Deploy Bravely — Secure your AI transformation with Prisma AIRS
Table of contents

What Is Quantum Security? Preparing for the Post-Quantum Era

6 min. read
Table of contents

Quantum security is the practice of protecting information and communications from the risks created by quantum computing. It focuses on replacing cryptographic methods such as RSA and ECC that could be broken by quantum algorithms.

The discipline recognizes post-quantum cryptography as the main solution, alongside research into quantum-based approaches like quantum key distribution.

 

What does the industry really mean by “quantum security”?

Graphic containing a centered heading reading 'What 'quantum security' really means' above two rectangular sections. The left section is blue and titled 'Post-quantum cryptography (PQC),' with supporting text that says 'New algorithms (e.g., lattice-based) that resist quantum attacks' and smaller text reading 'NIST standards, widely deployable, runs on today's systems.' The right section is orange and titled 'Quantum cryptography,' with text stating 'Technologies like QKD and QRNG' and smaller text below that reads 'Require specialized hardware, limited to pilots/research.' A sentence runs beneath both sections in smaller font: 'When people say 'quantum security,' they usually mean PQC — the primary path forward for securing data against quantum computers.'

The phrase quantum security often gets used loosely. Some treat it as if it covers every quantum-related technology in cybersecurity. But in practice, most of the security community uses it as shorthand for one thing: post-quantum cryptography.

In other words:

“Quantum security” usually refers to the transition away from encryption methods like RSA (Rivest–Shamir–Adleman) and ECC (Elliptic-curve cryptography).

These are the methods that could be broken by large-scale quantum computers running algorithms such as Shor's. Post-quantum cryptography, or PQC, focuses on new mathematical approaches that can withstand both classical and quantum attacks (more on that later).

So why do you also hear about things like quantum key distribution and quantum random number generators?

Because they're real technologies being researched. However, they require specialized hardware and they're not widely deployable. Which means they tend to appear in niche pilots and research labs rather than in mainstream enterprise adoption.

Understanding why PQC is recognized as the main path forward requires looking at the risk itself.

More specifically, the encryption that secures internet traffic, banking, healthcare records, and digital identities depends on problems that quantum algorithms are expected to solve.

That's why the standards community, led by NIST, has focused on advancing PQC first.

Note:
The term “quantum security” often gets used in two very different ways. Some use it to describe how quantum technologies themselves can improve cybersecurity, such as through quantum key distribution. In this article, though, we focus on the other side of the equation: how to protect today's data and communications against the risks posed by quantum computers.

 

Why won't today's encryption hold up against quantum computers?

"The Internet relies heavily on both public-key encryption schemes and digital signatures to ensure the confidentiality and authenticity of digital communications. However, many of these widely used cryptosystems could be broken by quantum algorithms, running on large-scale fault-tolerant quantum computers. Such machines do not yet exist, but could conceivably be built in the not-too-distant future."
- NIST, Post-Quantum Cryptography, and the Quantum Future of Cybersecurity, Yi-Kai Liu and Dustin Moody

The encryption used to protect most digital systems today was designed with classical computers in mind.

Common algorithms like RSA and elliptic curve cryptography rely on mathematical problems that are extremely difficult for current machines to solve. And that difficulty is what makes the encryption strong.

Quantum computers change the equation.

They use principles of quantum mechanics that allow certain problems to be solved far faster than classical machines ever could. Which means the math that underpins RSA and ECC is no longer safe once large-scale quantum computers exist.

Here's why.

A quantum algorithm called Shor's can factor large numbers and compute discrete logarithms efficiently. And those are the exact problems that make RSA and ECC secure today.

Line graph titled 'Factoring efficiency: classical vs. Shor's algorithm' with the vertical axis labeled 'Number of operations' and the horizontal axis labeled 'Number of digits.' Blue curve labeled 'Classical algorithm' rises steeply at first and continues upward across the graph. Red curve labeled 'Shor's algorithm' starts lower, increases slightly, and then levels off well below the blue curve. Caption below reads 'Shor's algorithm factors large numbers far faster than classical methods, threatening RSA and ECC once quantum computers scale.'

