US LEADS THE WAY IN POST-QUANTUM CRYPTOGRAPHY – BUT WILL CHANGES BE MADE IN TIME?
October 31st, 2025While quantum computers have still yet to break standard cryptography that has protected financial systems for decades, the leading authority certifying such security has said the private and public sector needs to start preparing for breaches now.
The USA-based National Institute of Standards and Technology (NIST) last November (2024) released a report saying it would formally advise against the use (‘deprecate’) of certain existing digital signature algorithms from 2030 – ECDSA, EdDSA and the RSA (1). It will do the same for certain key-establishment schemes – Finite Field DH and MQV; Elliptic Curve DH and MQC; and RSA. Their use would all be disallowed from 2035.
NIST is playing a leading global role in developing approving post-quantum protections and its advice comes as it continues to approve quantum resistant cryptography systems. Last August (2024), it approved FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism Standard; FIPS 204, Module-Lattice-Based Digital Signature Standard; and FIPS 205, Stateless Hash-Based Digital Signature Standard (2) as cryptographic models that should be resistant to attacks on financial, computing and communications networks launched by quantum computers.
They are more powerful than classical digital computers because they exploit how quantum states involve superposition (a particle inhabits two or more places at the same time) and entanglement (two or more particles influence each other), to make quicker and larger calculations.
NIST warned: “Even though the transition to post-quantum cryptography is starting before a cryptographically relevant quantum computer has been built, there is a pressing threat. Encrypted data remains at risk because of the ‘harvest now, decrypt later’ threat in which adversaries collect encrypted data now with the goal of decrypting it once quantum technology matures. Since sensitive data often retains its value for many years, starting the transition to post-quantum cryptography now is critical to preventing these future breaches.”
In a webinar on the resulting switch, Ryan Sanders, senior director of product and customer marketing at US-based cybersecurity company Keyfactor said the setting of the deadline was significant: “We don’t know when a cryptographically relevant quantum computer will be out there…but now we have a deadline and we’ve got to meet it.”
Sven Rajala, a cyber-security consultant at Keyfactor, said that given the connectivity of cryptographic networks, some companies were already requesting that new technology is protected against attacks by quantum computers, with banks being especially alert to the risks: “I met with a vendor that does wireless routers and they’ve got to do post-quantum because they have a seller or buyer who is mandating they have post-quantum…” The result is that technology vendors are now having to consider building tech that can handle classic, hybrid and post-quantum cryptography.
Tomas Gustavsson is Chief PKI Officer at Keyfactor warned that this could include updating algorithms for verifying ‘firmware’ basic software so that they can undertake this work using post-quantum cryptography (PQC) (3).
Meanwhile, quantum computing keeps on getting more powerful. In December (2024), Google unveiled a quantum chip called ‘Willow’ that can reduce errors in quantum computers (which they are currently prone to) as Google adds more qubits (the basic unit of information for quantum computers) to it machines. It claimed Willow performed a computation in under five minutes that would take one of today’s fastest supercomputers 10 septillion years — “a number that vastly exceeds the age of the Universe” (4). And in February (2025), Microsoft introduced a new quantum chip called Majorana utilising a ‘topoconductor’, which can observe and control chip particles to produce more reliable and scalable qubits. That would enable Microsoft to fit a million qubits on a single hand-sized chip, which could handle calculations able to aid “breaking down microplastics into harmless byproducts or inventing self-healing materials for construction, manufacturing or healthcare”, said the IT giant (5).
Cryptographers are, however. More concerned about the potential nefarious use of these growing technologies to breach longstanding protections to financial and communication networks. This includes specialists in Europe as well as in the USA.
In February (2025), European Union (EU police agency Europol hosted a Quantum Safe Financial Forum (QSFF) event, which saw a call to EU financial institutions and policymakers to prioritise the transition to quantum-safe cryptography. Its action plan included coordination among different users and developers of quantum-safe cryptography, with “alignment on their planning, roadmaps and the concrete implementation of the transition to PQC [post-quantum cryptography]…” The plan said no new legislation is needed, with voluntary actions sufficient, “setting guidelines for quantum-safe cryptography and promoting standardisation across institutions”. Private and public sector actors should partner in conducting quantum-safe experiments and projects, creating contact networks and other initiatives (6).
It warned: “Sensitive financial information, including long-term investment strategies and confidential agreements, could be compromised if urgent security measures are not taken.”
