Quantum Resistance: An Alternate Look
- Dave Pasirstein
- Founder, CEO
11 min read
Google’s quantum breakthrough has drawn global attention for good reason. It has the potential to revolutionize fields such as drug discovery, materials science, and artificial intelligence; however, this new era of computing also poses significant threats to cybersecurity, specifically modern cryptography. Quantum computers are predicted to break many of the cryptographic protocols that secure today’s digital world. Enter the concept of quantum resistance—a critical strategy for safeguarding data and systems against the impending quantum threat.
This article is written for people such as technical IT staff, software engineers, and people willing to dive into the business implications from a technical perspective. For a more friendly and less technical write-up see: Quantum Resistance Simplified: Questions and Answers.
Any encrypted information stored online or in the cloud could become vulnerable in the near future if developments in quantum computing continue at their current pace. With "harvest now, decrypt later," encrypted data stolen today may be easily accessed and exploited in the future. Quantum-resistant cryptography/Post Quantum Cryptography is emerging, but not yet battle-tested to the same degree as existing algorithms, and implementation is expected to be costly and time-consuming. Today, future quantum resistance can be achieved through lack-of-access strategies that combine best practices with proven safeguards against current threats.
Contents
- Risks to Regular People
- When will it happen?
- The Quantum Computing Threat
- What is Quantum Resistance?
- Quantum-Resistance by Design
- Transitioning to a Quantum-Resistant Future
- Why Quantum Resistance Matters Now
Risks to Regular People
For regular people, the risks posed by quantum computing may seem abstract, but they are much closer to home than most realize. Personal data, such as financial information and medical records, is often secured in databases and files using cryptographic algorithms that quantum computers could eventually break. Similarly, personal communications, secure web communication (HTTPS), and cryptographic signatures where the public key is generally available hold the same risk.
This means that any sensitive information stored online or in the cloud could become vulnerable in the near future. This even includes decentralized data on Interplanetary File Systems (IPFS).
When will it happen?
Nobody knows for sure, as there could be a massive breakthrough or we could run into unforeseen challenges and delays. Some guesses range from 5-20 years, but we should recognize that they are only guesses.
Unfortunately, malicious actors are taking a "harvest now, decrypt later" approach. This means that even data encrypted today could be accessed and exploited in the future. Protecting personal data requires individuals to use secure, up-to-date systems and to be mindful of where and how their sensitive information is stored.
These future quantum computers can only crack what they can access.
The Quantum Computing Threat
Security can be thought of as a continuum from less secure to very secure. There is no such thing as absolutely secure, as new threat vectors are constantly emerging.
Cryptography is no different, ranging in complexity to solve (or crack): from weaker or less complex (less secure) to stronger and more complex (more secure). In this case, an RSA algorithm with 56 bits is less secure than RSA with 4096 bits.
Conventional cryptographic algorithms, such as RSA, ECC (Elliptic Curve Cryptography), and DSA (Digital Signature Algorithm), derive their security from the difficulty of solving certain mathematical problems. For example, RSA relies on the challenge of factoring large numbers, while ECC depends on the difficulty of solving the discrete logarithm problem. They are considered strong because classical computers (what we use today), even with enormous processing power, would take impractically long periods to crack these algorithms (often hundreds or thousands of years).
Quantum computers, however, operate on fundamentally different principles. Using qubits and phenomena like superposition and entanglement, they can process information in parallel and solve certain problems exponentially faster than classical computers. Shor’s algorithm, a quantum algorithm, has demonstrated the potential to efficiently factor large numbers and solve discrete logarithms, rendering RSA, ECC, and similar cryptographic schemes vulnerable.
Thus, symmetric cryptography, where the public key is accessible to the quantum computer and most classic asymmetric cryptography are directly susceptible. In other cases, the relative strength of the encryption may be weakened.
In plain English, standard security algorithms such as those used for secure web transactions (HTTPS, TLS) and those used to secure/encrypt files and data in databases are at risk. The more qubits a quantum computer holds, the easier it is to crack these algorithms with greater and greater bits of complexity. While weaker encryption may be broken sooner, the general belief is that eventually, quantum computers will be able to trivially crack what is believed to be strong encryption today.