So if an attacker had a sufficiently powerful quantum computer, they could use Shor's algorithm to break these systems outright. The effect would be immediate: encrypted traffic, digital signatures, and authentication systems that rely on RSA or ECC could be forged or exposed.

Symmetric encryption such as AES is affected too, though in a different way.

Another algorithm, Grover's, reduces the effective strength of symmetric keys by half. A 256-bit key would provide the equivalent of 128-bit security against a quantum attack. In other words, quantum computers make brute force attacks faster.

The good news: AES can remain secure with larger key sizes, which is why 256-bit AES is expected to continue protecting data even in a quantum era. This makes symmetric encryption more resilient than RSA or ECC, though it still requires updates to key management practices.

That said, the danger isn't only in the future.

Attackers can capture encrypted data now and hold onto it until quantum computers mature. This is called harvest now, decrypt later. Sensitive information with long-term value, like financial records or government communications, could be exposed even if it's stored securely today.

Horizontal process diagram titled 'Harvest now, decrypt later (HNDL)' showing five sequential steps connected by arrows. Step 1, in a blue square, reads 'Data exfiltration' with subtext 'Steals encrypted traffic or files.' Step 2, in a lighter blue square, reads 'Cold storage' with subtext 'Keeps ciphertext for years.' Step 3, in an orange square, reads 'Advances in quantum computing' with subtext 'Waits for quantum systems.' Step 4, in a white square with a blue lock icon, reads 'Decrypt later' with subtext 'Shor's breaks RSA/ECC.' Step 5, in a purple square, reads 'Use the plaintext' with subtext 'Read, sell, or forge identities.' Small text under several steps notes 'Years can pass' to indicate elapsed time between stages.

That's exactly why there's so much focus on quantum security.

The core concern is that the encryption protecting internet traffic, digital identities, and critical systems will not stand up once quantum computing reaches practical scale. So cryptographic standards are being developed to protect against these risks.

| Further reading: Quantum Computing and Cybersecurity: Breaking Down the Risks

 

What is post-quantum cryptography, and why is it relevant?

Post-quantum cryptography, or PQC, is a set of encryption methods designed to remain secure even when large-scale quantum computers exist. It provides the same functions as today's cryptography—like securing web traffic and digital signatures—but uses different mathematical foundations.

Infographic titled 'Post-quantum cryptography explained' arranged in five horizontal sections. Part 1, labeled 'The problem,' contains two red boxes: the left reads 'RSA & ECC today' with text 'Secure against classical computers by using factoring and discrete logarithms,' and the right reads 'Quantum threat' with text 'Shor's algorithm on a quantum computer could break RSA and ECC.' Part 2, labeled 'The solution,' features a blue box reading 'Post-quantum cryptography (PQC)' with text 'New encryption methods based on math problems that remain hard for both classical & quantum computers.' Part 3, labeled 'Algorithm families,' displays three purple boxes: the first titled 'Lattice-based' with text 'Foundation of Kyber & Dilithium, uses high-dimensional algebraic structures,' the second titled 'Hash-based' with text 'Relies on secure one-way hash functions; basis of SPHINCS+,' and the third titled 'Multivariate' with text 'Uses polynomial equations; still in research stages.' Part 4, labeled 'NIST standards,' shows three gray icons with text underneath: 'Kyber (FIPS 203) Standard for key establishment,' 'Dilithium (FIPS 204) Standard for digital signatures,' and 'SPHINCS+ (FIPS 205) Stateless hash-based digital signature scheme.' A dark gray bar at the bottom labeled 'Takeaway' reads 'PQC is the standards-led path forward — practical and deployable today.'

Here's the key difference.

RSA and elliptic curve cryptography depend on factoring and discrete logarithms. These are math problems that take classical computers so long to solve that they're considered secure in practice.

But they're easy for a quantum computer running Shor's algorithm.

So PQC avoids those weak points by relying on different kinds of problems that remain difficult for both classical and quantum systems. By changing the underlying math, PQC can provide the same functions as today's encryption without breaking once quantum computers reach scale.

So what does that look like in practice?

Researchers are working with several different families of algorithms:

  • Lattice-based cryptography is one of the main approaches. It uses high-dimensional algebraic structures that even a quantum computer cannot solve efficiently.

