From RSA to post-quantum: How encryption must evolve in a quantum world

Cybersecurity, quantum computing, and why encryption must evolve beyond RSA

For decades, RSA has served as the bedrock of digital trust, securing everything from websites to protecting financial transactions. Cryptographic systems using traditional cryptography such as RSA have enabled organizations to operate with confidence, in what has been an increasingly connected world.

Advances in quantum computing are beginning to challenge this foundation.

As research accelerates, the relationship between cybersecurity and quantum computing is becoming a critical concern for security leaders. The issue is not simply theoretical. If quantum computers reach the scale many experts anticipate, they could break the encryption methods that underpin today’s digital infrastructure as early as 2029.

There are significant implications. Banking systems, telecommunications networks, government communications and cloud services all rely on encryption to function securely. If those protections fail, the digital economy is at risk.

Encryption must evolve. The shift towards quantum-resistance represents the next phase of cybersecurity. Traditional encryption has worked reliably for decades, but quantum computing changes the rules, and organizations must prepare for what comes next.

The role of encryption in modern cybersecurity

Encryption is the process of transforming readable data into a secure format that can only be accessed by authorized parties. In simple terms, it ensures that even if data is intercepted, it cannot be understood without the correct key.

This capability underpins almost every aspect of modern cybersecurity. When you visit a secure website using HTTPS, encryption protects the data exchanged between your browser and the server. Protocols such as TLS ensure that sensitive information, including passwords and payment details, cannot be easily intercepted or altered.

Encryption also plays a central role in authentication and identity. Digital certificates, for example, allow users to verify that they are communicating with legitimate services rather than malicious actors. This trust mechanism is essential for everything from online banking to software updates.

Beyond communication, encryption also protects data at rest and in transit. Whether information is stored in cloud environments, enterprise systems or personal devices, encryption ensures that it remains secure even if access controls are compromised.

At the heart of these capabilities is public key cryptography (PKC), which enables secure key exchange and digital signatures without requiring prior shared secrets. PKC makes large-scale secure communication possible.

Encryption is the foundation of digital trust, supporting the systems and services that organizations and individuals rely on every day.

What is RSA and why has it been so successful?

RSA is one of the most widely used public key cryptographic systems and has been a cornerstone of digital security since its development in the late 1970s by Ron Rivest, Adi Shamir and Leonard Adleman. Its longevity and widespread adoption make it one of the most important technologies in modern cybersecurity.

RSA works by generating a pair of keys: a public key that can be shared openly and a private key that must be kept secure. Its security hinges on the ‘integer factorization problem’ – the fact that while multiplying two massive prime numbers is computationally simple, deriving those primes from their product is nearly impossible for classical computers.

This property has made RSA highly effective for secure communication. It allows parties to exchange information safely without needing to share a secret key in advance. As a result, RSA became a foundational component of internet security.

Its applications are extensive. RSA is used in web security protocols such as HTTPS, enabling secure browsing. It supports digital signatures, ensuring the authenticity and integrity of software and documents. It also plays a role in key exchange, helping establish secure connections between systems. The math behind RSA has remained resistant to classical computing attacks, providing a reliable and trusted mechanism for protecting digital information.

The limits of classical cryptography

Classical (or traditional) cryptography, including systems like RSA and elliptic curve cryptography (ECC), is built on the idea of computational difficulty. Certain mathematical problems are easy to perform in one direction but extremely hard to reverse without specific knowledge, such as a private key. This asymmetry keeps encrypted data secure.

For decades, this model has succeeded because classical computers lack the processing power to solve these problems efficiently at scale. Even with significant advances in computing, the time required to break well-implemented encryption remains impractical.

However, this security is not absolute. It depends entirely on the capabilities of potential attackers. If computing power increases, or new algorithms are developed that can solve these problems more efficiently, the underlying assumptions of security begin to weaken.

