Introduction
There is a countdown happening that most organizations are not tracking. Quantum computers capable of breaking today’s widely-used encryption algorithms — RSA, Elliptic Curve Diffie-Hellman, Elliptic Curve Digital Signature Algorithm — are not a certainty, but they are increasingly an inevitability. When they arrive, every encrypted communication and stored data protected by current algorithms will be retroactively vulnerable. And the migration to quantum-resistant cryptography — which must be completed before that day — takes years.
In August 2024, NIST finalized the first three post-quantum cryptography standards, completing a process that began in 2016. The message from US government policy is unambiguous: all National Security Systems must be quantum-safe by January 2027. For the private sector, the urgency is only slightly less acute. The organizations that begin their migration now have time to do it carefully. The organizations that wait do not.
How Quantum Computers Break Today’s Encryption
Modern public-key cryptography — the foundation of HTTPS, secure email, digital signatures, VPNs, and virtually all secure internet communications — relies on mathematical problems that are computationally infeasible for classical computers to solve.
RSA encryption, for example, relies on the difficulty of factoring the product of two large prime numbers. A classical computer factoring a 2048-bit RSA key would require millions of years. A sufficiently powerful quantum computer running Shor’s algorithm — a quantum algorithm published in 1994 — could factor the same key in hours.
The mathematical reason: quantum computers exploit quantum superposition and entanglement to explore many possible solutions simultaneously, providing exponential speedups for specific problem types — including the integer factorization and discrete logarithm problems that underlie RSA and elliptic curve cryptography.
The key algorithms vulnerable to quantum attack:
- RSA (widely used for key exchange and digital signatures)
- Elliptic Curve Diffie-Hellman (ECDH) (used in TLS, SSH, and most modern key exchange)
- Elliptic Curve Digital Signature Algorithm (ECDSA) (used in TLS certificates, code signing, and cryptocurrency)
- Diffie-Hellman (used in older protocols)
Symmetric cryptography (AES, ChaCha20, SHA-256) is less vulnerable — quantum computers can attack it using Grover’s algorithm, but the speedup is quadratic rather than exponential, meaning doubling key lengths (AES-256 instead of AES-128) provides adequate protection.
The “Harvest Now, Decrypt Later” Threat: Why the Urgency Is Now
The most immediate quantum threat is not a future attack on live communications — it is the harvest now, decrypt later (HNDL) strategy that state-sponsored actors are believed to be executing today.
HNDL works as follows: an adversary intercepts and stores encrypted communications — government negotiations, corporate M&A discussions, diplomatic cables, military orders — that are currently protected by RSA or elliptic curve encryption. These stored communications cannot be decrypted today. But when a quantum computer capable of breaking current encryption becomes available — in 5, 10, or 15 years — all the stored data can be decrypted retroactively.
For communications whose value persists for years or decades — classified government secrets, trade secrets, financial strategies, personal health and legal information — HNDL makes the quantum threat immediate. The data being communicated today is already being harvested by actors who intend to read it in the post-quantum future.
US intelligence agencies assess that China, Russia, and potentially other nation-states are conducting HNDL operations at scale. The explicit assumption motivating US government urgency on post-quantum migration is that sensitive government and defense communications intercepted today could be decrypted by adversaries within the service life of most classified programs.
NIST’s Post-Quantum Standards: What Was Finalized
NIST’s post-quantum cryptography standardization process, concluded in August 2024, produced three finalized standards and one additional algorithm (HQC, selected in March 2025 as a backup):
FIPS 203 — ML-KEM (Module Lattice Key Encapsulation Mechanism): Based on the CRYSTALS-Kyber algorithm. This is the primary standard for key exchange — replacing RSA and ECDH in protocols like TLS. Its security relies on the hardness of solving the Learning With Errors (LWE) problem over module lattices — a problem for which no efficient quantum algorithm is known.
FIPS 204 — ML-DSA (Module Lattice Digital Signature Algorithm): Based on CRYSTALS-Dilithium. The primary standard for digital signatures — replacing RSA signatures and ECDSA. Used in certificates, code signing, and authentication.
FIPS 205 — SLH-DSA (Stateless Hash-Based Digital Signature Algorithm): Based on SPHINCS+. A signature scheme whose security relies entirely on the security of hash functions rather than lattice problems — providing algorithm diversity in case lattice-based approaches are eventually broken.