  • Other families, like hash-based and multivariate cryptography, offer additional options.

The important point is that all of these algorithms can run on today's classical machines. Which means organizations don't need quantum hardware to start adopting them.

"There is no need to wait for future standards. Go ahead and start using these three. We need to be prepared in case of an attack that defeats the algorithms in these three standards, and we will continue working on backup plans to keep our data safe. But for most applications, these new standards are the main event."
- NIST, Dustin Moody, Mathematician, NIST Releases First 3 Finalized Post-Quantum Encryption Standards

To make adoption practical, NIST has standardized three algorithms for real-world use:

  • CRYSTALS-Kyber (FIPS 203) is for key establishment

  • CRYSTALS-Dilithium (FIPS 204) is for digital signatures

  • SPHINCS (FIPS 205) is a stateless hash-based signature scheme

These algorithms are expected to become the backbone of future secure communications.

The takeaway is this:

PQC isn't experimental. It's the mainstream, standards-led path forward. While physics-based methods like quantum key distribution are interesting, PQC is the deployable solution that enterprises, governments, and vendors are preparing to implement now.

| Further reading: What is Post-Quantum Cryptography?

 

Where do QKD and QRNG fit into quantum security?

Technologies like quantum key distribution (QKD) and quantum random number generators (QRNGs) often come up in conversations about quantum security.

They're frequently highlighted in research papers, pilot projects, and even news coverage. So many people assume they're central to the future of secure communication.

Here's the reality.

Quantum cryptography is different from post-quantum cryptography. PQC is about new mathematics that can run on today's classical machines. Quantum cryptography, on the other hand, uses the physics of quantum mechanics itself.

The best-known example is QKD.

Diagram titled 'Quantum key distribution' showing two participants labeled Leia on the left and Luke on the right. Leia is associated with blue circles labeled 'Diagonal polarizers' and purple circles labeled 'Horizontal-vertical polarizers.' Luke is associated with similar labels reading 'Diagonal beamsplitter' and 'Horizontal-vertical beamsplitter.' Between them, a horizontal path labeled 'Photon source' on Leia's side and 'Photon detector' on Luke's side shows alternating blue and purple dots representing transmitted photons. Below the diagram, rows of binary sequences are labeled 'Leia's bit sequence,' 'Luke's detection,' and 'Luke's measurements,' followed by a third line labeled 'Sifted key' showing a series of ones, zeros, and dashes.

It lets two parties exchange encryption keys by transmitting photons in quantum states. If anyone tries to intercept the transmission, the quantum state changes. That disturbance alerts the sender and receiver that the key has been compromised.

In simple terms, eavesdropping becomes detectable. But while this provides a new level of assurance, it also requires very specialized hardware that makes it hard to scale.

QRNGs work differently.

Diagram labeled 'Example of a quantum random number generator (QRNG) using a beam splitter' showing a light source on the left emitting a dashed line toward a transparent cube at the center representing a beam splitter. Two dashed lines emerge from the splitter at right angles leading to two detectors labeled D0 and D1. Detector D0 is annotated with text 'click → 0,' and detector D1 is annotated with text 'click → 1.' To the right, a small horizontal sequence of boxes labeled 'Random bit sequence' displays alternating zeros and ones.

They harness unpredictable quantum processes to generate random numbers. Cryptography depends heavily on randomness, so better random numbers strengthen keys and reduce predictability.

So why aren't these the path forward for most organizations?

Because they have serious limits.

Again, QKD requires specialized hardware. And not just any specialized hardware; we're talking photon detectors. Plus, it also only works reliably over short distances without repeaters, which makes global deployment challenging. QRNGs, on the other hand, do improve randomness but don't replace broken algorithms such as RSA and ECC.

The result: QKD and QRNG are real technologies with niche uses in areas like government and telecom pilots. But they're not mainstream solutions for enterprise adoption.

The standards community and most vendors continue to focus on PQC as the practical, deployable way to secure systems against quantum threats.

| Further reading: What Is a Quantum Random Number Generator?

 

Why is quantum security so challenging to put in place?

