Quantum Computing Threatens Public‑Key Encryption – Emerging Risk for All Sectors
What Happened – Researchers warn that the gradual emergence of cryptographically‑relevant quantum computers (CRQCs) will soon render today’s public‑key algorithms (RSA, ECC, DH) ineffective, exposing data, identities, and software supply‑chains. “Harvest‑now, decrypt‑later” activities are already collecting ciphertext for future decryption.
Why It Matters for TPRM –
- Legacy encryption in third‑party contracts may become obsolete, creating compliance gaps.
- Supply‑chain partners that rely on PKI could be compromised, amplifying indirect risk.
- Delayed migration to post‑quantum cryptography (PQC) drives cost spikes and operational disruption after 2026.
Who Is Affected – Financial services, healthcare, defense, SaaS providers, cloud hosts, IoT manufacturers, and any organization that exchanges data protected by RSA/ECC/DH.
Recommended Actions –
- Inventory all third‑party assets that use public‑key cryptography (TLS, VPN, SSH, code signing).
- Verify that vendors have a documented PQC migration roadmap aligned with NIST and regional regulations.
- Prioritize “harvest‑now” data for re‑encryption with quantum‑resistant algorithms where feasible.
Technical Notes – The risk stems from quantum algorithms (Shor’s algorithm) that can solve integer factorisation and discrete‑log problems in polynomial time. No specific CVE; the threat is a future‑oriented cryptographic break. Data types at risk include encrypted files, TLS traffic, VPN tunnels, SSH sessions, and digitally signed binaries. Source: Recorded Future – Quantum Risk Explained