HQC (March 2025): A code-based encryption algorithm selected as a backup for ML-KEM, providing algorithm diversity. A finalized standard is expected in 2027.
The selection of multiple algorithm types (lattice-based, hash-based, code-based) reflects NIST’s approach of not putting all cryptographic eggs in one basket — if a mathematical breakthrough compromises lattice-based cryptography, the hash-based and code-based alternatives provide backup.
Advertisement
The Migration Challenge: Why This Takes Years
Post-quantum migration is not a simple software update. It is a complex, multi-year infrastructure transformation that touches every system that performs cryptographic operations.
Cryptographic inventory: Organizations typically cannot enumerate all the places where cryptography occurs in their systems. Cryptographic operations are embedded in TLS implementations in web servers, databases, APIs, and microservices; in VPN software; in email systems; in authentication infrastructure; in code signing pipelines; in HSMs (Hardware Security Modules); in firmware; in network devices; and in applications. Discovering all of them is non-trivial.
Algorithm agility: Many legacy systems lack “crypto-agility” — the ability to swap cryptographic algorithms without significant software changes. Systems hard-coded to use RSA-2048 require substantial development effort to update.
Hardware limitations: HSMs, smart cards, IoT devices, and embedded systems often have constrained processing power and memory. Post-quantum algorithms, particularly signature schemes, tend to have larger key sizes and more computation-intensive operations than their classical equivalents. Hardware that works for RSA may not have sufficient capacity for ML-DSA.
Interoperability: During the migration period, systems must support both classical and post-quantum algorithms (hybrid cryptography) to interoperate with systems that have not yet migrated. Managing the hybrid transition without security gaps requires careful planning.
Certificate lifecycles: TLS certificates, code signing certificates, and other public key infrastructure (PKI) artifacts have multi-year validity periods. Replacing them requires coordination with certificate authorities and across all systems that trust them.
Testing and validation: Cryptographic changes must be exhaustively tested. A subtle bug in a cryptographic implementation can be catastrophic — and hard to detect without specific adversarial testing.
The 2027 Deadline and What It Means
The US National Security Memorandum on Quantum Computing (NSM-10) established that all National Security Systems (NSS) — classified government and military networks — must be migrated to quantum-safe cryptography by January 2027. NIST’s associated guidance frames 2030–2035 as the target window for broader federal IT systems migration, with an aggressive push to deprecate classical public-key cryptography for all government systems by 2035.
For the private sector, the implications cascade:
Government contractors: Companies that handle classified information or work on NSS-adjacent systems face the 2027 timeline as a compliance requirement through their contracting relationships with government agencies.
Financial services: The Financial Stability Board and major financial regulators are developing post-quantum cryptography guidance. Financial institutions that process sensitive transaction data subject to HNDL risk face the most immediate urgency.
Healthcare: Protected health information that retains sensitivity for decades is a prime HNDL target. Healthcare organizations must begin inventory and migration planning now.
Technology companies: Software vendors, cloud providers, and infrastructure operators must provide quantum-safe options to their customers — creating a cascading requirement across their ecosystem.
Early Movers: What Adoption Looks Like
Several leading organizations have published details of their post-quantum migration progress:
Google: Deployed hybrid post-quantum key exchange (X25519MLKEM768) in Chrome and Google services in 2023, protecting a significant portion of TLS connections with quantum-resistant key exchange. Google Cloud’s Cloud Key Management Service added ML-KEM support in 2024.
Apple: Introduced PQ3 — a protocol using post-quantum cryptography for iMessage — in early 2024. Apple’s implementation provides what it calls “Level 3” security, the highest security level for messaging apps against quantum attacks.
Signal: Upgraded its Signal Protocol to incorporate PQXDH (Post-Quantum Extended Diffie-Hellman) in 2023, making Signal the first major consumer messaging platform to adopt post-quantum key exchange.
AWS, Azure, Google Cloud: All major cloud providers have begun adding post-quantum TLS options and are integrating PQC algorithms into their key management and certificate services.
SWIFT and financial infrastructure: The global interbank messaging system is piloting post-quantum cryptography for financial messaging, reflecting the critical need to protect the communications underlying global financial infrastructure.