Infographic titled 'Quantum security adoption barriers' featuring a diamond-shaped design divided into four colored sections with icons and text labels. Top left section in blue is labeled 'Migration complexity' with text 'Encryption is everywhere. Updating it means rewriting code, cataloging dependencies, and coordinating supply chains.' Top right section in light blue is labeled 'Crypto-agility gap' with text 'Most systems can't swap algorithms easily. Adding flexibility takes major re-engineering.' Bottom left section in dark blue is labeled 'Performance + interoperability' with text 'Larger keys and heavier processing slow systems down. Secure communication also depends on cross-vendor compatibility.' Bottom right section in blue is labeled 'Early-stage alternatives' with text 'QKD and QRNG are still in pilots. They're not ready to replace PQC at scale.'

On paper, adopting quantum-safe protections sounds straightforward. In reality, it requires complex changes that will take years to implement.

  • The first challenge is migration.

    Encryption is embedded in nearly every system, protocol, and application. Replacing algorithms isn't just a software update. It means cataloging every dependency, rewriting code, and coordinating across supply chains. Which means timelines stretch into years. Not months.

  • Performance is another hurdle.

    Many post-quantum algorithms require larger keys and more processing. And that creates concerns about efficiency on constrained devices and in high-volume systems.

    Plus, interoperability across networks and vendors adds another layer of difficulty. If systems can't communicate securely with each other, adoption stalls.

  • Then there's the issue of crypto-agility.

    Most systems today aren't designed to switch cryptographic algorithms easily. And that means migrations often require re-engineering entire architectures. The absence of this flexibility makes transitions slower and riskier.

  • Finally, there's the early-stage nature of quantum-enabled approaches like QKD and QRNG.

    They're still limited to pilots and niche deployments. As discussed, organizations can't rely on them as a broad solution.

To sum up: moving to quantum security isn't a one-time project. It's a gradual process that combines new standards, infrastructure updates, and operational changes. That's why governments and vendors emphasize preparation today, even though large-scale quantum computers may still be years away.

 

How are organizations getting quantum ready today?

It can't be said enough: quantum security isn't something that can be adopted overnight.

Even with NIST standards in place, moving from today's encryption to post-quantum algorithms requires careful planning and years of work. So most organizations are starting with small steps.

Infographic titled 'Quantum preparation across industries' showing five illustrated panels with icons and short text descriptions. The first panel labeled 'Government' shows a domed government building and text 'Mandates require agencies to inventory cryptographic systems and plan migration paths. PKI updates are a major focus.' The second panel labeled 'Finance' shows a gray bank building with text 'Banks and payment networks trial PQC in secure transactions and digital signatures.' The third panel labeled 'Telecoms' shows a person working on telecommunications towers with text 'Running pilots in 5G authentication and TLS handshakes to validate performance at scale.' The fourth panel labeled 'Defense & intelligence' shows a rocket launch structure with text 'Testing PQC for secure communications where long-term confidentiality is critical.' The fifth panel labeled 'Enterprise IT' shows a person working at a computer with text 'Most organizations start with cryptographic inventories and build crypto-agility into new systems.'

Governments are leading the way.

Some have issued mandates requiring agencies to begin inventorying cryptographic systems and planning migration paths.

Updates to public key infrastructure (PKI) are also a major priority, since certificates and trust hierarchies are some of the hardest components to transition. PKI migration is especially complex because it touches nearly every secure transaction, from websites to email to digital identities.

Defense and intelligence sectors are also testing PQC for secure communications where long-term confidentiality is critical.

Telecom providers are running pilots too.

PQC has been tested in 5G authentication and subscriber identity protection.

It's also been trialed in TLS handshakes by browser vendors and major libraries to test compatibility with secure web traffic.

These trials help validate how the algorithms perform at scale and in high-speed environments. They also highlight performance trade-offs and the need for hardware acceleration.

Financial institutions are exploring PQC as well.

Banks and payment networks are beginning to trial PQC in secure transactions and digital signatures. The goal is to protect sensitive data with long-term value, such as customer records and high-value financial contracts.

For most organizations, the first step is a cryptographic inventory.

That means cataloging where algorithms like RSA and ECC are embedded across infrastructure, applications, and vendor products. Without this visibility, planning a migration is almost impossible.

