Enterprise IT Tech Events / Comments

Quantum Is Here — And Post‑Quantum Cryptography Is Already Too Late

In an earlier article, I mentioned that one session at CES 2026 had stood out for me more than the others.

I walked into this session expecting a familiar discussion about algorithms, standards, and roadmaps. I walked out with something very different: a growing discomfort that we are framing the post‑quantum problem in entirely the wrong way.

The session “Quantum is Here: Global Industry Challenge & Post‑Quantum Cryptography” was not really about cryptography at all. It was about limits — of organizations, of hardware lifecycles, of governance, and of how slowly large systems actually change. The uncomfortable message was simple: quantum computing is not arriving suddenly; our ability to adapt is simply not keeping pace.

That perspective was reinforced in particular by the contributions of Simon Patkovic (IonQ IDQ) and Dave Krauthamer (QuSecure), who approached the topic not from abstract theory but from the reality of deploying quantum‑era security in live environments.

One clarification up front: none of this is an argument against post‑quantum cryptography. Moving toward PQC standards is clearly not optional, even if full adoption timelines extend beyond any hypothetical “Q‑day.” Later in this article, I will come back to why PQC algorithms genuinely protect us where traditional cryptography does not, and why that work remains essential.

This was not a session about clever math. It was a session about how systems fail in the real world.

The Core Claim: Migration Will Not Finish in Time

Across speakers, one assertion kept resurfacing: even if post‑quantum cryptographic algorithms are ready, we will not upgrade our systems fast enough for it to matter.

That claim did not come across as alarmist. It was grounded, almost mundane. The argument was structural.

Even if a specific date like 2030 turns out to be optimistic or pessimistic, the underlying signal is hard to ignore. Production scaling at quantum hardware manufacturers, steady algorithmic improvements, and advances in error correction are moving faster than the planning cycles of most enterprises. Any new breakthrough — whether in hardware, algorithms, or manufacturing — only accelerates that trend.

Several concrete points anchored that discussion:

  • Shor’s algorithm is now believed to require on the order of ~1 million qubits, not the ~20 million that was often cited in the past.
  • Based on observed scaling trajectories from active quantum hardware manufacturers, speakers expect cryptographically relevant capability well before 2030.
  • Data harvested today can be decrypted later; there is no way to retroactively protect it.
  • Much of today’s deployed hardware — embedded systems, identity devices, industrial controllers — will never be capable of running PQC algorithms.

Taken together, this collapses the comforting idea that post‑quantum security is a scheduled upgrade. It becomes a race against irreversibility, where every year of delay quietly compounds exposure.

What this signals to me is that arguing about exact dates has already become the wrong conversation. Whether the inflection point lands in 2028, 2032, or somewhere in between matters less than the direction of travel. Acceleration is the story — and acceleration only moves risk closer, never further away.

 

From Cryptography to Data‑Flow Survival

One of the most important shifts in the session was conceptual. Post‑quantum security was no longer framed as replacing RSA or ECC with something stronger. Instead, it was framed as protecting data flows end‑to‑end while assuming cryptography will eventually fail.

Speakers were blunt:

  • Application‑level upgrades will not finish in time.
  • Crypto‑agility sounds reassuring, but is operationally insufficient at scale.
  • The only layer that can still be meaningfully changed across large estates is the network.

That reframing matters. It moves the problem up the stack — away from algorithms and toward where data is created, terminated, segmented, inspected, or leaked. In that sense, post‑quantum security starts to look less like a cryptographic discipline and more like systems architecture under stress.

The Hardware Wall

For me, one of the most sobering moments in the discussion was how little room there is to maneuver once hardware is involved.

Even if organizations wanted to migrate aggressively:

  • PQC’s memory and compute requirements exceed what many deployed devices can handle.
  • Identity hardware, access cards, IoT devices, and industrial controllers become long‑lived liabilities.
  • Network‑centric mitigations help in IT environments, but translate poorly to physical and embedded domains.

The result is a permanent asymmetry: the systems that are hardest to replace are often the ones least capable of being secured in a post‑quantum world. 

Or as this 2021 whitepaper by NIST clearly states:
" Implementations of new applications will need to accommodate the demands of post-quantum cryptography and allow the new schemes to adapt to them. In fact, post-quantum cryptographic requirements may actually shape some future application standards" and "The replacement of algorithms generally requires changing or replacing cryptographic libraries, implementation validation tools, hardware that implements or accelerates algorithm performance, dependent operating system and application code, communications devices and protocols, and user and administrative procedures. Security standards, procedures, and best practice documentation need to be changed or replaced, as do installation, configuration, and administration documentation" which translates to 'a full ecosystem reconsideration'.
 

