SEC 401: Emerging Threats — Quantum Computing and the Future of Encryption

This course addresses the most significant long-term threat to information security: the advent of quantum computing and its potential to render current cryptographic standards obsolete.

What Is Quantum Computing?

The course begins with an accessible, non-technical explanation of quantum computing. Classical computers process information in bits—each bit is either a 0 or a 1. Quantum computers use quantum bits, or “qubits,” which can exist in a superposition of both 0 and 1 simultaneously. This allows quantum computers to represent and manipulate many possible states in parallel. For certain specialized problems—including the factoring of very large numbers—this parallelism could allow quantum computers to find solutions exponentially faster than classical machines.

This matters because the security of most modern encryption relies on the extreme difficulty of factoring large numbers. The RSA encryption algorithm, which secures everything from banking transactions to government communications, is based on the mathematical principle that multiplying two large prime numbers together is easy, but determining which two primes were multiplied is extraordinarily hard for a classical computer—potentially taking thousands of years. In the 1990s, mathematician Peter Shor demonstrated that a sufficiently powerful quantum computer could solve this problem in hours or minutes.

Harvest Now, Decrypt Later (HNDL)

The most alarming implication of quantum computing is not a future scenario—it is a present-day strategy. Adversaries, particularly state actors and advanced persistent threat (APT) groups, are already intercepting and storing encrypted data with the explicit intention of decrypting it once quantum computers mature. This strategy is known as “harvest now, decrypt later” (HNDL), also referred to as “store now, decrypt later” (SNDL).

The U.S. National Institute of Standards and Technology (NIST) has warned that “encrypted data remains at risk because of the harvest now, decrypt later threat” and that “starting the transition to post-quantum cryptography now is critical to preventing these future breaches.” The U.S. Department of Homeland Security, the UK’s National Cyber Security Centre, the European Union Agency for Cybersecurity, and the Australian Cyber Security Centre all base their official guidance on the premise that adversaries are currently exfiltrating and storing encrypted data.

Consider the implications: government records, diplomatic cables, trade secrets, medical records, and financial transactions encrypted today could be decrypted retroactively once quantum computing reaches sufficient power. A breach enabled by quantum computing in 2035 may originate from data intercepted in 2025. The data has already been stolen; the victims just do not know it yet.

The Federal Reserve itself published research in 2025 analyzing the HNDL risk to distributed ledger networks, concluding that even systems that successfully migrate to post-quantum cryptography cannot retroactively protect data that was already harvested under classical encryption.

Post-Quantum Cryptography (PQC)

Learners study the emerging field of post-quantum cryptography—algorithms designed to resist attack by both classical and quantum computers. NIST finalized its first set of post-quantum cryptographic standards in 2024, and organizations are beginning the multi-year process of migrating their systems. The course covers both the technical concepts and the organizational challenges of cryptographic migration, emphasizing that the transition must begin now—before quantum computers arrive—because some information must remain confidential for decades.