Another priority is building crypto-agility into new systems, as mentioned earlier.

That means designing infrastructure so algorithms can be swapped out quickly and at scale. Because even approved standards may face future weaknesses. So organizations need the ability to adapt without repeating costly rebuilds.

The bottom line: governments, telecoms, and finance are already running pilots and preparing for migration. Most organizations are still in the planning and inventory stage. The shift to quantum-safe cryptography will take time, but readiness efforts are well underway.

 

Is the quantum threat imminent — or still years away?

The quantum threat is already here.

As explained, encrypted data can be stolen today and unlocked later when quantum computers mature. The “harvest now, decrypt later” approach puts long-lived information—like medical files, financial records, and government communications—at risk.

The reality is that urgency really isn't about predicting when quantum computers will arrive. It's about the fact that data stolen now could still hold value in ten or twenty years, long after it's been compromised.

The timeline for large-scale quantum computers is still uncertain. Some predictions point to breakthroughs within a decade, while others suggest it could take much longer. But even if the exact date is unclear, the risk is already material.

That's why preparation can't wait.

"While it's true that experts predict it could be more than a decade before quantum computers can crack existing encryption, the time for cybersecurity preparations is now. The potential threat of quantum computing to existing encryption demands immediate action. Organizations are strongly advised to implement defense-in-depth strategies, prioritize data protection during both transmission and storage, and most importantly, remain adaptable in the face of new threats."
- S. B. Goyal, Vidyapati Kumar, Sardar M. N. Islam, Deepika Ghai (Eds.), Quantum Computing, Cyber Security and Cryptography

Migrating cryptographic systems takes years. Algorithms need to be integrated into protocols, tested for performance, and deployed across vast infrastructures.

Certificates and keys in public key infrastructures also have to be replaced.

And none of that can be done quickly.

The inflection point may not be pinned to a calendar. But the danger is already looming.

So organizations that begin preparing now will be ready when quantum computers reach scale. Those that wait risk being caught unprotected with years of work still ahead.

Get your quantum readiness assessment.

  • Overview of your cryptographic landscape
  • Quantum-safe deployment recommendations
  • Guidance for securing legacy apps & infrastructure
Request assessment

 

Quantum security FAQs

Quantum safe security is the use of cryptographic methods, such as post-quantum algorithms, designed to remain secure even if large-scale quantum computers become practical. It focuses on replacing vulnerable schemes like RSA and ECC while maintaining protection against both classical and quantum attacks.
A quantum secure network uses quantum-resistant cryptography or quantum key distribution to protect data in transit. The goal is to ensure communications remain confidential and authenticated even if quantum computers eventually emerge that could break today’s encryption.
The timeline is uncertain. Some forecasts suggest a decade or more before quantum computers can break RSA or ECC at scale. However, the immediate risk is “harvest now, decrypt later,” where attackers store encrypted data today to unlock once quantum capabilities exist.
Yes, but in context. Quantum computers are not yet able to break encryption. The concern is future risk combined with stolen data that remains valuable for decades. Organizations should start preparing now by planning for post-quantum cryptography and building crypto-agility.
Quantum Random Number Generators (QRNGs) create truly random numbers based on quantum processes, unlike pseudo-random numbers generated by classical algorithms. This enhances encryption strength by ensuring keys are unpredictable and secure.
Post-quantum cryptography (PQC) uses new math-based algorithms that run on classical computers to resist quantum attacks. Quantum cryptography relies on quantum physics—like photon transmission—for security. PQC is software-based and widely deployable, while quantum cryptography requires specialized hardware and remains limited to research and pilot use.
Related content
YouTube playlist: A CISO's Guide to Quantum Security
Binge a 6-video series breaking down why quantum computing is closer than you think but not as difficult.
Podcast: Threat Vector | Is the Quantum Threat Closer Than You Think?
Hear how to start your transition to quantum-resistant cryptography now.
TechDocs: Quantum Security Concepts
Get the facts on resisting the quantum computing threat straight from PANW’s solutions documentation.
Interactive experience: Is Your Organization Ready for a Quantum-Safe Future?
Dive into an immersive overview on quantum threats, PQC, and NIST’s new standards.

Get the latest news, invites to events, and threat alerts