This is where the limitation lies. Cryptographic strength is not fixed. It evolves alongside technology. What is considered secure today might not remain secure in the future.

Quantum computing represents precisely this type of shift. It introduces a new computational model that challenges the hardness assumptions on which classical cryptography depends. As a result, systems that have been trusted for decades might no longer provide the same level of protection.

Cryptography is not static. It must adapt to changes in the threat landscape, and quantum computing is one of the most significant changes it has faced.

How quantum computing changes the threat landscape

Quantum computing operates on fundamentally different principles from classical computing. Instead of using bits that represent either 0 or 1, quantum computers use qubits, which can represent multiple states simultaneously. This allows certain types of calculations to be performed far more efficiently.

This shift has direct implications for cybersecurity. It affects the mathematical problems that underpin public key cryptography. In 1994, Peter Shor demonstrated that a quantum algorithm could factor large numbers efficiently, a task that is currently infeasible for classical computers. Shor proved that widely used encryption systems such as RSA could be broken by a sufficiently powerful quantum computer.

The impact extends beyond RSA. ECC, which is widely used for secure communications and digital signatures, is also vulnerable to quantum attacks based on similar principles. Together, these systems form the backbone of public key infrastructure, supporting secure websites, virtual private networks, software distribution, and more.

The real-world implications are significant. If these cryptographic systems are compromised, it could undermine secure communications, expose sensitive data, and disrupt trust across digital services.

While large-scale quantum computers capable of executing these attacks do not yet exist, progress is accelerating. Organizations such as IBM and Google continue to advance quantum hardware and research, bringing practical applications closer to reality.

Quantum computing does not just improve existing capabilities. It changes the rules entirely, creating new risks that current security models were not designed to address.

Cybersecurity and quantum computing: Why timing matters

One of the most important aspects of the relationship between cybersecurity and quantum computing is timing.

The threat posed by quantum computing is often framed as a future problem, but in reality, its impact is already being felt.

“Harvest now, decrypt later” (HNDL) strategies highlight this issue. In an HNDL attack, adversaries can intercept encrypted data today and store it, with the intention of decrypting it when quantum capabilities become available. It is particularly concerning for data that needs to remain confidential for many years, such as financial records, intellectual property or government communications.

The timeline for large-scale quantum computers remains uncertain. Some estimates suggest it could take a decade or more, while others anticipate faster progress. What is clear, however, is that the transition to new cryptographic standards will take many years.

This creates a time gap between when quantum threats become viable and when organizations are fully prepared to defend against them. Closing this gap requires early action.

The key point is that organizations cannot afford to wait until quantum computers are fully realized. By then, it will be too late to protect sensitive data that has already been exposed.

The emergence of post-quantum cryptography

Post-quantum cryptography (PQC) has emerged as the most practical and scalable solution to the challenges posed by quantum computing. Unlike approaches that rely on quantum technologies themselves, PQC focuses on developing new cryptographic algorithms that can run on classical systems while resisting both classical and quantum attacks.

These algorithms are based on different mathematical foundations, such as lattice-based, hash-based, and code-based cryptography. These techniques are believed to be resistant to quantum attacks, making them suitable replacements for vulnerable systems like RSA and elliptic curve cryptography.

The development of PQC has been driven by global collaboration. NIST (the National Institute of Standards and Technology) has led a multi-year process to evaluate and standardize quantum-resistant algorithms. The first selections, announced in 2022, marked a significant milestone in making quantum-safe cryptography ready for real-world deployment.

One of the key advantages of PQC is that it can be implemented using existing infrastructure. This allows organizations to begin transitioning today, without waiting for quantum computers to become operational.

For companies such as PQShield, the focus is on converting these algorithms into practical solutions. By providing optimized software and hardware implementations, these providers enable organizations to integrate PQC into real systems, ensuring that security evolves in line with emerging threats.

From RSA to PQC: What changes in practice?

he transition from RSA to post-quantum cryptography is not simply a matter of replacing one algorithm with another. It introduces practical considerations that organizations must address.

