ThinkableWhat is this?

Post-quantum cryptography

The Lock the Internet Runs On Is About to Be Broken

Every encrypted message you've ever sent — your banking, your medical records, your private conversations — rests on a mathematical problem that a quantum computer will eventually solve in minutes.

The Idea

The security underpinning most of the internet relies on a beautifully simple asymmetry: it's easy to multiply two enormous prime numbers together, but nearly impossible to reverse the process and find those original primes from the result. RSA encryption, the bedrock of HTTPS and countless other protocols, bets your privacy on that one-way difficulty. Classical computers would need longer than the age of the universe to crack a well-chosen key. Quantum computers, running an algorithm called Shor's algorithm, could do it in hours — or less, once they're powerful enough. The threat isn't just theoretical or distant. Security researchers are already worried about a strategy called 'harvest now, decrypt later.' Adversaries — nation-states, sophisticated criminal groups — are reportedly collecting encrypted internet traffic today, storing it, and waiting for the quantum hardware to mature before decrypting it. Data that needs to stay secret for 20 years is already at risk, right now. Post-quantum cryptography (PQC) is the field racing to replace these vulnerable systems before that moment arrives. The goal is to design encryption algorithms that even a quantum computer can't break — not by fighting quantum mechanics, but by choosing mathematical problems that quantum algorithms don't have a known shortcut for. Things like the geometry of high-dimensional lattices, or the complexity of decoding certain error-correcting codes. The lock gets redesigned before the master key is forged.

In the World

In 2016, the U.S. National Institute of Standards and Technology launched a global competition — part beauty pageant, part stress test — inviting cryptographers from around the world to submit candidate algorithms for a post-quantum standard. Over 80 submissions arrived from research teams across six continents. What followed was six years of intense public scrutiny: mathematicians tried to break each other's proposals, and several promising candidates fell apart under the pressure. One algorithm, SIKE, survived every round of review until 2022, when a researcher at KU Leuven named Wouter Castryck broke it in under an hour on a standard laptop. A single elegant mathematical insight rendered years of work obsolete. In 2024, NIST finalised its first set of post-quantum standards, with algorithms like CRYSTALS-Kyber (now called ML-KEM) and CRYSTALS-Dilithium leading the way. Both are built on lattice problems — imagine trying to find the shortest path through a tangled mesh in hundreds of dimensions simultaneously. No known quantum algorithm gets a meaningful advantage there. The challenge now is deployment. Swapping out cryptographic infrastructure isn't like updating an app. It's embedded in hardware chips, internet protocols, banking systems, and government networks worldwide. The migration is already underway — Apple added post-quantum protections to iMessage in 2024 — but the full transition will take years, and every day of delay is a day of exposure.

Why It Matters

This isn't a story about something that might affect you someday. If you've ever sent a message, made a payment, or logged into anything online, your data has been protected by systems now racing toward obsolescence. The transition to post-quantum cryptography is one of the largest infrastructure overhauls in the history of the internet, and it's happening mostly out of sight. Knowing about it changes how you think about digital security — and about time. The 'harvest now, decrypt later' concept is genuinely unsettling because it collapses the future into the present. Decisions made today about data retention, encryption standards, and software updates carry stakes that extend decades forward. It also offers a more honest view of how technological security works: not as an impenetrable vault, but as a constantly renegotiated truce between what's computationally hard today and what won't be tomorrow. Staying literate in that negotiation — even at a high level — means you're less likely to be caught flat-footed when the next shift arrives.

A Question to Ponder

If security is always a moving target rather than a fixed state, what does it actually mean to call something 'secure' — and who gets to decide when the definition needs to change?

Get a new one of these every morning.

Start learning with Thinkable
One topic like this, every day.Start free