Quantum Computing – Harvest Now Decrypt Later Threat

Quantum computing is not a faster classical computer. It is a fundamentally different computational model that exploits quantum mechanical phenomena — superposition, entanglement, and interference — to solve specific problem classes that are exponentially hard for classical computers.

The developer's mental model: a quantum computer with n qubits represents a superposition of all 2^n possible n-bit states simultaneously. A quantum algorithm manipulates this superposition to amplify the probability of the correct answer. Measurement collapses the superposition to a single outcome. The art of quantum algorithm design is arranging the interference so the correct answer has high probability.

As of 2026, quantum computers with 100-1000 physical qubits exist but are noisy (NISQ era). Fault-tolerant quantum computers that can run Shor's algorithm to break RSA-2048 likely require millions of physical qubits and remain years away. But the cryptographic threat is taken seriously: post-quantum cryptography standardisation (NIST 2024) is happening now.

Qubits and Quantum Gates

A qubit state is |ψ⟩ = α|0⟩ + β|1⟩ where |α|² + |β|² = 1. α and β are probability amplitudes. Upon measurement, the qubit collapses to |0⟩ with probability |α|² or |1⟩ with probability |β|².

A subtle but critical point: the phase of a qubit is relative, not absolute. The state |ψ⟩ and e^{iθ}|ψ⟩ produce the same measurement probabilities but interfere differently with other qubits. This is why interference is the engine of quantum speedup.

import numpy as np

# Simple qubit state simulation
ket0 = np.array([1, 0], dtype=complex)  # |0⟩
ket1 = np.array([0, 1], dtype=complex)  # |1⟩

# Hadamard gate
H = np.array([[1,1],[1,-1]], dtype=complex) / np.sqrt(2)

# Apply H to |0⟩ — creates superposition
psi = H @ ket0
print(f'H|0⟩ = {psi}')  # [0.707, 0.707]
print(f'P(|0⟩) = {abs(psi[0])**2:.3f}')  # 0.5
print(f'P(|1⟩) = {abs(psi[1])**2:.3f}')  # 0.5

# Use Qiskit for real quantum circuits
try:
    from qiskit import QuantumCircuit
    from qiskit.quantum_info import Statevector
    qc = QuantumCircuit(2)
    qc.h(0)      # Hadamard on qubit 0
    qc.cx(0, 1)  # CNOT: creates Bell state (entanglement)
    sv = Statevector(qc)
    print('Bell state:', sv)
except ImportError:
    print('pip install qiskit for full quantum simulation')

Superposition, Entanglement, and Interference — The Three Engines

Superposition: A qubit can be in both |0⟩ and |1⟩ states simultaneously. n qubits can represent all 2^n states simultaneously — this is quantum parallelism. But careful: you cannot read that whole superposition out. Measurement collapses it to a single state. The challenge is to manipulate the superposition so that the probability of measuring the correct answer is high.

Entanglement: Two qubits can be correlated such that measuring one instantly determines the other, regardless of distance. A Bell state (|00⟩+|11⟩)/√2 collapses to either both-0 or both-1 with equal probability — never one-0-one-1. Entanglement is what makes quantum cryptography (BB84 protocol) possible and enables superdense coding.

Interference: Quantum states have phases. Quantum algorithms are designed so that probability amplitudes of wrong answers cancel (destructive interference) while the correct answer's amplitude grows (constructive interference). This is not just 'trying all answers at once' — it's arranging the computation so the right answer emerges.

Quantum Advantage — When Quantum Actually Helps

Quantum computers are not universally faster. They provide speedup for specific problem classes:

Exponential speedup: - Shor's algorithm — factoring integers (breaks RSA, ECC). - Quantum simulation — simulating quantum chemistry (materials science, drug discovery). - Discrete logarithm problems.

Quadratic speedup: - Grover's search — unstructured search O(√N) vs classical O(N). - Quantum counting — counting solutions to a search problem.

No known speedup (classical remains optimal or near-optimal): - Sorting, most string processing, graph traversal, linear algebra for classical data. - Neural network training (except for specific quantum ML models on quantum data). - Everyday computation — your web server, database, or game engine will never be replaced by a quantum computer.

The most important practical takeaway: quantum speedup is not a function of data size but of problem structure. Shor's algorithm exploits periodicity. Grover's algorithm uses amplitude amplification. Without these structures, quantum offers nothing.

Post-Quantum Cryptography — What Developers Need to Do Now

Shor's algorithm breaks RSA and ECC — the foundations of modern TLS, digital signatures, and code signing. A sufficiently powerful fault-tolerant quantum computer renders today's public-key infrastructure obsolete overnight.

The migration strategy is hybrid cryptography: use both classical and post-quantum algorithms in parallel. A TLS handshake that negotiates both ECDHE and Kyber is secure against both today's attackers and tomorrow's quantum computers. Clients that don't support post-quantum algorithms fall back to classical.

Harvest now, decrypt later is a real threat: an adversary can store encrypted traffic today and decrypt it years later when quantum computers become available. If your data needs to remain confidential for 10+ years, you should be using hybrid encryption now.

The timeline: NIST finalised standards in 2024. Crypto libraries are integrating (BoringSSL, AWS-LC, OpenSSL 3.x with providers). Cloud providers offer PQC KEM options for internal encryption. Major browsers and CDNs are experimenting with hybrid TLS. Start planning your migration now — not when the first RSA break is announced.

#!/bin/bash
# ============================================================
# Quick post-quantum readiness assessment script
# Run this to check if your environment supports PQC
# ============================================================

echo "=== OpenSSL PQC Support ==="
# OpenSSL 3.x with oqsprovider
if openssl version | grep -q '3\.'; then
    echo "OpenSSL 3.x detected. Check for oqsprovider:"
    openssl list -providers 2>/dev/null | grep -i oqs && echo "OQS provider installed" || echo "OQS provider NOT installed"
else
    echo "OpenSSL version < 3.0. Upgrade for PQC support"
fi

echo -e "\n=== BoringSSL / AWS-LC PQC Support ==="
grep -q "KYBER" /usr/local/include/openssl/ssl.h 2>/dev/null && echo "Kyber support in BoringSSL" || echo "Check BoringSSL version"

echo -e "\n=== Code Signing Algorithm ==="
# Check signature algorithm of a binary
if command -v codesign &>/dev/null; then
    codesign -d --verbose=4 "$(which bash)" 2>&1 | grep -i 'signature' | head -1
fi

echo -e "\n=== SSH Host Key Algorithms ==="
ssh -Q key | grep -E "rsa|ecdsa|ed25519" | head -5

echo -e "\n=== TLS Cipher Suites (hybrid PQC check) ==="
# This requires a test endpoint
openssl s_client -connect google.com:443 -tls1_3 2>/dev/null | grep -i 'cipher' | head -1

echo -e "\n=== Recommendation ==="
echo "If you see RSA or ECDSA keys (especially for long-lived certificates), plan migration to ML-DSA (Dilithium)."
echo "Enable hybrid key exchange (ML-KEM + ECDH) in dev environments now."