implemented post-quantum TLS in Firefox as an experiment. They’re active in the IETF CFRG working group and pushing crypto agility in open-source.

https://blog.mozilla.org/security/2023/10/03/deploying-post-quantum-crypto-in-firefox/
https://hacks.mozilla.org/2023/12/post-quantum-cryptography/

F5

F5 is enabling hybrid PQ key exchange in BIG-IP and offering guidance to help customers start preparing today.

https://my.f5.com/manage/s/article/K000137170
https://www.f5.com/company/blog/post-quantum-cryptography-is-coming-is-your-network-ready

Cloudflare

Cloudflare has been experimenting with and deploying post-quantum cryptography in real-world environments since 2019. They now support Kyber in TLS for customers and operate hybrid TLS tunnels.

https://blog.cloudflare.com/the-tls-post-quantum-experiment/
https://blog.cloudflare.com/post-quantum-for-all/

Amazon (AWS)

AWS supports post-quantum TLS in KMS, CloudFront, and ACM. They provide PQ-ready SDKs and offer guidance for crypto-agility in cloud-native apps.

https://aws.amazon.com/blogs/security/protecting-data-with-post-quantum-cryptography-on-aws/
https://docs.aws.amazon.com/acm/latest/userguide/pqc.html

IETF

The Internet Engineering Task Force (IETF) is finalizing hybrid key exchange standards (HPKE, TLS, IKEv2). They’re driving interoperable and flexible protocols that blend classical and quantum-resistant cryptography.

https://datatracker.ietf.org/group/cfrg/about/
https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/

W3C

While less directly involved in cryptographic primitives, the W3C Web Crypto Working Group is ensuring browser and web APIs remain crypto-agile and can adopt PQC when needed.

https://www.w3.org/TR/WebCryptoAPI/

NIST

NIST is leading the global effort to standardize quantum-safe algorithms through its PQC competition, culminating in 2022’s round 3 selections (Kyber, Dilithium, Falcon, SPHINCS+).

https://csrc.nist.gov/projects/post-quantum-cryptography
https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4

What This Means for Us — as Engineers, and as People

Quantum computing isn’t just a technical challenge — it’s a societal one. As engineers, architects, developers, policymakers, and users, we need to grapple with some uncomfortable but necessary questions:

  • What are the real-world risks if our encrypted systems are broken?
    Think national security, healthcare data, financial systems, personal communication — all at stake if stored data becomes retroactively vulnerable.
  • Are we building systems with enough resilience?
    If a breakthrough happens faster than expected, how quickly can we pivot? What dependencies, libraries, protocols, or APIs need replacing? Can we adapt without breaking critical infrastructure?
  • Who’s responsible for upgrading our cryptography?
    Is it the browser vendors? The cloud providers? The open source maintainers? Governments? Or you — the one shipping code today?
  • How do we balance innovation with security debt?
    Are we chasing speed and features at the expense of long-term safety? What tradeoffs are acceptable — and which ones aren’t?
  • What will trust look like in a post-quantum world?
    If our foundations shift, how do we rebuild trust in digital systems, software updates, voting machines, and secure messaging?
  • What can you do today as an engineer?
    Learn about hybrid cryptography. Stay close to NIST and IETF updates. Audit your dependencies. Talk to your security team. Start testing new algorithms in dev environments. Even small steps now could save massive pain later.

💬 What are you doing to prepare — or what’s holding you back?
Drop a comment below.

Wrapping Up

Quantum computing is no longer just theory — it’s advancing steadily from labs into the world. We don’t know exactly when it will break today’s encryption, but we know that some of today’s data must remain secure for decades.

That’s why quantum-resistant cryptography isn’t a distant concern — it’s a present responsibility.

Engineers and organizations who understand this shift early will be better positioned to lead in the post-quantum era — and to protect what matters most.

Resources & References

Post-Quantum Cryptography

History & Algorithms

What Industry is Doing

Additional Resources