Speaking to Fraud Intelligence, Roger Grimes, a US-based ‘data driven defence evangelist’ at IT security platform KnowBe4, is concerned that the NIST timetable is too slow – that ‘Q Day’, when a quantum computer breaks classical encryption methods, may well happen before 2030. And that could be a problem, he warned, highlighting the ‘Mosca Theorem’, by Dr Michele Mosca, of Canada’s University of Waterloo, which says, if the time to migrate to quantum resistant algorithm and the required time data needs to be kept secret is greater than the estimated time until a quantum computer exists then confidential information is under threat.
That means banks, governments, tech companies and more need to start assessing the value of that secret data now and considering how they might install post-quantum cryptography. But they are not doing this, said Grimes.
While he thinks major tech companies such as Google, Microsoft and Salesforce, plus other major cloud computing vendors, will be mostly prepared for Q Day, with banks and credit card companies being early adopters of post-quantum encryption, tech on premises, like firmware, routers, YubiKeys (for two-factor authentication) networking and security devices, will probably not be ready. When he speaks to groups of – say – 100 people and asks them who has heard of the risk of quantum encryption breaches, three to five put up their hands; two to three say they are ready to deal with it; and usually one person says they their company has an active funded post-quantum project operating: “Most are unaware,” he told Fraud Intelligence.
But, considering the improvements announced to quantum computing operations in the past 18 months, Grimes is confident the breach will happen before 2030, so even the NIST deadline he regards as foolhardy: “I think these deadlines being out so far is almost going to ensure that no one’s prepared when Q Day does happen.” In the past, scientists regarded his warnings of potentially swift quantum breaches with scepticism: “I don’t think I’m alone as I used to be. I think a lot of people now question the value of waiting until 2030 and 2035.”
That is especially the case for telecommunications companies, he warned: “The networks and the equipment they’re using lack the capability of being upgraded and they don’t have the capital to replace it.” He said there were 100,000 ‘mom and pop’ telecoms-related companies “in the USA and then if you start getting out into the UK and Japan and [quantum is] not even close to being on the radar”. Also, the current focus on AI has diverted attention from quantum preparations. At the 2025 Black Hat cybersecurity convention in Las Vegas in August, Grimes said: “I did not see a single post-quantum vendor. I couldn’t see the word quantum anywhere…” At past Black Hats, there were “a handful of companies that advertised as a quantum or post-quantum company and zero this time – everyone was focused on AI.”
Part of the problem is the uncertainty of Q Day’s date. With the Y2K computing problem at the turn of the Millennium, there was a clear unmoveable deadline, and even then, most of the preparatory work (which was largely successful) occurred in the last 18 months, he said. With Q Day, the deadline is unknowable, and meanwhile malicious actors have time to collect encrypted data for potential cracking once quantum computers can breach classical encryption.
So, what can anti-fraud and cyber-security teams do? “They should be preparing their own infrastructure for a post-quantum time,” said Grimes. One reason is that if they wait for Q Day, there will not be enough post-quantum experts around to install the post-quantum cryptography needed: “Most countries are in a very tight labour market. When the event happens, [companies and governments] won’t all be able to do it internally, they’re going to need to hire people; but there won’t be enough people to hire,” he said. This could have a global impact on productivity and GDP – instead of concentrating on new projects and installing AI efficiencies, they will have to mind their backs with post-quantum protection.
Looking further ahead, he warned that fraudsters may choose to use quantum computers in future, because their records are innately impossible to monitor or record, because once a quantum event is observed, it changes: “If I was a fraudster I could see a benefit running much of an operation on quantum devices, quantum memory and quantum storage – because if someone tries to eavesdrop on it or copy it, it breaks [the quantum record]. “You’re going to have to start training people in how quantum impacts the fraud business,” advised Grimes.
The smart actors will take his advice, and save money, he argued, although he does think that – ultimately – encryption will prevail: “Humans are very bad at being proactive, but we come together when the blood hits the ground very fast and we figure it out. The problem is we could have done it cheaper when you do it proactively over a long period of time and we’re going to pay more, and it will be more expensive. But we’ll get it done.”
NOTES
1 – https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8547.ipd.pdf
2 – https://csrc.nist.gov/projects/post-quantum-cryptography
3 – https://www.keyfactor.com/blog/nist-drops-new-deadline-for-pqc-transition
4 – https://blog.google/technology/research/google-willow-quantum-chip
5 – https://news.microsoft.com/source/features/innovation/microsofts-majorana-1-chip-carves-new-path-for-quantum-computing
6 – https://www.europol.europa.eu/media-press/newsroom/news/call-for-action-urgent-plan-needed-to-transition-to-post-quantum-cryptography-together
This article first appeared in the Fraud Intelligence – https://www.counter-fraud.com/.
It may not be reproduced, stored, or translated in any form or by any means, without the prior permission of the publishers.