Part 1: What a Quantum Computer Is Not
Table of Contents
(Updated: July 2026)
This is Part 1 of Quantum Computing for Cybersecurity Professionals, an 11-part series that builds quantum computing from the ground up for security and IT professionals who know classical crypto but have no physics background. No lies-to-children, no hype, every claim checkable with arithmetic. Read the full series online or download the free ebook.
Sometime this week, three items will cross your feed. A lab will announce a quantum processor with a record number of qubits (physical qubits, a qualifier that will matter a great deal by Part 10). An article will explain that quantum computers work by trying every combination at once. And a colleague will forward both with the subject line “should we be worried about AES?”
Of the two factual claims in that pile, exactly one is accurate. The qubit count. Your colleague’s email is the right question aimed at the wrong target, and by Part 9 you will know why.
This series is for the person who has to answer that email, and its bottom line is this: quantum computers threaten exactly one category of cryptography, your deadline is set by your data’s lifetime rather than by anyone’s prediction, and “a faster computer” is the wrong mental model entirely. Leadership, auditors, customers, and eventually regulators are going to ask you questions about quantum computers whose correct answers depend on details the popular story gets backwards. So the next eleven parts come with a contract. No lies-to-children: nothing you learn here will need to be unlearned later. Every analogy ships with a note on where it breaks. Any claim that can be checked with arithmetic gets an optional sidebar where you can check it, using math no harder than working out a subnet mask. And at no point will you be asked to accept “quantum weirdness” as an explanation for anything.
The wrong axis
Start by deleting the most common frame: that a quantum computer is a faster computer.
Your laptop, a rack of GPUs, and the largest supercomputer on earth are all the same kind of machine at different sizes. Anything one of them can compute, the others can too, given enough time; they differ only in scale. A quantum computer sits off that ladder entirely. It runs on different physical rules, and those rules make it dramatically better at a narrow class of problems with exploitable mathematical structure, while leaving it unremarkable to useless at nearly everything else. It will not run your SIEM faster, sort your logs, train your models on a budget, or mine Bitcoin at a profit. Nobody will ever issue one to the help desk.
FOR THE RECORD: Tractable versus computable.
A classical computer can simulate a quantum computer perfectly; the simulation just takes exponentially long as the quantum machine grows. So quantum computing moves certain problems from “possible in principle, absurd in practice” into practical reach, and it adds nothing to the set of problems that can be solved at all. This is also why the casualty list below is decided by the mathematical structure of each algorithm, never by raw speed.
The right axis
Swap in a frame your profession already owns.
There are two ways to defeat a cipher. The first is to buy more hardware and try keys faster. That attack is quantitative: double the budget, halve the time, and the defender answers by adding a single bit to the key, staying comfortably ahead forever. The second way is to find structure in the underlying mathematics that lets you bypass key-trying entirely. That attack is qualitative. Cryptographers call it a break, no key length rescues a broken primitive, and the only remedy is retirement.
Quantum computers, in the cases where they matter at all, belong to the second category. Shor’s algorithm, the reason this series exists and the subject of Part 8, is a cryptanalytic break of the mathematical structure underneath RSA, elliptic curves, and Diffie-Hellman that happens to require an exotic machine to execute. Given a large, fault-tolerant quantum computer (two qualifiers examined in detail in Part 10), those primitives end the way FEAL ended when differential cryptanalysis arrived.
WHERE THIS BREAKS: A break with a countdown.
The cryptanalytic-break frame has one important limit. A classical break is a paper, and the primitive dies the day the paper is published. Shor published his algorithm in 1994; what has been missing for three decades is the hardware to run it at scale. So this is a break with a prerequisite, and therefore a countdown, which is exactly what turns it into a risk-management problem instead of an incident-response one. The mathematics is already lost. Only the machine is pending.
MYTH AUTOPSY: “Quantum computers are millions of times faster.”
The phrase fails twice. First, “faster” without a named problem is meaningless. Faster at what? Today’s quantum processors execute gate operations at rates measured in the millions per second at best (thousands, on some platforms) against your CPU’s billions, and error correction will slow the useful rate further. On almost every task you care about, the quantum machine loses, badly, and permanently. Second, where quantum computers do win, speed is the wrong category altogether. They win the way a break beats brute force, by making the hard step unnecessary rather than by doing it faster. Treat any headline of the form “X times faster” the way you treat a vendor claiming military-grade encryption: ask at what, exactly.