Historical Proof: The DoD Example

Any lingering optimism was deliberately punctured with history.

The U.S. Department of Defense took roughly 15 years to migrate from RSA to a successor system for physical access cards. That effort:

  • Was never fully completed
  • Still remains unfinished
  • Is now being repeated for post‑quantum cryptography

The point was not to criticize the DoD, but to make a broader one: if a well‑resourced organization could not complete a cryptographic migration under favorable conditions, global industry should not assume it will do better

A New Kind of Risk: Trust Impersonation

Another subtle but important shift was how risk itself was described.

Quantum computing was not framed merely as a confidentiality problem. It was framed as a trust problem.

Once cryptographic signatures can be broken or impersonated:

  • Identity collapses
  • Integrity becomes questionable
  • Non‑repudiation stops being reliable

At that point, the risk is no longer a “data breach.” It is a systemic failure of trust.

The Coming Cryptographic Splinternet

Evidence of Standards Fragmentation
This concern is not theoretical. There are already clear signals of post‑quantum cryptography diverging along national and regional lines:

  • United States (NIST): The U.S. National Institute of Standards and Technology has finalized a specific set of post‑quantum algorithms (e.g. CRYSTALS‑Kyber, CRYSTALS‑Dilithium) as federal standards, binding for U.S. government use and strongly steering industry adoption.
  • European Union / ENISA: European guidance documents align broadly with NIST’s direction, but emphasize hybrid approaches, transition phases, and risk management rather than hard mandates, leaving room for national interpretation.
  • National migration playbooks: Individual countries (including several EU member states) are publishing their own PQC migration handbooks and timelines tailored to local infrastructure, legal regimes, and threat models.
  • Diverging positions on adjacent technologies: Government agencies also differ in their stance on related technologies such as Quantum Key Distribution (QKD), reinforcing that “quantum‑safe” does not mean the same thing everywhere.

None of this represents open conflict — but taken together, it already creates a landscape where compliance, assurance, and trust are defined differently depending on jurisdiction.

There was also an unmistakable geopolitical undertone to the discussion, but the risk here felt deeper than geopolitics alone.

There was also an unmistakable geopolitical undertone to the discussion, but the risk here felt deeper than geopolitics alone.

Different countries are developing different post‑quantum standards, creating the prospect of:

  • Fragmented cryptographic regimes
  • Interoperability challenges
  • A true cryptographic splinternet

What troubled me most is that this fragmentation is often presented as a form of resilience — diversification as protection. In practice, I increasingly see the opposite risk.

Multiple, divergent standards do not just slow coordination; they also multiply attack surfaces. Each standard introduces its own assumptions, its own implementation flaws, its own update cadence, and its own weakest links. Rather than eliminating systemic risk, fragmentation may simply spread it out and make it harder to reason about.

This leads to a more uncomfortable question: what does trust even mean in an interconnected world where we do not trust each other’s cryptographic standards? If I cannot rely on another party’s definition of “secure,” how do we establish trusted paths across boundaries at all — even if both sides claim to be post‑quantum compliant?

In that sense, the cryptographic splinternet is not just a standards problem. It is a trust problem. And once trust fragments, post‑quantum cryptography risks becoming less a foundation for secure communication and more a series of negotiated exceptions, gateways, and fragile bridges between domains that no longer fully trust each other.

Post‑quantum security, in other words, is drifting into the realm of diplomacy, regulation, and platform power — not just engineering.

 

What Remains Unresolved

The session did not pretend to have neat answers. Several questions were left deliberately open:

  • Which data flows are truly worth protecting when not all can be?
  • How should boards reason about a “quantum panic day” without a deterministic trigger?
  • Who takes responsibility for post‑quantum transitions in public infrastructure?
  • What does security mean when cryptographic permanence is no longer credible?

Implications for Practice

For me, the practical implications cut deeper than any single technology choice.

  • Security architecture has to move from application‑centric to flow‑centric thinking.
  • Network termination, segmentation, and inspection become first‑class design concerns.
  • Long‑lived data retention suddenly looks like a liability, not an asset.
  • Boards need to treat post‑quantum security as a governance and data‑loss problem, not an IT roadmap milestone.

What this really changed for me is how I view data‑flow protection inside enterprises. Too often it is treated as a compliance exercise — something to audit, document, and contain after the fact — rather than something built into the DNA of every sensitive flow.

A post‑quantum world removes that comfort. At that point, security is no longer about preventing every crash. It becomes about reducing impact when the crash is inevitable. It is no longer a question of whether we will hit the wall, but what we do now to soften the impact.

