• Cyborg Bytes
  • Posts
  • Quantum Security: The One Thing No One’s Preparing For

Quantum Security: The One Thing No One’s Preparing For

Author

Addie LaMarr
July 04, 2025

What If Quantum Math Could Crack Everything You’ve Ever Encrypted?

Encryption is the silent bodyguard of the digital world. It protects your texts, your money, your medical records, even your protest plans. Most of us never think about it—until it fails.

Here’s the uncomfortable truth: the encryption that protects nearly everything we do online wasn’t built to survive what’s coming next.

That next thing? It’s quantum computing.
And while it’s not fully here yet, it’s already starting to mess with your future security.

The danger doesn’t wait for the moment a quantum computer boots up. It started the moment people began saving your encrypted data, assuming it would stay locked forever. The math behind those locks—RSA, ECC, and DSA—was solid during the classical computing era. But quantum changes the rules.

There’s a piece of quantum math called Shor’s Algorithm. It’s the kind of breakthrough that only needs to work once. Instead of grinding through passwords, it unravels the structure behind the math itself. This single algorithm can break the two core assumptions our current encryption depends on: factoring large numbers and solving discrete logarithms.

That means:

  • Bank websites

  • Email providers

  • VPNs

  • Cryptocurrency wallets

  • Software signatures

  • Cloud backups

All vulnerable—once quantum computers reach a certain threshold. And we’re not talking science fiction anymore.

I served 8 years in the U.S. Air Force maintaining and deploying cryptographic systems. In 2017, I was sitting in a quantum computing seminar at the Okinawa Institute of Science and Technology, and the consensus from the quantum researchers in the room was, “Don’t worry—quantum won’t be ready until at least 2050.”

Fast forward a few years, and that estimate has been slashed. Industry leaders and labs are pushing new breakthroughs at a speed that’s caught even insiders off guard. The current forecast? Under 10 years. Some say less.

And that matters, because what you encrypt today might still be sitting on a server in 2032. If it’s using outdated cryptography, it won’t matter how careful you were—someone with a quantum machine can open that file like it was never protected.

Even before those machines come online, your encrypted info is being collected. Governments. Corporations. Data harvesters. They know what’s coming, and they’re already preparing for it.

That’s the real threat here—not that quantum computing breaks encryption in the future, but that it can break the past wide open.

If you're encrypting anything you care about—your company’s intellectual property, sensitive messages, backups, contracts—it’s time to rethink what “secure” really means.

And we’re just getting started.

Is Your Data Already Stolen—Just Waiting to Be Decrypted?

If you’re waiting for a headline that says, “Quantum Computer Finally Built,” you’ve already missed the point.

The real danger isn’t when quantum computing arrives—it’s what happens to the information you trusted to encryption years ago.

Right now, agencies, intelligence contractors, and adversarial groups are collecting encrypted data with no plan to crack it today. They’re hoarding it. Storing it. Banking on one thing: that quantum computers will give them access to it later.

This tactic has a name: Store Now, Decrypt Later (SNDL). And it’s not theoretical—it’s already a core strategy in modern espionage.

Picture this: a burglar steals a safe from your office. They can’t open it today. But they know a skeleton key is being built in a lab somewhere. Once it’s finished, everything you locked away becomes visible—no matter how old it is.

That’s exactly how SNDL works. Encrypted emails from 2016. Business contracts from last quarter. Legal files. Health records. All being quietly gathered, catalogued, and filed away like time capsules set to detonate.

The NSA has explicit authority to store encrypted communications indefinitely. China’s state-backed labs are doing the same with their own global data dragnet. Other nation-states and corporate entities are following suit. They’re not targeting specific individuals—they’re building archives. Because when quantum decryption becomes available, they’ll have a time machine that opens decades of secrets.

And while all of this unfolds, security firms are selling overpriced audits filled with vague language and zero technical guidance. Some of them know what’s coming. Most are just cashing in on fear while offering no actual plan.

Here’s what’s often overlooked: encrypted data isn’t safe just because it’s old. In a post-quantum world, age doesn't matter—only the algorithm does.

So if you’re using legacy encryption and assuming your info is safe because it’s stored, or old, or “not interesting,” you’re running on borrowed time.

The files that will be decrypted first aren’t necessarily the most valuable—they’re just the easiest to crack once the tools exist. That means every backup, email archive, and encrypted drive you’ve trusted to today’s standards is potentially sitting in a database right now, waiting for the door to quantum to open.

This isn’t speculation. It’s already happening.

Who’s Really Controlling the Future of Your Privacy?

Most people still see quantum computing as a science problem. Something for researchers, universities, or think tanks to debate.

But behind the scenes, decisions about your future privacy are being made by a small set of organizations that aren’t just researching quantum—they’re shaping who gets to control it.

Let’s start with the U.S. ecosystem.
Google and IBM are the marquee names in American quantum hardware. Their breakthroughs get headlines. What gets less attention is how deeply embedded they are in defense and intelligence contracts. These companies are doing far more than just running experiments—they’re designing infrastructure for the same government agencies responsible for global surveillance.

Then there’s NIST, the body setting post-quantum cryptographic standards. Officially, NIST is neutral. But it collaborates closely with the NSA, which has a well-documented history of pushing encryption standards that quietly benefit surveillance. One of those—Dual_EC_DRBG—was later found to contain a potential backdoor.

DARPA, MITRE, Booz Allen—they’re developing strategy. They’re funding research. And they’re quietly shaping how post-quantum encryption will be deployed, regulated, and possibly restricted.

Now let’s zoom out a bit to the nation-state level.

China treats quantum not just as a research frontier but as a national security priority. Their state-aligned labs are rapidly advancing both quantum communications and decryption. There’s no daylight between their academic researchers and their surveillance infrastructure. Russia, Israel, the U.K., and others are also positioning themselves for advantage.

