Quantum Computing – Harvest Now Decrypt Later Threat

Quantum computing is not a faster classical computer. It is a fundamentally different computational model that exploits quantum mechanical phenomena — superposition, entanglement, and interference — to solve specific problem classes that are exponentially hard for classical computers.

The developer's mental model: a quantum computer with n qubits represents a superposition of all 2^n possible n-bit states simultaneously. A quantum algorithm manipulates this superposition to amplify the probability of the correct answer. Measurement collapses the superposition to a single outcome. The art of quantum algorithm design is arranging the interference so the correct answer has high probability.

As of 2026, quantum computers with 100-1000 physical qubits exist but are noisy (NISQ era). Fault-tolerant quantum computers that can run Shor's algorithm to break RSA-2048 likely require millions of physical qubits and remain years away. But the cryptographic threat is taken seriously: post-quantum cryptography standardisation (NIST 2024) is happening now.

Why Quantum Computing Changes the Threat Model for Encryption

Quantum computing leverages qubits that exist in superposition — a linear combination of 0 and 1 states — to perform calculations on all possible values simultaneously. Unlike classical bits, a qubit's state collapses upon measurement, but until then, quantum gates manipulate probability amplitudes. This enables algorithms like Shor's to factor large integers in polynomial time (O((log N)^3)), rendering RSA-2048 breakable in hours on a sufficiently large fault-tolerant machine.

Two properties matter in practice: superposition and entanglement. Superposition allows a quantum register of n qubits to represent 2^n states at once, providing exponential parallelism. Entanglement correlates qubits so that measuring one instantly determines the state of its partner, enabling quantum error correction and teleportation-based communication. Current machines (e.g., IBM Osprey with 433 qubits) are noisy and error-prone — they lack the logical qubit count needed for cryptographically relevant attacks.

You should care now because of the 'harvest now, decrypt later' threat. Adversaries can capture encrypted traffic today and store it until a quantum computer can break the keys. For any data with a shelf life beyond 5–10 years — financial records, state secrets, healthcare data — you must begin migrating to post-quantum cryptography (e.g., CRYSTALS-Kyber for key encapsulation) immediately. The transition is not optional; it's a matter of when, not if.

Qubits and Quantum Gates

A qubit state is |ψ⟩ = α|0⟩ + β|1⟩ where |α|² + |β|² = 1. α and β are probability amplitudes. Upon measurement, the qubit collapses to |0⟩ with probability |α|² or |1⟩ with probability |β|².

A subtle but critical point: the phase of a qubit is relative, not absolute. The state |ψ⟩ and e^{iθ}|ψ⟩ produce the same measurement probabilities but interfere differently with other qubits. This is why interference is the engine of quantum speedup.

import numpy as np

# Simple qubit state simulation
ket0 = np.array([1, 0], dtype=complex)  # |0⟩
ket1 = np.array([0, 1], dtype=complex)  # |1⟩

# Hadamard gate
H = np.array([[1,1],[1,-1]], dtype=complex) / np.sqrt(2)

# Apply H to |0⟩ — creates superposition
psi = H @ ket0
print(f'H|0⟩ = {psi}')  # [0.707, 0.707]
print(f'P(|0⟩) = {abs(psi[0])**2:.3f}')  # 0.5
print(f'P(|1⟩) = {abs(psi[1])**2:.3f}')  # 0.5

# Use Qiskit for real quantum circuits
try:
    from qiskit import QuantumCircuit
    from qiskit.quantum_info import Statevector
    qc = QuantumCircuit(2)
    qc.h(0)      # Hadamard on qubit 0
    qc.cx(0, 1)  # CNOT: creates Bell state (entanglement)
    sv = Statevector(qc)
    print('Bell state:', sv)
except ImportError:
    print('pip install qiskit for full quantum simulation')

Superposition, Entanglement, and Interference — The Three Engines

Superposition: A qubit can be in both |0⟩ and |1⟩ states simultaneously. n qubits can represent all 2^n states simultaneously — this is quantum parallelism. But careful: you cannot read that whole superposition out. Measurement collapses it to a single state. The challenge is to manipulate the superposition so that the probability of measuring the correct answer is high.

