The Quantum Threat of 2035: Why Now is the Time for Quantum Security
Quantum computers are on the verge of shaking the foundations of digital security. They could solve previously unsolvable problems, such as the efficient factorization of large prime numbers in polynomial time, and thus override traditional methods such as RSA, ECC or DH.
Gerald Eid
What is safe today could be exposed tomorrow. This is not a science fiction story, but a real threat with a foreseeable time horizon. Forecasts assume that a "cryptographically relevant" quantum computer could become a reality by 2028 at the latest, conservatively calculated even by 2035.
Financial systems, state communication and sensitive health data would then be massively at risk. Then there is the "harvest now, decrypt later" principle: Attackers could intercept and store data today in order to decrypt it later using quantum computers.
In a world with long-lived systems and high data values, this risk is acute. The consequence: organizations must act now. The most effective defense is post-quantum cryptography (PQC): Procedures specifically designed to withstand attacks from powerful quantum computers.
About the Author
Gerald Eid started in his role as Managing Director for Germany at Getronics in 2014 and is now the DACH Regional Managing Director.
In 1988 he began his professional career at Daimler then moved to Debis Systemhaus in 1996 where he held various senior management and executive roles in Sales, Service Management and Operations. Before he moved to Getronics he was director of the T-Systems IDS GmbH.
Post-Quantum Cryptography: New Algorithms for a New Threat
PQC comprises cryptographic algorithms for encryption, digital signatures and key exchange that also withstand quantum attacks. In contrast to quantum cryptography, PQC does not use quantum physics, but mathematical problems that are unsolvable for both classical and quantum computers.
The changeover will not happen overnight, but will require planning. In the transition phase, hybrid encryption is gaining in importance. This involves using a classic algorithm (e.g. RSA or ECC) and a PQC algorithm in parallel. Even if one component is compromised, the other provides protection. NIST explicitly recommends such hybrid PQC+ traditional solutions.
ETSI has already published ETSI TS 104 015 (Covercrypt), a standard for quantum-safe hybrid key exchange procedures. This allows PQC to be introduced gradually without abruptly switching off the existing cryptography, and compatibility is maintained.
Why IT Security Needs to Take Action Now
The introduction of new cryptography can take 10 to 20 years. Anyone who only reacts when a quantum computer is ready for use is too late, because data that is already being transmitted today will have been compromised.
Mosca's inequality illustrates the urgency: If X (years in which data must remain secure) + Y (years for the migration to PQC) is greater than Z (years until the quantum breach), you are in the danger zone. However, Z shrinks with every advance.
IBM, for example, is planning quantum processors with thousands of qubits for the early 2030s, which will be powerful enough to break current cryptography.
Measures for Future Quantum Security
1. Carry out a Crypto Inventory
This involves determining where cryptography is used in the company. Applications, protocols, devices. In particular, systems that process sensitive data over the long term should be prioritized during the changeover. The analysis must include on-premise, cloud and IoT.
2. Evaluate "Quantum Shelf Life"
The quantum shelf life of the data must be estimated on the basis of the inventory. Data that must remain confidential for longer than ten years is most likely already at risk today. The migration plan should be aligned with the threat horizon.
3. Work With Vendors and Ensure Crypto-Agility
Include PQC readiness in procurement requirements and integrate post-quantum clauses into contracts. Design systems so that algorithms are updateable.
4. Test Hybrid and PQC Solutions
Test PQC algorithms such as CRYSTALS-Kyber or Dilithium in test environments. Introduce hybrid encryption for critical data flows. The impact on performance and storage requirements must be examined at an early stage.
5. Expand Infrastructure and Know-How
Plan for cryptoagile hardware, updated operating systems and more memory for larger certificates. Train security teams in PQC and pay attention to NIST, ETSI and ISO standards.
Making IT Security Quantum-Safe
The quantum threat is real and getting closer. Quantum computers could break RSA and ECC encryption by 2035 at the latest. Those who wait risk data loss, regulatory consequences and reputational damage. That's why organizations should conduct a complete inventory now, plan for post-quantum standards and implement a migration plan by 2035 at the latest. During the transition phase, hybrid processes offer protection.
Flexible, cryptoagile infrastructures, continuous monitoring and regular updates are crucial to protect sensitive data in the quantum era.