Say instead: quantum computers make certain structured problems tractable that are classically intractable; on everything else they are no better, and usually worse.
What a quantum computer actually is (thirty seconds, no weirdness)
A quantum computer is a device that computes with amplitudes: quantities that behave like the probabilities you already use to reason about unknown bits, except that they can be negative, which means they can cancel each other out. That cancellation is called interference, and it is the entire trick. A quantum algorithm is a computation arranged so that the amplitudes of paths leading to wrong answers cancel while the amplitudes of paths leading to the right answer reinforce, so that when you finally read the machine, the right answer is what you are likely to get. The machine’s cells are called qubits; a precise definition is Part 3‘s job.
That is the whole preview. It contains nothing about being in two places at once, nothing about parallel universes, nothing about consciousness. One new rule, probabilities that can cancel, and the rest of this series is consequences. Parts 2 through 4 build it properly, starting from an object you already trust completely: an ordinary bit you have not looked at yet.
Why quantum computing is your problem, on a schedule
The reason this material is a professional obligation and no mere curiosity: the narrow class of problems with exploitable structure contains, almost as if by design, the public-key cryptography holding up everything else. Conventional TLS key exchange, most PKI and code signing, many VPN profiles, and much of DNSSEC all rest on the exact mathematics that Shor’s algorithm breaks on a fault-tolerant machine. Hybrid post-quantum deployments have begun changing that picture, which is the migration working, and they are nowhere near universal.
And the threat does not wait for the machine. An adversary recording ciphertext today only needs the machine to exist before the confidentiality lifetime of that data expires, the pattern known as harvest now, decrypt later (HNDL). Your deadline is therefore Q-Day minus your data’s shelf life minus your migration time, and two of those three numbers are yours to measure. I take no position on dates here. Part 11 will equip you to read the hardware roadmaps yourself, and the rest is risk management, because regulators, insurers, investors, and clients have already set the deadlines whether or not anyone’s prediction turns out to be right. The clock is already running.
FOR THE RECORD: Mosca’s inequality.
The standard formalization comes from Michele Mosca, and I’ve written a CISO’s guide to Mosca’s theorem if you want the full treatment. In symbols: if $$x + y > z$$, where $$x$$ is the number of years your data must stay confidential, $$y$$ is the number of years your migration will take, and $$z$$ is the number of years until a cryptographically relevant quantum computer exists, you are already late. The industry shorthand for that machine is CRQC: a quantum computer big and reliable enough to run Shor’s algorithm against real-world key sizes. All three quantities are estimates. Only the first two are under your control.
The casualty list
Everything in this table is asserted now and earned in Parts 8 and 9.
| Primitive | Verdict | Settled in |
|---|---|---|
| RSA | Broken by Shor’s algorithm on a fault-tolerant machine | Part 8 |
| Diffie-Hellman (finite-field) | Broken by the same algorithm on the same machine | Part 8 |
| Elliptic-curve everything (ECDH, ECDSA, EdDSA) | Broken, at even smaller machine sizes than RSA requires | Part 8 |
| AES | Survives; prefer 256-bit keys, since Grover’s algorithm manages only a quadratic dent | Part 9 |
| SHA-2, SHA-3, HMAC | Survive with margin | Part 9 |
To put it bluntly: the bottom two rows are the least-reported fact in mainstream quantum coverage. Symmetric cryptography and hashing are fine. The quantum threat applies with precision to the structured mathematics that makes public-key cryptography possible. Structure is what this machine eats.
Four different things called “quantum”
MYTH AUTOPSY: “Quantum encryption.”
There is no product called quantum encryption. There are four unrelated things that marketing crams into that phrase, and your first question to any vendor saying “quantum-safe” is: which one do you mean?
Quantum computing (QC) is the threat side, the machine this series is about. It breaks structure-based public-key cryptography, and nobody sells it as a security product.
Post-quantum cryptography (PQC) is the fix: new classical algorithms built on mathematical problems believed hard for classical and quantum attackers alike. Pure software, running on the hardware you already own. NIST finalized the first standards in August 2024: FIPS 203, ML-KEM (formerly CRYSTALS-Kyber), for key establishment, plus FIPS 204, ML-DSA (formerly CRYSTALS-Dilithium), and FIPS 205, SLH-DSA (formerly SPHINCS+), for signatures; my 2025 standardization update covers the full picture. When anyone says quantum migration, this is what migrating means.