What is Quantum Resistance?
Quantum resistance, also known as post-quantum cryptography, refers to cryptographic techniques designed to remain secure against attacks by both classical and quantum computers. These algorithms are based on mathematical problems that are believed to be hard for quantum computers to solve, such as lattice-based cryptography, hash-based cryptography, and multivariate polynomial equations. The goal of quantum-resistant cryptography is to ensure that encrypted data remains secure even as quantum computing becomes more prevalent.
Lattice-based cryptography, for example, relies on the hardness of problems like the Learning With Errors (LWE) problem, which even the most advanced quantum algorithms struggle to solve efficiently. Similarly, hash-based cryptographic schemes, such as those built on Merkle trees, use hash functions that are resistant to both classical and quantum attacks.
Why not switch to quantum-resistant cryptography today?
NIST has finalized its first 3 post-quantum encryption standards. FIPS 203 (ML-KEM) is a key encapsulation mechanism. While the other 2 standards, FIPS 204 (ML-DSA) & 205, are both digital signature algorithms, such that 205 is intended to be used if 204 proves vulnerable. As of mid-2025, many common and popular cryptography libraries do not have production-ready implementations of these algorithms.
Classical cryptography has been tried, proven, and battle-tested over many years. Even then, flaws may be found. Quantum-resistant cryptography is relatively new, and while promising, we may still be and have been surprised by shortcomings. For example, SIKE, a quantum-resistant cryptography, was cracked by a classical computer, and that was not the first time flaws were found in proposed quantum-resistant cryptographies.
While the algorithms provide similar functions, e.g., ML-KEM has similarities to Diffie-Hellman key exchange (DHKEM), the implementations work differently and are not backward compatible. The result is high switching costs and complexity, along with the risk of even higher costs if vulnerabilities are found in the new algorithms.
For now, classical cryptography is considered the most secure, battle-tested option. As the number of qubits increases in quantum computers, the pressure will be on to adopt replacements.
As previously stated, these future quantum computers can only crack what they can access.
Quantum-Resistance by Design
Besides trying to replace classical cryptography with quantum-resistant cryptography, there are many things we can do today to enhance security and ensure resistance. These may not be perfect on their own, but they can buy us time to enable a superior solution in the future.
Shamir’s Secret Sharing and Resistance Through Lack of Access
Beyond cryptographic algorithms, another layer of quantum resistance can be achieved through access control and data distribution strategies. Shamir’s Secret Sharing is a cryptographic method that divides data into multiple parts, or shares, which must be combined to reconstruct the original information. By decentralizing sensitive data and distributing shares among multiple parties or locations, the risk of a single point of failure is significantly reduced. Even if a quantum computer is used, it would need access to a sufficient number of shares to reconstruct the data. For that matter, it cannot brute-force crack what it cannot access.
Resistance to quantum computing attacks can be achieved by restricting access. Sensitive data stored offline in a physical safe, an air-gapped system, or on mobile devices without remote access based on a known public key cannot be directly accessed by quantum computers. Decentralized data storage on mobile devices presents another challenge; the devices themselves must be compromised, and the data exfiltrated before a quantum computer can attempt to crack it. To the extent that the decentralized data is not publicly available, additional resistance is achieved against the “harvest now, decrypt later” quantum threat.
This does not suggest that Shamir Secret Sharing is quantum-safe. There are proposed Quantum Secret Sharing (QSS) alternatives. However, it does identify how quantum resistance can be achieved today.
In the case of products like SecretShield (my company), we follow this approach with Shamir Secret Sharing, decentralization, and avoid public access to sensitive data to achieve some quantum resistance while we allow time for more battle-tested alternatives to emerge.
Other non-cryptographic forms of Quantum-Resistance
The cybersecurity domain of "quantum resistance" pertains to more than just cryptographic algorithms. It encompasses a range of protective measures that can be implemented today to bolster overall security.
