Quantum computing vs. classical computing: How organisations must prepare for post-quantum security

The vast majority of modern cyber security solutions rely on public key cryptography (PKC), including algorithms such as:

Rivest, Shamir, Adelmann (RSA)

Diffie-Hellman (DH)

Elliptic Curve Cryptography (ECC)

These methods ensure basic security objectives such as confidentiality, authentication and integrity by using complex mathematical problems that are practically unsolvable for classical computers.

However, quantum computers are revolutionising this landscape. Quantum systems can compute certain previously intractable tasks in much less time, which is becoming a serious threat to today's cryptography and calls for new, quantum-safe encryption and security solutions.

What is the difference between quantum computing and classical computing?

The main difference between classical and quantum computing is their computational efficiency.

Classical computers require an expone"Q‑Day is not a science‑fiction scenario but a countdown that is already underway. Now is the right time to inventory key material, protocols, and dependencies, and to establish a roadmap for PQC migrations," emphasises our Lead Security Consultant Nils Kammann. ntial number of calculation steps to factorise large numbers
Quantum computers can solve the same task in polynomial time.

The Shor algorithm is inefficient on conventional computers because it is based on quantum-specific principles that cannot be replicated with classical bits.

Exponential means that the required computing time (or the number of steps) increases extremely quickly as the input size increases.
Polynomial, on the other hand, means that the effort required increases much more slowly and is therefore much more manageable.

For this reason, polynomial algorithms are considered efficient, while exponential algorithms are hardly usable for large problem sizes in practice.

Why quantum computing threatens modern encryption

Modern PKC algorithms are based on the assumption that there are no efficient algorithms for solving certain mathematical problems. These include the factorisation of large numbers in the case of RSA, as well as the calculation of discrete logarithms, as DH and ECC are based on.

Quantum computers can break through these basic assumptions.

With the Shor algorithm, it is possible to solve these tasks exponentially faster than with classical algorithms.

quantencomupting-blog-xantaro

This potentially puts basic security protocols such as TLS, SSH or IPsec within reach of an attack: data encrypted today could be stored initially and decrypted in the future as part of a "harvest now, decrypt later" approach.

“Anyone still relying on traditional public‑key algorithms today is essentially encrypting for the past,” explains Nils Kammann, Lead Security Consultant at Xantaro.

What is Q-Day and when will it happen?

Q-Day refers to the moment when cryptographically relevant quantum computers (CRQCs) become powerful enough to break commonly used public key encryption (such as RSA, DH, or ECC).

The BSI (German Federal Ministry for Information Security) predicts that these CRQCs may merge in the next 10 to 20 years – in other words, around the mid- to late 2030s. Other expert sources such as the NIST (National Institute of Standards and Technology) or EU bodies cite comparable time frames and place the possible "Q-Day" roughly around the year 2030.

This timing forecast, together with the required protection period for sensitive data, creates an increasingly urgent need for action. In the EU, data retention periods range from 5 to 10 years, depending on the content. This is particularly relevant for sectors with high security requirements, such as finance, healthcare and public authorities.

Current limitations of quantum computers

Currently available quantum computers - such as IBM's Osprey with 433 qubits* or Condor with over 1,000 qubits - are not yet sufficiently powerful for practical applications in cryptography.

Google's 105-qubit chip Willow (2024) or the development goals being pursued at the Fraunhofer Institute in the region of around 400 qubits also fit into an overall picture in which various technological approaches are being pursued in parallel, while operational quantum computers for security-critical cryptography remain a dream of the future.

*A qubit (short for quantum bit) is the basic unit of information in a quantum computer - just as a bit is the smallest unit in a classical computer.

These quantum computers face several major challenges:

Qubits are extremely sensitive to external influences. Even minimal disturbances or temperature fluctuations can cause them to lose their state - a phenomenon known as decoherence.

Building systems with many qubits that are both stable and precise is extremely difficult, and quantum error correction, which is essential to protect against interference, requires considerable resources: Numerous physical qubits must be used for a single reliably usable logical qubit.

These challenges make the upscaling of quantum computers one of the most difficult problems in modern science and technology.

What is post-quantum cryptography (PQC)?

Post-Quantum Cryptography (PQC) replaces classic, non-quantum-safe algorithms with new methods that are resistant to the possibilities of quantum computers.

These are the first 3 FIPS 203, 204 and 205 (Federal Information Processing Standard) standards. PQC fulfils all traditional security requirements and can be integrated into existing infrastructures.

