Security Risks for Enterprises in the Post-Quantum Computing World
DOI:
https://doi.org/10.63282/3050-9246.IJETCSIT-V7I1P147Keywords:
Post-Quantum Cryptography, Quantum Computing, Enterprise Security, HNDL, Shor's Algorithm, NIST PQC Standards, Crypto-Agility, Key Management, TLS, PKI, FIPS 203, FIPS 204, FIPS 205, ML-KEM, ML-DSA, SLH-DSAAbstract
The arrival of cryptographically relevant quantum computers (CRQCs) represents an existential threat to the public-key cryptographic infrastructure underpinning global enterprise operations. Enterprise security today relies on RSA and elliptic-curve cryptography (ECC) for TLS, VPNs, PKI, code signing, and identity systems—all of which are fundamentally broken by Shor's algorithm on a sufficiently powerful quantum computer. The defining risk is time-shifted compromise: adversaries can harvest encrypted traffic today and decrypt it once CRQCs exist, a threat already underway according to U.S. intelligence assessments. NIST finalized three post-quantum cryptographic (PQC) standards in August 2024 (FIPS 203/204/205) and mandates deprecation of quantum-vulnerable algorithms by 2035. Yet only 5% of organizations have implemented quantum-safe encryption and 95% lack formal quantum transition plans. This paper provides a comprehensive, threat-driven analysis across seven dimensions: quantum algorithm impact, harvest-now-decrypt-later (HNDL) threat models, enterprise asset risks (PKI, TLS, VPNs, code signing, cloud, IoT, identity, blockchain, supply chain), sector-specific vulnerabilities (financial services, healthcare, critical infrastructure), cryptographic primitive analysis, migration standards and roadmaps, and enterprise readiness gaps. The convergence of HNDL attacks already underway, multi-decade data sensitivity windows, and 12–15 year enterprise migration timelines means the migration deadline has, for most sectors, already passed.
Downloads
References
[1] P. W. Shor, "Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer," SIAM Review, vol. 41, no. 2, pp. 303–332, 1999.
[2] M. Roetteler, M. Naehrig, K. M. Svore, and K. Lauter, "Quantum resource estimates for computing elliptic curve discrete logarithms," IACR ePrint Archive, Report 2017/598, 2017. Available: https://eprint.iacr.org/2017/598.pdf
[3] NIST, "On the practical cost of Grover for AES key recovery," presented at Fifth PQC Standardization Conf., 2024.
[4] M. Mosca and M. Piani, "Quantum Threat Timeline Report 2024," Global Risk Institute, Toronto, Dec. 2024. Available: https://globalriskinstitute.org/publication/2024-quantum-threat-timeline-report/
[5] Boston Consulting Group, "The long-term forecast for quantum computing still looks bright," BCG, Boston, Jul. 2024. Available: https://www.bcg.com/publications/2024/long-term-forecast-for-quantum-computing-still-looks-bright
[6] Gartner, "Top strategic technology trends for 2025: Postquantum cryptography," Gartner, Inc., Stamford, CT, Oct. 2024. Available: https://www.gartner.com/en/documents/5850047
[7] NSA, "Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) Algorithms," Cybersecurity Advisory, ver. 2.1, ay 2025. Available: https://media.defense.gov/2025/May/30/2003728741/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS.PDF
[8] NIST, "Transition to Post-Quantum Cryptography Standards," NIST IR 8547 (Initial Public Draft), Nov. 2024. DOI: https://doi.org/10.6028/NIST.IR.8547.ipd
[9] UK NCSC, "Timelines for migration to post-quantum cryptography," National Cyber Security Centre, Mar. 2025. Available: https://www.ncsc.gov.uk/guidance/pqc-migration-timelines
[10] H. Neven, "Meet Willow, our state-of-the-art quantum chip," Google Blog, Dec. 9, 2024. Available: https://blog.google/innovation-and-ai/technology/research/google-willow-quantum-chip/
[11] Microsoft, "Microsoft unveils Majorana 1, the world's first quantum processor powered by topological qubits," Azure Quantum Blog, Feb. 19, 2025.
[12] C. Gidney and M. Ekerå, "How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits," Quantum, vol. 5, p. 433, Apr. 2021. DOI: 10.22331/q-2021-04-15-433.
[13] C. Gidney, "How to factor 2048 bit RSA integers with less than a million noisy qubits," arXiv preprint, arXiv:2505.15917, May 2025.
[14] MDPI, "Harvest-now, decrypt-later: A temporal cybersecurity risk in the quantum transition," Telecom, vol. 6, no. 4, art. 100, 2025. Available: https://www.mdpi.com/2673-4001/6/4/100
[15] J. Mascelli and M. Rodden, "'Harvest now decrypt later': Examining post-quantum cryptography and the data privacy risks for distributed ledger networks," Finance and Economics Discussion Series 2025-093, Board of Governors of the Federal Reserve System, Washington, DC, 2025.
[16] MDPI, "Towards a unified quantum risk assessment," Electronics, vol. 14, no. 17, art. 3338, 2025.
[17] M. Mosca, "Cybersecurity in a quantum world: Will we be ready?" presented at NIST Workshop on Cybersecurity in a Post-Quantum World, Apr. 3, 2015.
[18] The White House, "National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems (NSM-10)," May 4, 2022.
[19] NSA, CISA, and NIST, "Quantum-readiness: Migration to post-quantum cryptography," Cybersecurity Information Sheet, Aug. 21, 2023.