What Organizations Should Do: A Migration Roadmap
Phase 1 — Inventory (now): Discover all cryptographic assets: certificates, keys, HSMs, cryptographic libraries, protocols, and data flows. Build a comprehensive cryptographic inventory that identifies algorithm types, key sizes, and system owners.
Phase 2 — Risk prioritization (now): Identify high-risk assets — long-lived secrets, sensitive data with multi-decade relevance, systems involved in classified or financially critical transactions. These are the highest priority migration targets.
Phase 3 — Crypto-agility assessment (now): For each system in the inventory, assess what changes are required to support post-quantum algorithms. Identify hardware that may not be PQC-capable and begin replacement planning.
Phase 4 — Hybrid deployment (2025–2027): Deploy hybrid classical + post-quantum cryptography for highest-priority systems. Hybrid approaches provide quantum resistance while maintaining backward compatibility.
Phase 5 — Full migration (2027–2030): Complete migration to post-quantum-only algorithms across all systems, completing the deprecation of classical public-key cryptography for sensitive applications.
Conclusion
Post-quantum cryptography is not a theoretical future problem — it is an immediate operational planning challenge. The harvest now, decrypt later threat means that sensitive communications being transmitted today are already at risk. The migration timeline means that organizations starting now will complete transition before the quantum threat matures; organizations that wait may not.
The January 2027 US government deadline for National Security Systems creates a regulatory forcing function for government and defense contractors. The broader enterprise migration will extend through 2030 and beyond. But the time to start is now — because cryptographic migration at scale is measured in years, not months.
The quantum clock is ticking. The question for every CISO, CTO, and board is how much of the countdown they intend to sleep through.
Advertisement
Decision Radar (Algeria Lens)
| Dimension | Assessment |
|---|---|
| Relevance for Algeria | High — Algeria’s banking sector, government e-services (including El-Mouwatin and AADL platforms), and telecom operators all rely on standard RSA/ECC encryption that quantum computers will eventually break. Sensitive state communications and energy-sector data are prime HNDL targets given Algeria’s geopolitical position. |
| Infrastructure Ready? | No — Algeria has no domestic quantum computing research programs, no national cryptographic standards body equivalent to NIST, and depends entirely on imported cryptographic hardware (HSMs, network appliances) and software. PQC-capable hardware upgrades will require international procurement and vendor coordination. |
| Skills Available? | No — Cryptography expertise in Algeria is limited to a small number of university researchers and security professionals. There is no established workforce trained in post-quantum algorithm implementation, cryptographic inventory auditing, or PQC migration planning. Capacity building must start immediately. |
| Action Timeline | 12-24 months — Algeria should begin cryptographic inventory and awareness campaigns now. Banking and telecom regulators (Bank of Algeria, ARPCE) should issue PQC guidance within 12 months. Full migration will follow global vendor timelines (2027-2030) since Algeria depends on upstream software and hardware providers adopting PQC first. |
| Key Stakeholders | Bank of Algeria, ARPCE (telecom regulator), Ministry of Digital Economy, Ministry of National Defense, Sonatrach and Sonelgaz IT security teams, Algerian banks and financial institutions, Algerie Telecom, university computer science departments |
| Decision Type | Strategic — This requires national-level coordination between regulators, critical infrastructure operators, and the education sector to prepare for a cryptographic transition that Algeria cannot lead but must not fall behind on. |
Quick Take: Algeria’s complete dependence on imported cryptographic infrastructure means the PQC transition will be driven by global vendor timelines rather than domestic initiative. However, Algerian organizations — particularly banks, telecom operators, and government agencies handling sensitive citizen data — must begin cryptographic inventories now and ensure procurement contracts require PQC-ready hardware. The HNDL threat is especially relevant for Algeria’s energy sector and diplomatic communications, where intercepted data retains strategic value for decades.
Sources & Further Reading
- NIST Releases First 3 Finalized Post-Quantum Encryption Standards — NIST
- NIST Selects HQC as Fifth Algorithm for Post-Quantum Encryption — NIST
- Migration to Post-Quantum Cryptography — NCCOE
- Quantum Risk Is No Longer Tomorrow’s Problem — SealSQ
- NIST Cybersecurity Center Outlines Roadmap for Secure Migration — The Quantum Insider
- Post-Quantum Cryptography — NIST CSRC
Advertisement