Quantum key distribution (QKD) is a physics-based method for two fixed endpoints to agree on key material over a dedicated optical link; I’ve written a QKD 101 for cybersecurity professionals if you’re curious. It distributes keys; it does not encrypt data, and on its own it cannot authenticate the endpoints, so it needs classical authentication to resist man-in-the-middle. It is also point-to-point only. The NSA’s published position is that PQC, and never QKD, is the migration path for national security systems, and the UK’s NCSC takes the same view for general use.
Quantum random number generation (QRNG) is a hardware entropy source that harvests randomness from quantum processes; here’s my introduction to QRNG. Legitimate, useful, and mundane: it is an entropy source, and it offers no protection against a quantum computer. Nothing about the threat model above changes.
One machine that attacks, one software fix, one niche link technology, one entropy widget. Four products share a single adjective; hence the confusion.
How to read this series
Eleven parts. Parts 2 through 7 build the machine’s logic from the ground up: probabilistic bits, amplitudes, interference, entanglement, and the shape of a quantum algorithm. Parts 8 and 9 cash it out against cryptography. Parts 10 and 11 cover the hardware reality and how to read the field like a professional. Every part stands alone, but the arguments compound in order.
Along the way you’ll meet five kinds of sidebar, each with one job. THE ARITHMETIC holds optional numbers, self-contained and skippable; the prose is always complete on its own, but when you want to verify a claim by hand, that box is where you do it. WHERE THIS BREAKS states every analogy’s honest limits at the point of use. FOR THE RECORD holds precision notes and references, for when you need to defend a claim upstream. MYTH AUTOPSY dissects a popular misconception at the exact moment you’ve gained the tools to see through it; two are already behind you. And every part closes with an ATTACKER’S-EYE VIEW, because that is the seat this series assumes you think from.
ATTACKER’S-EYE VIEW: What the rational adversary is doing right now.
Nothing about a well-resourced adversary’s 2026 posture requires a quantum computer to exist. It requires packet capture. Recorded TLS sessions whose keys were agreed with ECDH are an appreciating asset: unreadable today, readable in full the day a CRQC runs. The targeting logic writes itself. Prioritize ciphertext whose value outlives the machine’s plausible arrival: diplomatic and intelligence traffic, health and genomic records, legal files, weapons and industrial design data, source code. Note the mechanism carefully, because this is where most threat models go wrong. Forward secrecy does not rescue a recorded session; the attacker breaks the ephemeral key-exchange values sitting in the captured transcript. Long-lived private keys are the richer prize wherever static key transport or key wrapping still depends on them.
A mirror threat aims at authenticity instead of confidentiality. Any signature whose trust must outlive the machine’s arrival (firmware and code signing, root and long-lived certificates, notarized records) becomes forgeable once the underlying mathematics gives way. Be precise about what that means: the attacker cannot rewrite the past, they mint new signatures that verify under the old public key. Trusted timestamps, transparency logs, and append-only records can still prove what existed before the break, which is exactly why systems resting on bare signature verification are the exposed ones. I’ve written about this pattern as trust now, forge later: HNDL steals yesterday’s secrets, while its twin steals tomorrow’s trust in yesterday’s signatures.
The defensive consequence: your clock is set by two measurable quantities, your data’s shelf life plus your migration time; nobody’s qubit roadmap enters into it.
What to remember
A quantum computer is a different kind of machine, not a faster one; where it matters, it wins the way a cryptanalytic break beats brute force. The break is confined to structured public-key mathematics (RSA, elliptic curves, Diffie-Hellman), while symmetric ciphers and hashes remain secure with larger parameters. The fix, post-quantum cryptography, is classical software on hardware you already run; QKD and QRNG are different products answering different questions. Harvest-now-decrypt-later and its signature-forging twin tie your deadline to your data’s lifetime rather than to anyone’s Q-Day prediction. And nothing ahead requires accepting weirdness: from Part 3 onward, one new rule, probabilities that can cancel, explains everything.
Next, in Part 2, “The Classical Bit You Don’t Know Yet”: before a single qubit appears, we spend time with an object you trust completely, an ordinary bit whose value you have not looked at. We’ll write down everything you believe about it. Every one of those beliefs is reasonable. In Part 4, we’ll use them to spring a trap.