The emergence of quantum computers introduces new risks for modern cryptography. This article explains how quantum adversaries threaten today’s encryption through attacks such as Harvest-now, Decrypt-later and quantum algorithms like Shor’s and Grover’s, and why organisations must act early to protect long-term sensitive data.
The emergence of quantum computers introduces new threats to modern cryptography. Two attack scenarios are particularly relevant in this context: Harvest-now, Decrypt-later attacks and the use of quantum algorithms such as Shor’s and Grover’s algorithms.
The Harvest-now, decrypt-later attack (also known as store-now decrypt-later) is a generic threat scenario that is gaining in importance due to the development of quantum computers. In this attack, attackers are already collecting encrypted data and metadata from protocols — particularly those that exchange cryptographic keys. This is done, for example, by intercepting network traffic or saving secured databases.
Since this information is protected with classic cryptographic methods, it initially remains securely encrypted and cannot be immediately used by an attacker at the time of collection (harvest).
But the attackers' goal is not to decrypt the data immediately. Instead, the collected information is stored until powerful quantum computers are available. Using these machines, attackers can then break cryptographic algorithms or attack the stored data offline. This makes it possible to decrypt data that is backed up today in the future and to use its information value retrospectively.
This attack scenario is particularly critical for data with long-term relevance, such as business data, medical information or government secrets. Such data could still be compromised years or decades later through the use of quantum computers. This highlights the need for secure, quantum-resistant cryptographic methods.
The development of quantum computers enables the use of two quantum algorithms that pose a serious threat to classical cryptographic systems: Shor’s algorithm and Grover’s algorithm. Both have been known for decades and demonstrate in different ways how quantum computing undermines widely used cryptographic assumptions.
Shor’s algorithm, developed by Peter Shor in 1994, is specifically designed to solve the mathematical problems on which many asymmetric cryptographic schemes rely. These include:
- Factorization of large numbers: The security of RSA is based on the fact that factoring large numbers into their prime components is computationally infeasible for classical computers. Shor’s algorithm solves this problem efficiently by drastically reducing the required computation time.
- Discrete logarithms: Cryptographic schemes such as DSA and Diffie–Hellman depend on the difficulty of computing discrete logarithms in large mathematical groups. Shor’s algorithm can also solve this problem efficiently.
Once sufficiently powerful quantum computers become available, RSA, ElGamal, elliptic curve cryptography (ECC), Diffie–Hellman, DSA, and similar schemes will no longer be secure. This represents a fundamental threat to asymmetric cryptography, which is widely used for email security, digital signatures, and secure key exchange. Existing asymmetric algorithms cannot be adapted to withstand quantum attacks and must be replaced with post-quantum-secure alternatives.
Grover’s algorithm is a general-purpose search algorithm that can be applied to problems reducible to searching an unstructured data space. In cryptography, it enables more efficient brute-force attacks.
Grover’s algorithm can be used against symmetric encryption schemes and hash functions. In particular, it reduces the computational effort required for brute-force key searches by approximately half. Similarly, it enables more efficient discovery of hash collisions by reducing the complexity of collision searches.
As a result, symmetric algorithms such as AES and cryptographic hash functions remain fundamentally secure, but they require larger key sizes or output lengths to maintain the same security level in the presence of quantum adversaries. For example, migrating from AES-128 to AES-256 is recommended to preserve an equivalent security margin.
Quantum attacks have different implications for classical cryptography, as discussed above. While asymmetric cryptographic schemes are fundamentally broken by quantum algorithms and must be replaced, symmetric schemes can remain secure by adjusting their parameters accordingly.
This distinction is crucial when planning cryptographic migrations and highlights why post-quantum cryptography focuses primarily on replacing asymmetric primitives while strengthening symmetric ones.
FortIT enables secure digital business, supporting companies with innovative digitalization projects and strategic initiatives. With deep expertise in modern technologies, FortIT delivers fast, visible results and lasting impact.
