Cybersecurity

The Quantum Threat: How Quantum Computing Will Transform Cybersecurity

Lucas Bernardo

20 Jun 2025 — 10 min read

It's 2025 and we are witnessing a new innovation boom, one quite similar to the dotcom era. We've seen the mass adoption of AI in many different areas of our lives. We've seen major advancements in hardware, especially in semiconductors used by AI. We've even seen some big advancements in quantum computing coming from Microsoft, who announced Majorana 1, the world's first quantum processor powered by topological qubits.

Unlike supercomputers that extend classical computing systems based on 0's and 1's, quantum computing is built on the strange laws of quantum mechanics. Whilst most of the quantum computing field has been heavily theory-based, there are real practical implications of quantum in cybersecurity, and a world with quantum may not be far off.

My goal for you by the end of this article is:

To fill any gaps in knowledge you may have about quantum
Bridge the field of quantum and cybersecurity together
And explain the impact of quantum on cybersecurity

Understanding Quantum Computing

Firstly, it's important to note that quantum computing is built not on the classical notion of 1's and 0's as the current system you are using to read this article is built on. Instead, it is built from the laws of quantum mechanics.

Classical computing uses the definitive states of 0 or 1 inside a transistor to represent information within it; this single piece of information is referred to as a bit. Quantum computing uses quantum bits, or qubits, which can exist in multiple states at the same time, thanks to the phenomenon called superposition.

Superposition alongside quantum entanglement enables quantum computers to perform certain calculations exponentially faster than traditional computers. Qubits can be manipulated through quantum gates, and when this happens, they can explore multiple solutions simultaneously. This is incredibly useful for optimisation problems, cryptographic analysis and complex simulations.

Quantum computers are not powerful because they will replace classical computers; this would be incredibly hard to do. Instead, they are powerful because they can be used to solve problems that would be considered impossible to do using traditional systems.

Explanation of the 4 Quantum Theory Key Principles

You've already heard me mention two of them, and so before I go into more depth on this topic, I want to make sure the words that help describe quantum are clearly defined.

The four key principles are:

Superposition
Entanglement
Decoherence
Interference

Superposition

Superposition is a quantum principle that allows you to have a qubit in multiple states at once. This is primarily because it hasn't been measured. A group of qubits can be used to create a system, and once this system is measured, each qubit goes from superposition to a definitive state (0,1). This definitive state is completely random!

Entanglement

Entanglement is a quantum phenomenon where two or more qubits become interconnected. When one of these qubits is measured, the other qubits are instantly affected, regardless of the distance between them, leading to the system of qubits entering a definitive state.

It is important to note that although qubits can be entangled together, the outcome of measuring them is still completely random!

Interference

Interference can be explained in the following analogy.

Imagine you drop two stones in a pond at the same time. Ripples are created and where they meet, some spots get bigger waves (two ripples added together to make larger ones), and some spots become smaller (where the two ripples cancelled each other out).

In this analogy we can represent the different paths that qubits can take before they are measured.

Dropping the two stones in a pond at the same time represents the measuring of a quantum system.
When the two ripples create one bigger ripple, this is called constructive interference.
When the two ripples cancel each other out, this is called destructive interference.

Qubits take similar actions to these ripples when they are measured. Some can be combined together, and some can cancel each other out.

Decoherence

Decoherence is the process that occurs when a quantum state collapses into a non-quantum state. This can be triggered manually by measuring the quantum system, or accidentally due to environmental factors.

Decoherence is a massive problem when making quantum computing; one slight environmental impact, even if negligible to human beings, can be detrimental to a quantum system.

Putting it all together

Qubits have two properties: the fact that they can be in superposition, and the fact that qubits can be entangled with each other. Remember, when measuring a qubit, the outcome is still random, even if it's entangled with another qubit. It is independently random.

Computation works by setting up a quantum system (multiple qubits) in superposition. A quantum circuit, developed by the user, entangles qubits and generates interference patterns that are decided by a quantum algorithm. This is caused by decoherence. Some outputs are cancelled out thanks to destructive interference, but others are amplified. These amplified outcomes are the solutions to the computational problem.