For example, one key difference is key sizes. Many PQC algorithms use larger keys than RSA or elliptic curve systems, which can affect bandwidth, storage and processing. This is particularly relevant for constrained environments such as IoT and embedded systems.

Performance is another factor. Some PQC algorithms are efficient, while others introduce additional overhead. Balancing security with performance is critical, especially in high-throughput environments like telecommunications and cloud platforms.

The underlying mathematics also changes. RSA relies on number factorization, whereas PQC algorithms are typically based on lattice or hash-based problems. This shift requires new expertise and careful implementation.

In practice, many organizations are adopting hybrid approaches that combine classical and post-quantum algorithms. This provides protection against both current and future threats while enabling a gradual transition.

The move from RSA to PQC is evolutionary, but it requires planning, testing and optimization to ensure both security and performance are maintained.

Challenges in migrating to quantum-safe encryption

Migrating to quantum-safe encryption presents challenges, particularly for organizations with complex or legacy systems. Many infrastructures were not designed with cryptographic flexibility, making updates difficult.

Legacy systems are a major barrier. Cryptography is often deeply embedded and cannot be easily replaced without redesign, especially in sectors like industrial IoT, automotive and critical infrastructure.

Performance constraints must also be considered. PQC algorithms can require more computational resources, which is a concern for devices with limited power or processing capability.

Interoperability is also worth considering. As standards evolve, organizations must ensure compatibility across systems, partners and regulatory requirements. Alignment with frameworks from bodies such as NIST is essential.

Additionally, there is a potential skills gap. Implementing PQC requires specialized expertise that many organizations are still developing.

Despite these challenges, the transition is manageable with the right strategy. PQShield helps simplify integration, enabling quantum-safe encryption across diverse environments.

What security leaders should do now

Security leaders play a key role in preparing for quantum-safe encryption, starting with visibility into current cryptographic usage.

A cryptographic inventory is essential to identify where encryption is used and which algorithms are in place. This enables organizations to assess risk and prioritise action.

Focus should then shift to high-risk systems, particularly those handling sensitive or long-lived data exposed to HNDL threats.

Testing PQC in real-world environments is another important step. This helps organizations understand performance and integration requirements while building confidence in deployment.

Cryptographic agility is critical. Systems should be designed to allow cryptographic components to be updated without major disruption, ensuring adaptability as standards evolve.

Working with experienced partners can accelerate progress. PQShield supports integration across software, hardware and systems, helping organizations transition efficiently.

Taking these steps now reduces long-term risk and enables a smoother move to quantum-safe security.

The future of encryption in a quantum world

Encryption will remain central to cybersecurity, even as technologies evolve. The shift to post-quantum cryptography is part of a broader pattern of adapting to new threats.

In a quantum world, security will rely on a combination of approaches. PQC will form a core foundation, supported by advances in system design, hardware security, and crypto agility. Ongoing research will continue to refine algorithms and improve performance.

Adaptability is essential. Organizations that build flexible systems and align with evolving standards will be better positioned to respond to change.

The relationship between cyber security and quantum computing will continue to develop, but the goal remains the same: protecting data, systems, and trust.

Preparing for the shift to quantum-safe encryption

The move from RSA to post-quantum cryptography reflects a broader transformation in cybersecurity. Trusted systems must now evolve to address emerging threats.

Quantum computing introduces risk, but also an opportunity to strengthen long-term security. By adopting quantum-resistant algorithms and building flexible systems, organizations can future-proof their infrastructure.

This transition will take time and requires careful planning. However, momentum is already building, with global standards and increasing adoption shaping the path forward. Security leaders who act early will be better prepared to manage this shift and maintain trust in their systems.

Encryption is not being replaced. It is evolving, and organizations that embrace this change will be best positioned for the future.

Book a call with PQShield to understand your next step in preparing for a quantum-safe future.