Deep Dive Series
Quantum Security Reference
Quantum computing will break the cryptography that protects nearly everything we do online — from banking transactions to national security communications. The question is no longer whether, but when. And the migration to quantum-resistant cryptography is already the largest cryptographic overhaul in the history of information technology.
This reference series is designed for CISOs, CTOs, and security leaders who need to understand the quantum threat landscape without wading through textbook physics. Each article provides a concise, accessible explanation of one essential concept — then links into my deeper technical analyses for those who want the full picture.
Start with the capstone overview for the complete narrative, or jump directly to the concept you need.
-
Sixteen concepts. One imperative. The quantum threat to cryptography is no longer a future concern — the deadlines for action are already set, and most organizations haven't started. This guide maps the complete quantum security landscape for CISOs and security leaders: the specific algorithms that quantum computers will break, the resource estimates that keep shrinking faster than anyone expected, the Harvest Now Decrypt Later threat that makes the risk active today, the Trust Now Forge Later attack on digital signatures that I first described in 2018 and that may prove more disruptive than the encryption threat, the NIST standards now finalized and shipping in production systems, the CNSA 2.0 deadlines that start biting in 2027, the migration program that spans upwards of 120,000 tasks in a large enterprise, and the crypto-agility architecture that determines whether you migrate once or build the capacity to migrate continuously. The quantum security question has shifted. It is no longer "when will quantum computers break our cryptography?" It is "can we complete the largest cryptographic overhaul in IT history before the regulatory, commercial, and threat timelines converge?" This reference series provides the structured entry point — each concept explained accessibly, each linked to the deeper technical analysis behind it.
Read More »
-
Quantum Security Reference
What Is Post-Quantum Cryptography (PQC)?
NIST finalized the first post-quantum cryptography standards in August 2024. Browser vendors, cloud providers, and HSM manufacturers are already shipping implementations. This reference explains why current public-key cryptography will break, how the replacement algorithms work differently, which standards NIST selected, and what the migration to quantum-resistant cryptography actually involves for security teams.
Read More » -
Quantum Security Reference
What Is Quantum Cryptography?
Quantum cryptography uses quantum physics to protect information, most commonly through quantum key distribution (QKD). It is not the same thing as post-quantum cryptography. This reference explains what quantum cryptography actually is, how QKD works, why countries disagree on its future, and where it fits alongside PQC in a security strategy.
Read More » -
Quantum Security Reference
What Is Quantum Cyber Security?
Quantum cyber security is no longer a research topic. NIST has finalized the standards, regulators have set hard deadlines starting in 2027, and the migration to quantum-resistant cryptography will touch every system in your organization. This reference covers what security leaders need to know to build a program that meets the deadlines.
Read More » -
Quantum Security Reference
What Is Quantum Computing Security?
Quantum computing security has two meanings: protecting classical systems against quantum attack, and protecting quantum computers themselves. Both matter, but the first is why every CISO has a deadline. This reference covers what breaks, how soon, and what the dual challenge looks like.
Read More » -
Quantum Security Reference
What Is Quantum Safe?
Every vendor now claims their product is "quantum safe." This reference explains what the term actually means, how it differs from related labels, what standards define it, and how to evaluate quantum-safe claims in procurement, compliance, and architecture decisions.
Read More » -
Quantum Security Reference
What Is Shor’s Algorithm?
Shor's algorithm is the reason post-quantum cryptography exists. Published in 1994, it proved that a quantum computer could break RSA, ECC, and Diffie-Hellman. The resource estimates for executing it keep dropping. This reference explains the algorithm's implications without the mathematics.
Read More » -
Quantum Security Reference
What Is Grover’s Algorithm?
Grover's algorithm is the quantum threat to symmetric cryptography. It halves effective key lengths, which sounds alarming until you do the math. AES-256 remains secure. AES-128 does not. This reference explains the algorithm, its limits, and why the common advice is almost right.
Read More » -
Quantum Security Reference
What Is Harvest Now, Decrypt Later (HNDL)?
Harvest Now, Decrypt Later is the reason the quantum threat is not a future problem. Nation-state adversaries are collecting encrypted data today, waiting for quantum computers powerful enough to break it. If your data needs to stay confidential for a decade, the window for protection is already closing.
Read More » -
Quantum Security Reference
What Is Q-Day?
Q-Day is the day a quantum computer can break widely used public-key cryptography. Predictions range from 2030 to never. But as I have argued, that debate is becoming irrelevant — regulators, insurers, and technology vendors have already set their own deadlines, and those arrive first.
Read More » -
Quantum Security Reference
What Is a CRQC (Cryptographically Relevant Quantum Computer)?
A CRQC is the quantum computer capable of breaking real-world cryptography. None exists today, but the engineering path is advancing across every required capability. This reference explains what a CRQC requires, how to track progress toward one, and why the "when" question matters less than most people think.
Read More » -
Quantum Security Reference
What Is a Logical Qubit?
Every quantum computing headline features a qubit count. Almost none of them distinguish between physical qubits and logical qubits. That distinction is the single most important concept for evaluating quantum progress — and the one most consistently misunderstood outside the research community.
Read More » -
Quantum Security Reference
What Is Quantum Error Correction (QEC)?
Quantum error correction is how quantum computers fight their own fragility. Without it, no quantum computer can run the long computations needed to break cryptography. For security leaders, QEC progress is the single most important indicator of how fast the quantum threat is advancing.
Read More » -
Quantum Security Reference
What Is Quantum Key Distribution (QKD)?
Quantum key distribution uses the laws of physics to share encryption keys in a way that makes eavesdropping detectable. The security guarantee is real, but so are the practical limitations. This reference explains the technology, the protocols, and the ongoing debate about QKD's role in quantum security.
Read More » -
Quantum Security Reference
What Is PQC Migration?
PQC migration is the process of transitioning an organization's cryptographic infrastructure from classical algorithms to post-quantum standards. NIST estimates three to five years for a large agency. Most enterprises should expect the upper end. This reference explains what the migration involves and where to begin.
Read More » -
Quantum Security Reference
What Is Trust Now, Forge Later (TNFL)?
Trust Now, Forge Later is the quantum threat to digital signatures. While Harvest Now, Decrypt Later targets confidentiality, TNFL targets trust — and the consequences may be more systemic. I coined the concept in 2018, and the research since has only strengthened the case for treating signature migration as the more urgent priority.
Read More » -
Quantum Security Reference
What Is a QBOM (Quantum Bill of Materials)?
QBOM stands for Quantum Bill of Materials, but the term is used inconsistently across the industry. Some mean an inventory of quantum computing components; others mean a cryptographic inventory viewed through quantum risk. This reference sorts out the terminology and explains which inventory you actually need for PQC migration.
Read More »