This is control architecture, not an arms race.

Whichever country or consortium solves quantum decryption first won’t just unlock sensitive files—they’ll gain leverage over every system that hasn’t migrated to quantum-safe encryption. And that includes massive swaths of public and private infrastructure.

Meanwhile, cloud providers like Microsoft, Amazon, and Google already store huge amounts of encrypted user data. Few of them have released a meaningful post-quantum transition plan. The question isn’t whether they’re preparing. It’s what their timelines and priorities look like—and who gets protected first.

The balance of power isn’t just about computing speed. It’s about who decides when your data is no longer safe—and whether you’ll hear about it before or after it’s already exposed.

This is why I make my cryptographic notes and breakdowns public.
This is why I offer post-quantum audits that don’t require a six-figure consulting retainer.

Because if we wait for the most powerful actors to protect us, we’re going to be the last ones invited into the room.

What Encryption Still Works—and What’s Already Doomed?

By now, the pattern is clear: legacy encryption systems are aging out. They weren’t designed for a world where quantum computing exists. But here’s the part most people miss—new defenses are already being built.

And they work.

The challenge isn’t figuring out if we can protect our data. It’s figuring out which tools to trust, and when to switch.

Let’s talk specifics.

🔐 What’s vulnerable?

If the security of your system relies on factoring large numbers or solving discrete logarithms, it’s at risk. That includes:

  • RSA: Used in HTTPS, digital signatures, email encryption, VPNs

  • ECC (Elliptic Curve Cryptography): Found in Bitcoin wallets, Signal, secure email, authentication

  • DSA and Diffie-Hellman: Still used in older infrastructure, SSH keys, and web servers

Once Shor’s Algorithm runs on a sufficiently powerful quantum computer, those locks are wide open. There’s no patch. There’s no partial fix.

🛡 What’s still secure?

Not all cryptography is doomed.

Symmetric algorithms—like AES—are still considered strong. You just need longer keys. Instead of AES-128, move to AES-256. For hash functions, switch from SHA-256 to SHA-384 or SHA-512. Grover’s Algorithm, the quantum threat to symmetric crypto, only halves the strength—so doubling your key size buys you safety.

The more important shift is toward post-quantum cryptography (PQC)—a new class of encryption algorithms built to resist quantum attacks.

They’ve been tested, vetted, and finalized by NIST after years of global cryptanalysis.

🚀 The algorithms to know:

  • CRYSTALS-Kyber (key exchange + encryption): Fast, efficient, good for hardware-constrained systems

  • CRYSTALS-Dilithium (digital signatures): Strong security with relatively small signatures

  • FALCON: Compact and fast for constrained environments, but more complex to implement

  • SPHINCS+: Hash-based and extremely resilient, though slower—best as a secure fallback

Companies like Google, Cloudflare, and Signal are already experimenting with these in hybrid modes—where classical and post-quantum encryption are combined during the transition.

That transition is where most organizations get stuck.

💡 What to do right now:

  • Switch to AES-256 and SHA-384/512 where you can

  • Start testing hybrid PQC + ECC encryption modes in your infrastructure

  • Identify where RSA or ECC still live in your systems

  • Ask your vendors what their post-quantum migration plan is

  • Review any long-term data you’re storing that might need retroactive protection

And if you’re not sure where to start?

If you’re an individual, here’s a free template you can use to reach out  to your email provider, cloud host, or any other  services you use to ask them what their quantum readiness plan looks like.

For small-to-mid-sized businesses, I offer a post-quantum audits—focused, technical, and tailored to your business. You’ll know exactly:

  • Which systems need attention

  • What can be upgraded, phased out, or left alone

  • How to prioritize without falling for panic-based marketing

This isn’t about throwing everything away. It’s about knowing what matters, what’s vulnerable, and how to make smart, strategic moves now—before you’re locked into a reactive position later.

The longer you wait, the fewer choices you’ll have.

Why Are Billion-Dollar Companies Prepping for Quantum—but You’re Not?

There’s a dangerous assumption floating around that only massive corporations need to worry about post-quantum security.

It’s wrong.

Encryption protects everyone—not just enterprises with threat models. If you’ve got private messages, customer data, cloud backups, intellectual property, or even just old login credentials archived somewhere, you’ve already got skin in the game.

And if you’re running a business—especially a small one—you’re even more exposed. You’re expected to operate with enterprise-level responsibility but rarely get access to the same tools, training, or support.

Here’s what quantum disruption looks like in real terms:

  • Your customer contracts, invoices, and archives that live on cloud platforms encrypted with RSA: Vulnerable.

  • Your end-to-end encrypted emails: If they’re ECC-based, they can be cracked.

  • Your crypto wallet keys: Most still use algorithms that quantum can tear through once available.

  • Your backups from five years ago that no one thought to revisit: Still encrypted—but not for long.

Post-quantum security is about preparing for an event that changes how trust, confidentiality, and digital safety work.

The good news is, you don’t have to overhaul everything overnight. But you do need a plan.

Here’s what you can do today:

  • Use tools with forward secrecy like Signal, Matrix, and TLS 1.3-enabled apps

  • Replace RSA or ECC in places you control—your email provider, your backup system, your dev stack

  • Check your cloud vendors’ public documentation for their post-quantum migration plan

  • Archive less, encrypt better, and start thinking in terms of long-term data exposure

  • Follow people who are tracking this space without the fear-mongering—and without selling snake oil

If you’re running a business and haven’t mapped out your quantum risk, you’re leaving money—and your reputation—on the table.

Because quantum isn’t just about what gets broken. It’s about what we choose to protect before it’s too late.

Stay Curious,

Addie LaMarr