Entanglement: Two qubits can be correlated such that measuring one instantly determines the other, regardless of distance. A Bell state (|00⟩+|11⟩)/√2 collapses to either both-0 or both-1 with equal probability — never one-0-one-1. Entanglement is what makes quantum cryptography (BB84 protocol) possible and enables superdense coding.

Interference: Quantum states have phases. Quantum algorithms are designed so that probability amplitudes of wrong answers cancel (destructive interference) while the correct answer's amplitude grows (constructive interference). This is not just 'trying all answers at once' — it's arranging the computation so the right answer emerges.

Quantum Advantage — When Quantum Actually Helps

Quantum computers are not universally faster. They provide speedup for specific problem classes:

Exponential speedup: - Shor's algorithm — factoring integers (breaks RSA, ECC). - Quantum simulation — simulating quantum chemistry (materials science, drug discovery). - Discrete logarithm problems.

Quadratic speedup: - Grover's search — unstructured search O(√N) vs classical O(N). - Quantum counting — counting solutions to a search problem.

No known speedup (classical remains optimal or near-optimal): - Sorting, most string processing, graph traversal, linear algebra for classical data. - Neural network training (except for specific quantum ML models on quantum data). - Everyday computation — your web server, database, or game engine will never be replaced by a quantum computer.

The most important practical takeaway: quantum speedup is not a function of data size but of problem structure. Shor's algorithm exploits periodicity. Grover's algorithm uses amplitude amplification. Without these structures, quantum offers nothing.

Post-Quantum Cryptography — What Developers Need to Do Now

Shor's algorithm breaks RSA and ECC — the foundations of modern TLS, digital signatures, and code signing. A sufficiently powerful fault-tolerant quantum computer renders today's public-key infrastructure obsolete overnight.

The migration strategy is hybrid cryptography: use both classical and post-quantum algorithms in parallel. A TLS handshake that negotiates both ECDHE and Kyber is secure against both today's attackers and tomorrow's quantum computers. Clients that don't support post-quantum algorithms fall back to classical.

Harvest now, decrypt later is a real threat: an adversary can store encrypted traffic today and decrypt it years later when quantum computers become available. If your data needs to remain confidential for 10+ years, you should be using hybrid encryption now.

The timeline: NIST finalised standards in 2024. Crypto libraries are integrating (BoringSSL, AWS-LC, OpenSSL 3.x with providers). Cloud providers offer PQC KEM options for internal encryption. Major browsers and CDNs are experimenting with hybrid TLS. Start planning your migration now — not when the first RSA break is announced.

#!/bin/bash
# ============================================================
# Quick post-quantum readiness assessment script
# Run this to check if your environment supports PQC
# ============================================================

echo "=== OpenSSL PQC Support ==="
# OpenSSL 3.x with oqsprovider
if openssl version | grep -q '3\.'; then
    echo "OpenSSL 3.x detected. Check for oqsprovider:"
    openssl list -providers 2>/dev/null | grep -i oqs && echo "OQS provider installed" || echo "OQS provider NOT installed"
else
    echo "OpenSSL version < 3.0. Upgrade for PQC support"
fi

echo -e "\n=== BoringSSL / AWS-LC PQC Support ==="
grep -q "KYBER" /usr/local/include/openssl/ssl.h 2>/dev/null && echo "Kyber support in BoringSSL" || echo "Check BoringSSL version"

echo -e "\n=== Code Signing Algorithm ==="
# Check signature algorithm of a binary
if command -v codesign &>/dev/null; then
    codesign -d --verbose=4 "$(which bash)" 2>&1 | grep -i 'signature' | head -1
fi

echo -e "\n=== SSH Host Key Algorithms ==="
ssh -Q key | grep -E "rsa|ecdsa|ed25519" | head -5

echo -e "\n=== TLS Cipher Suites (hybrid PQC check) ==="
# This requires a test endpoint
openssl s_client -connect google.com:443 -tls1_3 2>/dev/null | grep -i 'cipher' | head -1

echo -e "\n=== Recommendation ==="
echo "If you see RSA or ECDSA keys (especially for long-lived certificates), plan migration to ML-DSA (Dilithium)."
echo "Enable hybrid key exchange (ML-KEM + ECDH) in dev environments now."