FIPS 203 is the first finalised standard of this project, which specifies ML-KEM (Module-Lattice-Based Key Encapsulation Mechanism). This is a post-quantum-resistant algorithm for the secure generation of a shared secret key via insecure channels, e.g. for TLS handshakes, VPNs or cloud storage. It offers parameters such as ML-KEM-512, -768 and -1024 for different security levels.

These advanced product integrations show that the industrial implementation of quantum-safe security mechanisms has already begun. IT managers should familiarise themselves with PQC at an early stage in order to accompany the change in a strategic and risk-aware manner.

Why PQC migration is important now

Dr Michele Mosca's Mosca theorem considers the relationship between the expected availability of cryptography-breaking quantum computers and the required confidentiality period of today's data. It makes it clear that a great deal of information must still be protected even when powerful quantum computers are available.

This analysis emphasises the urgency of quantum-safe cryptography for long-term sensitive data. To counteract this, authorities such as the NIST (National Institute of Standards and Technology) in the USA and the BSI (Federal Office for Information Security) in Germany are already recommending a gradual migration to quantum-safe procedures.

Although other important frameworks and regulations, such as DORA, NIS-2 or ISO-27001 PQC, do not explicitly mention this, their call for "contemporary security" and "resilience" nevertheless implies the need to address the risks of quantum computing. In practice, this means considering:

The long confidentiality lifetimes of sensitive data
The complexity and duration of cryptographic migrations
The risk of “harvest now, decrypt later” attacks

Even if most experts assume that cryptographically relevant quantum computers will not be available for several years, it should not be overlooked that the transition to new procedures often takes a considerable amount of time - sometimes several years.

"As soon as quantum computers are able to break public‑key cryptographic schemes, existing blockchain networks that do not use post‑quantum‑secure cryptography will no longer be protected in the long term. Do you have an idea of what impact this could have on the cryptocurrency sector?" warns our expert Nils Kammann.

This urgency is increasingly reflected at a European level. Back in November 2024, the BSI, together with partners from 20 European countries, called on industry, critical infrastructures and public institutions to make the transition to PQC a key priority.

How organisations can prepare – Quantum computing cybersecurity checklist

Conduct cryptographic risk assessments – Identify where vulnerable encryption is used, and prioritise systems handling long-lifecycle sensitive data
Develop a PQC migration roadmap – Integrate hybrid cryptographic approaches that align with NIST and BSI transition guidance
Test quantum-safe algorithms early – Validate performance impact and identify interoperability challenges
Ensure regulatory compliance – Align with frameworks that emphasise resilience and modern security (including quantum preparedness)

"Q‑Day is not a science‑fiction scenario but a countdown that is already underway. Now is the right time to inventory key material, protocols, and dependencies, and to establish a roadmap for PQC migrations," emphasizes our Lead Security Consultant Nils Kammann.

How Xantaro supports post-quantum security

Xantaro has a broad portfolio of manufacturers and quantum security solutions that already support initial approaches in the field of post-quantum cryptography (PQC). In our multi-vendor laboratory(XT3Lab in Frankfurt), we also carry out practical tests, proof-of-concepts and live demonstrations in order to realistically evaluate new technologies.

The key challenges here include in particular

Validating the performance of the new cryptographic algorithms
The increased memory and resource requirements
Ensuring interoperability between different manufacturers and platforms

Manufacturers such as Fortinet, Palo Alto Networks and Check Point are already supporting initial implementations of post-quantum cryptography. In current software versions, these technologies are primarily used for IPsec VPN key exchange in next-generation firewalls and secure SD-WAN solutions. Algorithms recommended by NIST, such as ML-KEM, are used here.

Our experts have been dealing with the challenges of IT security for years and will be happy to support you on your way into the post-quantum era - feel free to contact us!

Frequently Asked Questions

What is quantum computing?

Quantum computing uses qubits instead of classical bits and leverages quantum effects such as superposition and entanglement to perform certain calculations significantly faster than traditional computers.

What is classical computing?

Classical computing refers to traditional computing systems that process data using binary bits (0s and 1s). Most modern IT infrastructure and encryption technologies rely on classical computing.

What is Q-Day?

Q-Day is the point at which quantum computers can break widely used public key encryption systems such as RSA and ECC.

When will quantum computers break encryption?

Most experts predict a realistic threat window beginning between 2030 and 2040, though uncertainty remains due to technological challenges.

What is ML-KEM?

ML-KEM is a lattice-based cryptographic algorithm standardised by NIST for secure key exchange resistant to quantum attacks.

Is post-quantum cryptography the same as quantum cryptography?

No. Post-quantum cryptography uses classical systems designed to resist quantum attacks. Quantum cryptography uses quantum physics principles (such as QKD) to secure communication.