I'll refrain from going into more depth about quantum computing and quantum mechanics. The above explanations provide a better understanding of the differences between quantum computing and traditional computing, whilst clarifying how quantum systems work at a high level. Below I've linked two articles and one video that go into more depth on the details of quantum computing:

Why is Cyber Security impacted by Quantum Computing?

Cybersecurity has three key pillars as determined by the CIA Triad:

Confidentiality - Ensuring data can only be read by intended parties
Integrity - Ensuring data is not altered from the original message
Availability - Ensuring that when a system is needed it is available

When implementing any computer system, these are three categories you should be considering to protect it. Quantum computing endangers confidentiality.

Confidentiality is heavily achieved with the help of encryption. We can encrypt data that is at rest. We can encrypt data while it is traversing the internet. We can even encrypt data that is being used. This is all possible thanks to encryption algorithms.

Encryption can be done either symmetrically (using one key for both encryption and decryption) or asymmetrically (using two keys, one for encryption and one for decryption).

Encryption is crucial for the digital world we live in. Encryption works quite simply: an algorithm creates a key. This key is then used by the same algorithm to encrypt/decrypt the data. If you do not have that key, you cannot read that data. The reason why you can't make an algorithm that can guess the correct key, or brute force the correct key, is because the problem is computationally infeasible, meaning it takes too much compute power or time to carry out. This is why modern-day encryption algorithms are so powerful: because of the constraints classical computers have, we are unable to crack them.

Quantum computing threatens the current landscape of encryption.

How Can Quantum Computing Crack Modern Day Encryption Algorithms?

Let's take some of the most popular encryption algorithms being used at the moment. These include:

AES
RSA
Elliptic Curve
Blowfish
Twofish

AES, Blowfish and Twofish are types of symmetric encryption algorithms. Their strength is thanks to the impossibility of brute forcing each key within a feasible time frame. This is actually the strength of ALL symmetric encryption algorithms. Brute force is simply too costly and computationally infeasible.

RSA and Elliptic Curve are types of asymmetric encryption algorithms. These algorithms typically rely on a problem that is computationally infeasible to solve. For example, RSA is strong thanks to the prime factorisation problem, whereas Elliptic Curve is strong thanks to the logarithm problem.

I won't go into detail on why these problems cannot be solved within traditional computer limits, as that is out of scope, but below are some resources that explain why that is:

These algorithms are all currently computationally infeasible to crack; however, algorithms have already been created that use quantum computing to break these encryption algorithms or at least decrease the time it would originally take to break them.

Current Quantum Landscape

As of right now, the most powerful Quantum Computers have around 1,200 physical qubits or 48 logical qubits. Physical qubits are noisy and error-prone, which are much lower quality than logical qubits which are error-proof and error-corrected. As a result, an algorithm that requires x amount of logical qubits may require many more physical qubits to act as fault tolerance.

Recently, Microsoft revealed Majorana 1, a quantum chip powered by topological qubits. They are fast, small and digitally controlled. These topological qubits are meant to act as logical qubits, but much easier to replicate and use. As of right now, Majorana 1 has 8 topological qubits but can be scaled to 1 million in theory.

Future Quantum Landscape

IBM has plans to make a quantum computer in 2029 with 200 logical qubits and 10,000 physical qubits, and by 2033 they are aiming for 2,000 logical qubits.

With the breakthrough of Majorana 1, we may be expecting a faster trajectory of quantum computing in real use cases within years rather than decades.

Quantum Algorithms that threaten Cybersecurity

Grover's algorithm is a quantum algorithm that provides quadratic speedup over brute force. Even with this algorithm, it would still be computationally infeasible to crack symmetric encryption. If we take AES256, with current classical computers it would take 2^256 operations × speed of each operation to find the correct key. With Grover's algorithm it will take 2^128 operations × speed of each operation to find the correct key. Even with the hypothetical best quantum computer, it would still be computationally infeasible to crack. This algorithm would technically require 256 logical qubits to create a functional Grover's algorithm, but in practical terms it would need around 3,000 - 4,000. To use physical qubits instead, millions would be needed. Even then, it would still be computationally expensive to do.

Shor's Algorithm is another quantum algorithm that threatens modern-day cybersecurity as we know it. It would be able to crack RSA-2048 (modern-day RSA standard) in theory. The algorithm would require 4,000 to 6,000 logical qubits or 20 million physical qubits to crack. It is also much faster to crack. The algorithm could finish finding the correct key between hours or days.

