Client Portal
| Become a Client
Home All Blogs Tips to Prevent Quantum Computing Encryption Data Breaches

Tips to Prevent Quantum Computing Encryption Data Breaches

April 17, 2025
In 2025, quantum computing is not just a buzzword—it's becoming a reality that's capturing the attention of business leaders, technologists, and scientists alike. However, quantum computing also poses a significant threat to current encryption methods, especially asymmetric encryption, which is crucial for securing data in transit.
IANS Faculty

Quantum computing is gaining attention as business leaders, technologists, scientists, and innovators consider what seem to be infinite possibilities of the advanced computing model. The United Nations designated 2025 as the International Year of Quantum Science and Technology, and technology industry heavyweights like Amazon, Google, IBM, and Microsoft are aggressively pursuing quantum computing.

With its promise of faster and more efficient solutions to complex problems, quantum computing has the potential to accelerate the design and testing of new drugs. Quantum algorithms can potentially enhance AI capabilities, allowing for faster and more efficient training of complex models. Quantum computers can optimize financial models and identify complex risk patterns as well as optimize logistics and supply chains, leading to reduced costs and improved efficiencies.

What is Quantum Computing?

Quantum computing operates through a concept called superposition, in which a quantum bit (qubit) can be both 1 and 0 simultaneously until it is measured or observed. Unlike classical computing, which relies on bits that are either 1 or 0, quantum computing allows for more-complex calculations because qubits can exist in multiple states at once. Today’s quantum computing labs are full of sophisticated equipment like particle labs and photon entanglement chambers.

Differing from traditional computing models in its ability to process unstructured or fuzzy data, quantum computers are expected to be between two and five times faster than today’s 64-bit computer or equivalent. This makes them better at distilling large volumes of data into a collection of data that a large language model (LLM) can use to build models or answer questions. That means quantum computing has the potential to significantly accelerate AI and LLM usability—which is extremely appealing to today’s businesses.

Quantum computing holds the potential for developing more secure quantum-resistant cryptography in the future, but today’s quantum computing poses a significant threat to current encryption methods.

How Quantum Computing Breaks Encryption

Quantum computing offers several opportunities for innovation across industries, but it also presents opportunities for threat actors to break encryption algorithms. To understand how quantum computing can break encryption, we must understand the three types of encryption: symmetric, asymmetric, and homomorphic.

  • Symmetric encryption uses the same key to both encrypt and decrypt data. It is fast, simple for modern computers and a well-established technology. However, the encryption/decryption key must be exchanged before sending data.
  • Asymmetric encryption uses two keys: a public key and a private key. Data encrypted with the public key can only be decrypted by the corresponding private key, and vice versa. However, the public key cannot decrypt data it encrypted, and the private key cannot decrypt data it encrypted.
  • Homomorphic encryption allows data to remain encrypted even while it is being processed, which means the data is never decrypted. Homomorphic encryption is in its early stages and not widely adopted.

We must also understand when data can be encrypted: at rest, in transit, and in use. At-rest encryption uses symmetric encryption, as the keys are internal to the company or organization. In-transit encryption typically uses TLS tunnels, which use asymmetric encryption for the rest of the session. In-use encryption is less common. Most data inside a database server is currently processed in plaintext. If an attacker breaks into the database server, they could extract the data in plaintext from the server’s memory. In the future, homomorphic encryption will likely be used to encrypt data while it’s in use. 


Download:  Determine the Cost and Impact of a Security Breach

 

Quantum Computing Encryption Threats

Quantum computing is significantly more efficient at brute-forcing both symmetric and asymmetric encryption keys compared to traditional computing. While it is about twice as efficient at breaking symmetric keys, it is exponentially faster at cracking asymmetric encryption keys. For instance, AES-128, a common algorithm for at-rest encryption, could be broken by quantum computers in 2.5 million years, compared to the 5 million years it would take current computers. This reduction in security is not a major concern for most data, but for highly sensitive information, switching to AES-256 would restore the decryption time to around 5 million years, even against quantum computing.

The real threat, however, lies with asymmetric encryption, which is crucial for securing data in transit. Quantum computing could potentially break asymmetric ciphers almost instantly, allowing attackers to capture the contents of a TLS tunnel and obtain the symmetric key, thereby decrypting all subsequent traffic effortlessly. Asymmetric encryption is used to establish a secure communication channel, but it is computationally expensive and slow. Once the key exchange is complete, the session switches to symmetric encryption, which is faster and more efficient.

There are varying perspectives on when quantum decryption will become available, but it is likely that nation-states will be the first to achieve it, given their willingness to invest trillions of dollars. The initial cracking of an asymmetric code by quantum computing could take a year, but the process will become progressively faster over time. Once a nation-state masters quantum decryption, multinational defense contractors and other large companies will likely follow, and the technology will eventually spread to smaller organizations.

Within 10 to 15 years after the first code is cracked, quantum decryption could be widely available, and within 15 to 20 years, it might even be an app on a quantum-enabled phone. While some cryptographers doubt the feasibility of accumulating enough quantum power, the high stakes of national security suggest that a "Manhattan Project"-like effort could accelerate the timeline. Given current advancements by companies like IBM and D-Wave, quantum decryption could be viable within three to seven years, with five to seven years being the more probable minimum.

Data is being harvested today and will likely be decrypted in the future, posing varying levels of risk depending on its sensitivity and half-life. For instance, stock trading data is highly sensitive until the trade is executed, while Social Security numbers and personal identities remain at risk for decades.

Mission-critical data can be dangerous for periods ranging from a few days to several years, and this duration, known as the data half-life, should be included in data classification schemas. Assuming quantum decryption becomes viable by 2031, data with a 20-year half-life sent today would still be at risk then. The timeline for quantum decryption is a fixed point, and the data half-life remains constant, meaning that if quantum decryption happens in 2034, data considered dangerous for five years would be safe now in 2024 but at risk if you're reading this in 2029.

Tips to Remediate Quantum Computing Risk

Apple and other messaging platforms have taken significant steps toward post-quantum cryptography (PQC) by integrating algorithms like Kyber, one of the NIST finalists. This means that hundreds of millions of iPhones are already equipped with PQC. However, widespread adoption requires manufacturers to integrate PQC cipher suites into their systems, and this process will take time due to the lag in updates from various data-sharing partners.

To prepare and mitigate Quantum risks, security teams should work to:

  • Inventory their asymmetric connections
  • Communicate with manufacturers about PQC updates
  • Engage with third parties to align on post-quantum strategies
  • Form a supply chain group to collectively roll out PQC

Collaboration is key to managing the risks associated with quantum decryption threats. 

Need a practical IR template to manage cybersecurity incidents? This Incident Response Plan (IRP) template includes both general procedures and specific incident scenarios. Use this template to: ✅ Build rapid response plans to minimize downtime and potential damage 🎯 Tailor your response based on the nature of the incident 💪🏼 Build resiliency with IR guidance to current with new threats.  Download this critical template and build a cohesive IR plan.

Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.

Subscribe to IANS Blog

Receive a wealth of trending cyber tips and how-tos delivered directly weekly to your inbox.

Please provide a business email.