Bits vs. Qubits — Why Your Mental Model Breaks Here

A classical bit is a transistor switch. On or off. 0 or 1. That's it. You can chain billions of them through logic gates and build a machine that runs your whole production stack. But the moment you try to simulate a molecule with 50 electrons, that classical machine chokes. The state space explodes faster than Moore's law can save you.

A qubit isn't a switch. It's a vector in a 2D complex space. When you measure it, you get 0 or 1 with some probability. But before measurement, it exists in a linear combination — a superposition — of both states. This isn't a coin flip. It's a fundamentally different information representation. One qubit holds two amplitudes. Two qubits hold four. N qubits hold 2^N. That exponential scaling is the entire reason quantum computing threatens your encryption. You can represent all possible inputs to a function in the amplitudes of a few qubits, then evolve that system and read out the answer.

The practical consequence: where a classical register holds one number, a quantum register holds a probability distribution over all possible numbers. Your algorithms have to exploit that distribution, not fight it.

// io.thecodeforge — dsa tutorial

public class ClassicalVsQuantumRegister {

    // Classical register: 3 bits hold exactly one value
    public static int classicalRegister(int bits) {
        // max value 2^bits - 1, but holds ONE number at a time
        return (1 << bits) - 1; // e.g., 3 bits -> 7
    }

    // Quantum register *conceptually* holds 2^N amplitudes
    // You'd use a complex array in practice
    public static double[] quantumRegister(int qubits) {
        int size = 1 << qubits; // 2^N amplitudes
        double[] amplitudes = new double[size];
        // Uniform superposition: each amplitude = 1 / sqrt(size)
        double amp = 1.0 / Math.sqrt(size);
        for (int i = 0; i < size; i++) {
            amplitudes[i] = amp;
        }
        return amplitudes;
    }

    public static void main(String[] args) {
        int n = 3;
        System.out.println("Classical max value: " + classicalRegister(n));
        double[] qState = quantumRegister(n);
        System.out.println("Qubit amplitudes count: " + qState.length);
        for (int i = 0; i < qState.length; i++) {
            System.out.printf("Amplitude |%d>: %.4f%n", i, qState[i]);
        }
    }
}

Why Normal Data Structures Break in Quantum Computing

Try storing a 50-qubit state in a HashMap. You need 2^50 entries — that's over a quadrillion key-value pairs. No amount of clever hashing saves you. Normal data structures assume linear or polynomial memory scaling. Quantum states explode exponentially.

Classical data structures like arrays, lists, and trees index by a single discrete position. A qubit state doesn't have a single position. It's a vector of complex amplitudes in a Hilbert space. You can't iterate over it. You can't sort it. You can't even store it directly on a classical machine for more than about 30 qubits before you run out of RAM.

What you actually need: data structures that exploit sparsity, structure, or tensor networks. For circuit simulation, you use directed acyclic graphs where nodes are gates and edges carry quantum state metadata. For representing states, you use tensor trains or matrix product states — they factor the exponential space into a product of smaller tensors. The real job isn't storing the state. It's compressing the representation enough that you can simulate it classically, or designing the quantum circuit so you never need the full state at once.

Your classical data structures are the wrong tool for this job. Don't force them. Understand the sparsity pattern of your problem, then pick a sparse tensor representation.

// io.thecodeforge — dsa tutorial

import java.util.HashMap;
import java.util.Map;

public class SparseStateVector {

    // Store only non-zero amplitudes: key = basis state, value = amplitude
    private Map<Integer, Double> amplitudes;

    public SparseStateVector() {
        this.amplitudes = new HashMap<>();
    }

    public void setAmplitude(int basisState, double amp) {
        if (Math.abs(amp) > 1e-10) {
            amplitudes.put(basisState, amp);
        } else {
            amplitudes.remove(basisState);
        }
    }

    public double getAmplitude(int basisState) {
        return amplitudes.getOrDefault(basisState, 0.0);
    }

    public int nonZeroCount() {
        return amplitudes.size();
    }

    public static void main(String[] args) {
        SparseStateVector state = new SparseStateVector();
        // Only 2 non-zero out of 16 possible for 4 qubits
        state.setAmplitude(3, 0.7071);  // |0011>
        state.setAmplitude(12, 0.7071); // |1100>
        System.out.println("Non-zero amplitudes: " + state.nonZeroCount());
        System.out.println("Amplitude of |0000>: " + state.getAmplitude(0));
    }
}