Post-Quantum Encrypt…

Quantum computers have the potential to break most existing encryption methods—including AES-256, one of the strongest encryption standards used today—in just hours, compared with the millions of years it would take with current computers. Such a breakthrough would completely reshape the landscape of data security. In response, the National Institute of Standards and Technology (NIST) has led efforts to develop post-quantum encryption (PQE) to defend against these future threats. Many cybersecurity companies, particularly VPN providers, are already beginning to adopt PQE in their systems. But how concerned should you actually be? Let’s break down what PQE is, how it differs from AES-256, and whether quantum computing really poses an imminent threat.

What Is Post-Quantum Encryption?

Standard encryption methods, such as AES, multiply large prime numbers together to turn data into a random string of numbers and characters. This process is lightweight and requires minimal computing power. However, modern computers cannot reverse the process quickly, making it impractical for hackers to break. 

Quantum computing works by computing bits (1s and 0s) simultaneously, as opposed to individually, allowing it to compute at a much faster rate than a traditional computer. This level of computing would allow quantum computers to reverse the AES process quickly, potentially decrypting vast banks of data that have been protected for decades. To prevent this, NIST has led the charge in developing post-quantum encryption alongside top tech companies, including Intel and IBM. 

PQE isn’t a single set method like AES. Multiple organizations have proposed algorithms that aim to be more resilient against attacks from quantum computers. Since nobody knows exactly what capabilities those quantum computers will have, researchers are developing different algorithms in the hopes of finding the best and most efficient options. All of these algorithms are well researched by experts in the field, but ultimately, they are the best educated guesses at what will thwart a quantum attack.

When a VPN utilizes post-quantum encryption, it claims to encrypt its data using an algorithm theorized to be resistant to quantum attacks. There are no real-world implementations where this technology has been put to the test against actual decryption attempts. It isn’t a meaningless claim for a VPN to adopt PQE. It demonstrates a focus on prevention and forward-thinking approaches to user security. However, the effectiveness of PQE will realistically take years to be fully assessed. AES has been proven to be a standard for decades against real-world attacks. PQE is a promising technology that may change how we handle encryption, but it won’t happen overnight. 

Quantum Computing: How Imminent Is It?

Consumer-grade quantum computing has been “just around the corner” for years. The technology exists, but it is currently experimental and limited to research teams at major companies like IBM and Intel. At best, it is uncertain whether and when the technology will be stable and scalable enough to reach consumers. Any firm dates being thrown out there are speculative and should be taken with a hefty grain of salt. 

Widespread availability of this technology would completely upend data security. However, there are significant challenges that the technology must overcome before it reaches your desk. Power consumption is significantly higher than that of even the best enthusiast computers on the market. Errors require advanced knowledge to parse, and the lack of a stable implementation means it’s not yet ready for a plug-and-play desktop solution. 

Get Our Best Stories!

Stay Safe With the Latest Security News and Updates

Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.

Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.

By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.

Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Post-quantum encryption may be one solution, but it must be subjected to real-world attacks before it can be considered a proven safeguard.

Top minds in the field still question whether these problems will prove solvable in the near future. NIST is the leading organization behind post-quantum encryption algorithms, and they state that “experts’ estimates range from a few years to a few decades” before a quantum computer powerful enough to pose a significant threat to current encryption methods appears.

What Is a Quantum Computer Attack?

The primary risk at present is related to data that has already been encrypted using AES, also known as a “harvest now, decrypt later” attack. Bad actors, governments, and companies are likely harvesting hoards of encrypted data in the hopes that it will be decryptable later with a quantum computer. Personal information, confidential company data, and much more could be leaked if AES is reversed. While much of this information may be outdated, the potential benefits will likely encourage any entity with sufficient resources to perform data mining to invest in the technology. 

While it is impractical to go back and secure all of that legacy information, some measures are necessary to prevent new data from being susceptible to this attack. Consumer quantum machines may be a ways off yet, but that doesn’t mean governments and large corporations will be barred from early adoption. In that regard, practical decryption attacks could occur in the near future. For new information, post-quantum encryption aims to thwart these attacks before they become a reality. 

What Can You Do to Prevent Quantum Attacks?

At the moment, nothing. Instead of focusing on potential threats that may never materialize, it’s better to safeguard your data against the online dangers that currently exist. Data breaches occur frequently due to inadequate privacy practices among corporations, apps, and internet service providers, as well as traditional social engineering and poor internet hygiene. The data obtained from these kinds of attacks and scams is far more valuable to criminals looking to make money from your data today.

The future of quantum computing and the nature of potential attacks are uncertain. Malicious actors using this new technology could upend the world of security and user data, but there is no certain way to secure yourself against this potential future. Post-quantum encryption may be one solution, but it must be subjected to real-world attacks before it can be considered a proven safeguard, like AES.

About Our Expert

Justyn Newman

Senior Writer, Security

---

Experience

My writing journey started in 2012 and has taken me through various niches, but my main focus has always been on tech. I contributed to several growing PC hardware and software sites, focusing on gaming, peripherals, and privacy.

As the amount of information we put out on the internet has grown, so have the threats and the tools we use to combat them. With VPNs gaining traction in the late 2010s as a tool for the public instead of just an option for business security, I found myself reviewing countless options in this continuously changing landscape.

This led to my role before PCMag over at WizCase, where I honed my knowledge of VPNs and privacy tools and eventually oversaw all of the content produced. I led a talented team of fellow writers and editors to evaluate VPNs, password managers, antivirus, and parental controls.

Read Full Bio