Why Post‑Quantum Cryptography Helps — Where Traditional Cryptography Does Not

Before closing, let me answer the question that inevitably comes up once “Q‑day” enters the conversation: why does post‑quantum cryptography (PQC) protect us where traditional cryptography does not?

I like to think about it in two different ways — because quantum breaks things in two different ways.

1) When quantum exploits structure (the Shor problem)

Some cryptographic systems are secure today because the math underneath them is brutally hard for classical computers. RSA relies on the difficulty of factoring large integers; elliptic‑curve cryptography relies on discrete logarithms on elliptic curves.

A sufficiently capable quantum computer changes that, not by “trying harder,” but by using a different kind of computation to uncover hidden structure. Shor’s algorithm turns factoring and discrete log into problems that can be solved efficiently on a quantum computer. That means the security of RSA/ECC doesn’t degrade gracefully — it collapses.

If you want a clear, intuitive walkthrough of how Shor’s algorithm exploits this hidden periodic structure, I recommend this short explanation video: How Shor’s Algorithm Breaks RSA (YouTube). The same video is also embedded below in this article.

2) When quantum speeds up search (the Grover / oracle problem)

There is another kind of quantum advantage that is easier to intuit. Imagine a problem where the only way to find the right answer is to repeatedly test candidates with a yes/no check — an “oracle.”

Quantum algorithms like Grover’s can accelerate that kind of brute‑force search by roughly a square root factor. A clear and accessible explanation of Grover’s algorithm is available here: Grover’s Algorithm Explained (YouTube). If a classical search would take 36 hours, a quantum one might take about 6 hours. That’s not magic, but it’s a real acceleration — and it means that security margins based on “this would take too long to brute force” can erode faster than people expect.

So where does PQC fit?

PQC doesn’t win by being “stronger.” It wins by not being built on the specific mathematical structures that Shor’s algorithm destroys, and by relying on problems where known quantum search advantages don’t give you a clean shortcut.

Many PQC schemes — especially lattice‑based ones — are built on problem families such as Learning With Errors (LWE) or related lattice assumptions. The key idea (in plain language) is this:

  • you are trying to recover a hidden structure,
  • but the system deliberately injects noise (errors) into what you observe,
  • and that noise makes the reverse‑engineering problem extremely hard.

That “error” is not an implementation detail — it is part of the security story. It breaks the clean, single‑answer structure that makes Shor‑type attacks so devastating, and it resists straightforward “test one candidate, amplify the right one” strategies. For a solid understanding of these concepts (which I'm sure not to accomplish anywhere near as good as this lady) - consider the suggested video's below.

To be clear: this is not a proof that PQC can never be broken. It is a statement about the current landscape: for the leading PQC problem classes, there is no known quantum algorithm that gives a Shor‑style collapse. At most, the best‑known quantum attacks tend to offer limited speedups (often polynomial or quadratic), which can be compensated for by parameter choices.

And that brings us back to the tension that mattered most in this session.

Post‑quantum cryptography does work — but only where it can actually be applied. Mathematically, PQC removes the known quantum attack paths that break today’s public‑key cryptography. Where it is correctly deployed, it meaningfully raises the bar.

The problem is not that PQC fails when adopted. The problem is that large parts of our systems will never get there. Hardware that cannot be upgraded, software that will not be touched in time, and organizations that cannot coordinate fast enough create gaps that cryptography alone cannot close.

That is why the takeaway from the session was not “deploy PQC and you are safe,” but something more precise and more uncomfortable: post‑quantum cryptography solves the cryptographic problem, but it does not solve the migration, governance, or trust problem.

Author Reflection

Personal view: Post‑quantum cryptography will probably not be remembered for a clean algorithmic transition. It will be remembered as the moment we collectively accepted that cryptographic trust is temporary.

What follows from that insight is subtle but important. If trust is temporary, then security can no longer be designed around permanence, completion, or “being done.” It has to be designed around failure modes, blast‑radius reduction, and graceful degradation over time. In other words, systems must be built on the assumption that something will break — and that what matters most is how much damage that break can cause.

Seen through that lens, the challenge ahead is not mainly technical. It is psychological and organizational.

In the short term, that also means we cannot afford to wait for full post‑quantum adoption before acting. We need to put just as much emphasis on preventing data leakage today — tightening data flows, reducing unnecessary data retention, limiting exposure, and shrinking blast radii — so that the impact of store‑and‑decrypt‑later attacks can at least be minimized as a compounding risk in the coming years. PQC is essential for the future, but data‑loss prevention and flow control are essential for surviving the transition.

quantum
CES
PQC
cryptography
security