In traditional authentication systems, the passwords are commonly “hashed” via a one-way algorithm, and the result is stored on a server. When a user types a password, it too is hashed with the same algorithm, and the resulting hashes are compared. If they match, the password is correct.
The downside of this design is that if attackers steal the database of stored hashes, they can attempt an offline brute-force attack. In other words, once hashes are “available” to an attacker, they no longer have to send trial passwords to the real system; they can run password guesses locally until they find one whose hash matches
More specifically, if password hashes such as SHA-256 were available, then a quantum computer could potentially use Grover’s algorithm more efficiently than a classical computer to perform a brute-force search.
However, a well-designed online password authentication component, where the server’s password database is secured and export is unavailable, combined with the lockout of an account on a set number of failed authentication attempts, is a big step forward. Even if the lockout is just for a limited amount of time after an invalid attempt, it would be quantum-resistant. This is because brute attempts to crack the password, even for a quantum computer, become time-bound by the lockout period.
Most blockchains use an ECDSA signature algorithm (based on Elliptic Curve) that enables the public key to be derived from the combination of the signature and transaction data. Thus, the public keys are generally available and the algorithms used today are susceptible to quantum computers; therefore, protocol improvements will be required for the safety of future transactions and current accounts. But what of the immutability of blockchains? Could a clever person use a quantum computer to create a mathematically valid replacement block, historically altering the ledger? Because the security for immutability is enforced by the consensus of the decentralized system, it would require a consensus to agree on a change or reorganization. Thus, a quantum computer may be able to propose compromised block changes that are mathematically valid; however, the ability to convince a massively decentralized network to change is highly unlikely.
Most classic symmetric key encryption, such as AES and ChaCha20-Poly1305, is more quantum-resistant than classic asymmetric encryption. However, it is still subject to Grover’s algorithm, which is estimated to reduce security by approximately half. In this case, 256-bit security would effectively be equivalent to 128-bit, which is still pretty strong security. Thus, ensuring a sufficiently high number of security bits with classic symmetric encryption can provide for a reasonable level of resistance.
Good security practices that limit access to password hashes and public keys can mitigate the impact and at least buy time, given the power that quantum computing brings.
Transitioning to a Quantum-Resistant Future
Preparing for the quantum era requires a proactive and systematic approach. Governments, organizations, and individuals must begin transitioning to quantum-resistant cryptographic solutions to ensure the longevity of their data security. The U.S. National Institute of Standards and Technology (NIST) has been at the forefront of this effort, running a multi-year competition to standardize post-quantum cryptographic algorithms. Even with the first 3 selected, it will take years to fully battle-test them after they receive NIST’s endorsement. It may similarly take years for encryption libraries used by application developers to be updated with production-ready algorithm implementations.
Beyond adopting quantum-resistant algorithms, quantum-resistant solutions by design can and should be deployed by organizations and leveraged by individuals today. These offer the benefits of avoiding risks in the lack of battle-tested algorithms, often enhancing the security of existing systems, while providing the benefit of time to migrate with greater confidence in the future.
Applying new quantum-resistant cryptography will be complex and costly, as organizations must also consider the practical aspects of implementation. This includes updating hardware, software, and network infrastructures to support new cryptographic standards. Additionally, hybrid models that combine classical and quantum-resistant algorithms may be employed during the transition period to ensure backward compatibility.
Why Quantum Resistance Matters Now
While large-scale, fault-tolerant quantum computers are still in development, the timeline for their arrival is uncertain. However, the "harvest now, decrypt later" threat is very real. Adversaries may already be collecting encrypted data with the intention of decrypting it once quantum computers become available. This makes it crucial to implement quantum-resistant measures sooner rather than later.
In conclusion, quantum resistance is not just a technological necessity but a strategic imperative. By investing in research, standardization, and implementation of post-quantum cryptographic solutions, as well as incorporating non-cryptographic quantum resistance techniques like Shamir’s Secret Sharing with non–public data storage, we can secure our digital infrastructure and protect sensitive information against the challenges of the quantum age. The future of cybersecurity depends on our ability to anticipate and adapt to the rapidly evolving technological landscape.