The vast majority of modern cyber security solutions rely on public key cryptography (PKC), including algorithms such as:
- Rivest, Shamir, Adelmann (RSA)
- Diffie-Hellman (DH)
- Elliptic Curve Cryptography (ECC)
These methods ensure basic security objectives such as confidentiality, authentication and integrity by using complex mathematical problems that are practically unsolvable for classical computers.
However, quantum computers are revolutionising this landscape. Quantum systems can compute certain previously intractable tasks in much less time, which is becoming a serious threat to today's cryptography and calls for new, quantum-safe encryption and security solutions.
The main difference between classical and quantum computing is their computational efficiency.
The Shor algorithm is inefficient on conventional computers because it is based on quantum-specific principles that cannot be replicated with classical bits.
For this reason, polynomial algorithms are considered efficient, while exponential algorithms are hardly usable for large problem sizes in practice.
Modern PKC algorithms are based on the assumption that there are no efficient algorithms for solving certain mathematical problems. These include the factorisation of large numbers in the case of RSA, as well as the calculation of discrete logarithms, as DH and ECC are based on.
Quantum computers can break through these basic assumptions.
With the Shor algorithm, it is possible to solve these tasks exponentially faster than with classical algorithms.
This potentially puts basic security protocols such as TLS, SSH or IPsec within reach of an attack: data encrypted today could be stored initially and decrypted in the future as part of a "harvest now, decrypt later" approach.
“Anyone still relying on traditional public‑key algorithms today is essentially encrypting for the past,” explains Nils Kammann, Lead Security Consultant at Xantaro.
Q-Day refers to the moment when cryptographically relevant quantum computers (CRQCs) become powerful enough to break commonly used public key encryption (such as RSA, DH, or ECC).
The BSI (German Federal Ministry for Information Security) predicts that these CRQCs may merge in the next 10 to 20 years – in other words, around the mid- to late 2030s. Other expert sources such as the NIST (National Institute of Standards and Technology) or EU bodies cite comparable time frames and place the possible "Q-Day" roughly around the year 2030.
This timing forecast, together with the required protection period for sensitive data, creates an increasingly urgent need for action. In the EU, data retention periods range from 5 to 10 years, depending on the content. This is particularly relevant for sectors with high security requirements, such as finance, healthcare and public authorities.
Currently available quantum computers - such as IBM's Osprey with 433 qubits* or Condor with over 1,000 qubits - are not yet sufficiently powerful for practical applications in cryptography.
Google's 105-qubit chip Willow (2024) or the development goals being pursued at the Fraunhofer Institute in the region of around 400 qubits also fit into an overall picture in which various technological approaches are being pursued in parallel, while operational quantum computers for security-critical cryptography remain a dream of the future.
*A qubit (short for quantum bit) is the basic unit of information in a quantum computer - just as a bit is the smallest unit in a classical computer.
These quantum computers face several major challenges:
These challenges make the upscaling of quantum computers one of the most difficult problems in modern science and technology.
Post-Quantum Cryptography (PQC) replaces classic, non-quantum-safe algorithms with new methods that are resistant to the possibilities of quantum computers.
These are the first 3 FIPS 203, 204 and 205 (Federal Information Processing Standard) standards. PQC fulfils all traditional security requirements and can be integrated into existing infrastructures.
FIPS 203 is the first finalised standard of this project, which specifies ML-KEM (Module-Lattice-Based Key Encapsulation Mechanism). This is a post-quantum-resistant algorithm for the secure generation of a shared secret key via insecure channels, e.g. for TLS handshakes, VPNs or cloud storage. It offers parameters such as ML-KEM-512, -768 and -1024 for different security levels.
These advanced product integrations show that the industrial implementation of quantum-safe security mechanisms has already begun. IT managers should familiarise themselves with PQC at an early stage in order to accompany the change in a strategic and risk-aware manner.
Dr Michele Mosca's Mosca theorem considers the relationship between the expected availability of cryptography-breaking quantum computers and the required confidentiality period of today's data. It makes it clear that a great deal of information must still be protected even when powerful quantum computers are available.
This analysis emphasises the urgency of quantum-safe cryptography for long-term sensitive data. To counteract this, authorities such as the NIST (National Institute of Standards and Technology) in the USA and the BSI (Federal Office for Information Security) in Germany are already recommending a gradual migration to quantum-safe procedures.
Although other important frameworks and regulations, such as DORA, NIS-2 or ISO-27001 PQC, do not explicitly mention this, their call for "contemporary security" and "resilience" nevertheless implies the need to address the risks of quantum computing. In practice, this means considering:
Even if most experts assume that cryptographically relevant quantum computers will not be available for several years, it should not be overlooked that the transition to new procedures often takes a considerable amount of time - sometimes several years.
"As soon as quantum computers are able to break public‑key cryptographic schemes, existing blockchain networks that do not use post‑quantum‑secure cryptography will no longer be protected in the long term. Do you have an idea of what impact this could have on the cryptocurrency sector?" warns our expert Nils Kammann.
This urgency is increasingly reflected at a European level. Back in November 2024, the BSI, together with partners from 20 European countries, called on industry, critical infrastructures and public institutions to make the transition to PQC a key priority.
"Q‑Day is not a science‑fiction scenario but a countdown that is already underway. Now is the right time to inventory key material, protocols, and dependencies, and to establish a roadmap for PQC migrations," emphasizes our Lead Security Consultant Nils Kammann.
Xantaro has a broad portfolio of manufacturers and quantum security solutions that already support initial approaches in the field of post-quantum cryptography (PQC). In our multi-vendor laboratory(XT3Lab in Frankfurt), we also carry out practical tests, proof-of-concepts and live demonstrations in order to realistically evaluate new technologies.
The key challenges here include in particular
Manufacturers such as Fortinet, Palo Alto Networks and Check Point are already supporting initial implementations of post-quantum cryptography. In current software versions, these technologies are primarily used for IPsec VPN key exchange in next-generation firewalls and secure SD-WAN solutions. Algorithms recommended by NIST, such as ML-KEM, are used here.
Our experts have been dealing with the challenges of IT security for years and will be happy to support you on your way into the post-quantum era - feel free to contact us!
What is quantum computing?
Quantum computing uses qubits instead of classical bits and leverages quantum effects such as superposition and entanglement to perform certain calculations significantly faster than traditional computers.
What is classical computing?
Classical computing refers to traditional computing systems that process data using binary bits (0s and 1s). Most modern IT infrastructure and encryption technologies rely on classical computing.
What is Q-Day?
Q-Day is the point at which quantum computers can break widely used public key encryption systems such as RSA and ECC.
When will quantum computers break encryption?
Most experts predict a realistic threat window beginning between 2030 and 2040, though uncertainty remains due to technological challenges.
What is ML-KEM?
ML-KEM is a lattice-based cryptographic algorithm standardised by NIST for secure key exchange resistant to quantum attacks.
Is post-quantum cryptography the same as quantum cryptography?
No. Post-quantum cryptography uses classical systems designed to resist quantum attacks. Quantum cryptography uses quantum physics principles (such as QKD) to secure communication.
Your perspective counts! Leave a comment on our blog article and let us know what you think.