Using a modified Shor's algorithm, the same principle can be applied to ECC-256. In theory, it would require around 2,000-3,000 logical qubits or 10-20 million physical qubits. Similar to Shor's algorithm, it would take hours or days to crack.

This is incredibly scary, not so much for symmetric encryption, but for asymmetric encryption. As long as companies are using current encryption standards such as AES256, as of current research it would still be computationally infeasible to crack even with quantum computers. But asymmetric encryption, especially RSA and ECC, two of the most popular ones, are at great risk of being cracked relatively quickly.

Quantum computers not only threaten the future of encryption but also the past.

Harvest Now Decrypt Later

Data breaches are becoming more and more popular. Cybercrime is rising, and technology is becoming more accessible and easier to use, which increases the number of attacks. As a result, data breaches become more frequent, and cybercriminals sell this stolen data on the dark web. Much of this stolen data will be encrypted when initially breached. However, as quantum computers begin to progress, the risk of Harvest Now Decrypt Later attacks increases. Although at the moment we can't crack the encryption, in the future when quantum computers become stronger, this may not still be the case. This will lead to a sudden surge in revealing sensitive data flooding the web that was once deemed impossible to decrypt.

Quantum Resistant Algorithms

There are many ways algorithms can be quantum resistant. For example, the different types of algorithms include:

Lattice Based
Hash Based
Code Based

Describing how each type of algorithm works is beyond the scope of this article; here is a good article to aid in explaining them.

NIST, who is the leading authority when it comes to cybersecurity, has announced four quantum resistant algorithms that can be used:

CRYSTALS-Kyber - Key encapsulation mechanism (lattice-based)
CRYSTALS-Dilithium - Digital signatures (lattice-based)
FALCON - Digital signatures (lattice-based)
SPHINCS+ - Digital signatures (hash-based)

These are the algorithms companies should be migrating towards in order to protect them from HNDL attacks and other forms of attacks that can occur post-quantum era.

Actions Governments & Companies should take

There are three key things I believe businesses and governments should be doing in order to protect themselves from the post-quantum era:

Use quantum resistant algorithms as described above. This will make HNDL and other attacks impossible to be carried out thanks to quantum.
Whenever you are creating a solution, you need to make it so it is easy to transition to different encryption algorithms. This flexibility will be crucial in order to defend yourself against attacks caused by flaws found in algorithms. This is also future-proofing against any new advancements in encryption cracking as you can easily swap between different encryption algorithms.
I would encourage companies to create a detailed asset list and supply chain list. With the asset list, companies should ensure that they are well defended and updated to use new quantum resistant encryption. With a supply chain list, companies should carry out detailed audits of their security systems to ensure they comply with their own security posture.

Conclusion

Ultimately, I believe that quantum computing is becoming more and more of a reality. This brings significant risk to current encryption algorithms and standards. In a world where quantum computers are more normal, threats to online services that use non-quantum resistant algorithms may lead to mass data breaches occurring.

I believe that businesses and governments should aim to migrate towards a quantum resistant future rather than deal with it when it happens. At most we are 20 years away from a world where quantum computers can crack modern asymmetric encryption, but with how fast technology is advancing, I would not be surprised if this was sped up. Furthermore, in the event of a future world war, governments will speed up the research into this field, investing more money into quantum computing, with the hopes of creating a system that could destroy enemy encryption systems. I believe it is critical to move towards these systems as a safety precaution in case of ground-breaking advancements in the quantum computing field.

TL:DR

Quantum computing works differently to how classical computing works. This new piece of technology is threatening how modern-day encryption works, especially asymmetric encryption systems. As more advancements in this technology are made, we move closer to a world with quantum computers capable of cracking modern-day encryption algorithms such as RSA and ECC. This will lead to sudden increases in Harvest Now Decrypt Later (HNDL) attacks, alongside aiding other attacks that rely on cracking asymmetric algorithms. With the potential of sudden innovation in quantum computers occurring (such as Majorana 1), companies and governments should work towards making their systems quantum resistant by implementing quantum resistant algorithms, making systems that can rotate encryption algorithms easily, and cataloguing assets and supply chains used to ensure they are compliant to their security posture.