(Credit: PCMag/Zain bin Awais/Yuichiro Chino/Andrei Akushevich/via Getty Images)
Quantum computers have the potential to break most existing encryption methods—including AES-256, one of the strongest encryption standards used today—in just hours, compared with the millions of years it would take with current computers. Such a breakthrough would completely reshape the landscape of data security. In response, the National Institute of Standards and Technology (NIST) has led efforts to develop post-quantum encryption (PQE) to defend against these future threats. Many cybersecurity companies, particularly VPN providers, are already beginning to adopt PQE in their systems. But how concerned should you actually be? Let’s break down what PQE is, how it differs from AES-256, and whether quantum computing really poses an imminent threat.
What Is Post-Quantum Encryption?
Standard encryption methods, such as AES, multiply large prime numbers together to turn data into a random string of numbers and characters. This process is lightweight and requires minimal computing power. However, modern computers cannot reverse the process quickly, making it impractical for hackers to break.
Quantum computing works by computing bits (1s and 0s) simultaneously, as opposed to individually, allowing it to compute at a much faster rate than a traditional computer. This level of computing would allow quantum computers to reverse the AES process quickly, potentially decrypting vast banks of data that have been protected for decades. To prevent this, NIST has led the charge in developing post-quantum encryption alongside top tech companies, including Intel and IBM.
PQE isn’t a single set method like AES. Multiple organizations have proposed algorithms that aim to be more resilient against attacks from quantum computers. Since nobody knows exactly what capabilities those quantum computers will have, researchers are developing different algorithms in the hopes of finding the best and most efficient options. All of these algorithms are well researched by experts in the field, but ultimately, they are the best educated guesses at what will thwart a quantum attack.
When a VPN utilizes post-quantum encryption, it claims to encrypt its data using an algorithm theorized to be resistant to quantum attacks. There are no real-world implementations where this technology has been put to the test against actual decryption attempts. It isn’t a meaningless claim for a VPN to adopt PQE. It demonstrates a focus on prevention and forward-thinking approaches to user security. However, the effectiveness of PQE will realistically take years to be fully assessed. AES has been proven to be a standard for decades against real-world attacks. PQE is a promising technology that may change how we handle encryption, but it won’t happen overnight.
Quantum Computing: How Imminent Is It?
Consumer-grade quantum computing has been “just around the corner” for years. The technology exists, but it is currently experimental and limited to research teams at major companies like IBM and Intel. At best, it is uncertain whether and when the technology will be stable and scalable enough to reach consumers. Any firm dates being thrown out there are speculative and should be taken with a hefty grain of salt.
Widespread availability of this technology would completely upend data security. However, there are significant challenges that the technology must overcome before it reaches your desk. Power consumption is significantly higher than that of even the best enthusiast computers on the market. Errors require advanced knowledge to parse, and the lack of a stable implementation means it's not yet ready for a plug-and-play desktop solution.
Recommended by Our Editors
Top minds in the field still question whether these problems will prove solvable in the near future. NIST is the leading organization behind post-quantum encryption algorithms, and they state that “experts’ estimates range from a few years to a few decades” before a quantum computer powerful enough to pose a significant threat to current encryption methods appears.
What Is a Quantum Computer Attack?
The primary risk at present is related to data that has already been encrypted using AES, also known as a “harvest now, decrypt later” attack. Bad actors, governments, and companies are likely harvesting hoards of encrypted data in the hopes that it will be decryptable later with a quantum computer. Personal information, confidential company data, and much more could be leaked if AES is reversed. While much of this information may be outdated, the potential benefits will likely encourage any entity with sufficient resources to perform data mining to invest in the technology.
While it is impractical to go back and secure all of that legacy information, some measures are necessary to prevent new data from being susceptible to this attack. Consumer quantum machines may be a ways off yet, but that doesn’t mean governments and large corporations will be barred from early adoption. In that regard, practical decryption attacks could occur in the near future. For new information, post-quantum encryption aims to thwart these attacks before they become a reality.
What Can You Do to Prevent Quantum Attacks?
At the moment, nothing. Instead of focusing on potential threats that may never materialize, it’s better to safeguard your data against the online dangers that currently exist. Data breaches occur frequently due to inadequate privacy practices among corporations, apps, and internet service providers, as well as traditional social engineering and poor internet hygiene. The data obtained from these kinds of attacks and scams is far more valuable to criminals looking to make money from your data today.
The future of quantum computing and the nature of potential attacks are uncertain. Malicious actors using this new technology could upend the world of security and user data, but there is no certain way to secure yourself against this potential future. Post-quantum encryption may be one solution, but it must be subjected to real-world attacks before it can be considered a proven safeguard, like AES.