RBC Warns of 'Harvest Now, Decrypt Later' Quantum Threat

- The underlying threat stems from Shor's Algorithm, a quantum computing algorithm developed by Peter Shor in 1994, which can efficiently factor large numbers, rendering widely used public-key encryption standards like RSA and Elliptic Curve Cryptography (ECC) obsolete. - The date when a quantum computer could break current encryption is often called "Q-Day" or "Y2Q". While timelines vary, expert consensus places this event in the early-to-mid 2030s, with the Cloud Security Alliance suggesting a specific date of April 14, 2030. - In response, the U.S. National Institute of Standards and Technology (NIST) has been standardizing post-quantum cryptography (PQC) since 2016. In August 2024, NIST finalized the first standards, including FIPS 203, which is based on the CRYSTALS-Kyber algorithm (now called ML-KEM) for general encryption. - U.S. government directives underscore the urgency of this transition. A National Security Memorandum has set a path for migration, and NIST has outlined a timeline for all systems to transition away from traditional cryptographic algorithms by 2035. - While public-key infrastructure is highly vulnerable, symmetric encryption algorithms like AES-256 are considered quantum-resistant. The primary quantum threat to symmetric keys comes from Grover's algorithm, which effectively halves the security strength, but this can be mitigated by doubling the key length. - Adversaries are targeting data with a long-term value, such as personally identifiable information (PII), corporate intellectual property, healthcare records, and government secrets. Joint advisories from the NSA, CISA, and NIST explicitly warn that this data is already being harvested. - Global financial regulators are mandating action. For example, Europol's Quantum Safe Financial Forum issued a call to action in February 2025, and Switzerland's Financial Innovation Desk (FIND) has released a seven-step roadmap for financial institutions to prepare for the quantum risk.