[20] Congressional Research Service, "Preparing secrets for a post-quantum world," CRS In Focus IN11921, 2022.
[21] C. C. Demchak and Y. Shavitt, "China's maxim—Leave no access point unexploited: The hidden story of China Telecom's BGP hijacking," Military Cyber Affairs, vol. 3, iss. 1, art. 7, 2018.
[22] Mastercard, "Migration to post-quantum cryptography," Mastercard R&D White Paper, 2025.
[23] M. Ivezic, "Payments and the race to quantum safety," PostQuantum.com, Feb. 23, 2026.
[24] BIS, "Project Leap phase 2: Quantum-proofing payment systems," BIS Innovation Hub, 2025. Available: https://www.bis.org/publ/othp107.htm
[25] A. Butler and A. Herman, "Prosperity at risk: The quantum computer threat to the US financial system," Hudson Institute, Washington, DC, Apr. 2023.
[26] Ledger Donjon, "Quantum computing's threat to blockchain," Ledger Blog, 2025. Available: https://www.ledger.com/blog-quantum-computing-threat-to-blockchain
[27] BIS, "Quantum-proofing the financial system," BIS Paper No. 67, 2022. Available: https://www.bis.org/publ/othp67.pdf
[28] NIST, "Transition to Post-Quantum Cryptography Standards," NIST IR 8547 (IPD), Nov. 2024.
[29] MAS, "Advisory on addressing the cybersecurity risks associated with quantum," Circular No. MAS/TCRS/2024/01, Monetary Authority of Singapore, Feb. 20, 2024.
[30] UK NCSC, "Quantum-safe cryptography: Guidance," National Cyber Security Centre, 2023. Available: https://business.cch.com/CybersecurityPrivacy/ncscquantumguidance.pdf
[31] I. Scanlon and C. Zweifel-Keegan, "A quantum of context: Cybersecurity law after Q-Day," IAPP, 2025.
[32] MedCrypt, "Navigating post-quantum cryptography in medical device cybersecurity," MedCrypt Blog, 2025.
[33] CISA, "Post-quantum considerations for operational technology," DHS/CISA, Oct. 2024. Available: https://www.cisa.gov/sites/default/files/2024-10/Post-Quantum%20Considerations%20for%20Operational%20Technology%20(508).pdf
[34] M. J. D. Vermeer et al., "Evaluating cryptographic vulnerabilities created by quantum computing in industrial control systems," RAND Corporation, RR-A2427-1, 2023.
[35] APNIC, "How can RPKI be made quantum-safe?" APNIC Blog, Jul. 2025. Available: https://blog.apnic.net/2025/07/22/how-can-rpki-can-be-made-quantum-safe/
[36] P1 Security, "Post quantum cryptography for mobile networks," P1 Security Blog, 2025.
[37] Thales Group, "Thales sets world first with remote post-quantum 5G SIM upgrade," BusinessWire, Mar. 2, 2026.
[38] Ericsson, "Impact of quantum computing on 5G & 6G security," Ericsson, 2025.
[39] NIST, "Module-lattice-based key-encapsulation mechanism standard," FIPS 203, Aug. 13, 2024. DOI: https://doi.org/10.6028/NIST.FIPS.203
[40] NIST, "Module-lattice-based digital signature standard," FIPS 204, Aug. 13, 2024. DOI: https://doi.org/10.6028/NIST.FIPS.204
[41] NIST, "Stateless hash-based digital signature standard," FIPS 205, Aug. 13, 2024. DOI: https://doi.org/10.6028/NIST.FIPS.205
[42] Cloudflare, "State of the post-quantum Internet in 2025," Cloudflare Blog, 2025. Available: https://blog.cloudflare.com/pq-2025/
[43] NIST, "Considerations for achieving crypto agility: Strategies and practices," NIST CSWP 39, Dec. 2025.
[44] Entrust and Ponemon Institute, "2024 PKI and post-quantum trends study," Entrust, 2024. Available: https://www.entrust.com/resources/reports/ponemon-post-quantum-report
[45] T. D. Le, P. H. Do, et al., "Are enterprises ready for quantum-safe cybersecurity?" arXiv preprint, arXiv:2509.01731, Sep. 2025.
[46] ISACA, "Quantum Computing Pulse Poll 2025," ISACA, Schaumburg, IL, Apr. 28, 2025. Available: https://www.isaca.org/resources/quantum-pulse-poll
[47] KPMG, "Quantum is coming—and bringing new cybersecurity threats with it," KPMG Global, Mar. 2024.
[48] DigiCert, "Quantum readiness gap: A DigiCert study on quantum-safe encryption," DigiCert, May 8, 2025.
[49] Office of Management and Budget, "Report on post-quantum cryptography," The White House, Washington, DC, Jul. 2024.
[50] McKinsey & Company, "Quantum communication growth drivers: Cybersecurity and quantum computing," McKinsey Digital, 2025.
[51] European Commission, "Coordinated implementation roadmap for the transition to post-quantum cryptography," NIS Cooperation Group, Jun. 23, 2025.
[52] UK NCSC, "Timelines for migration to post-quantum cryptography," National Cyber Security Centre, Mar. 2025. Available: https://www.ncsc.gov.uk/guidance/pqc-migration-timelines
[53] ENISA, "Post-quantum cryptography: Current state and quantum mitigation," v2, European Union Agency for Cybersecurity, May 2021.
[54] NIST NCCoE, "Migration to post-quantum cryptography," NIST SP 1800-38B (Preliminary Draft), Dec. 2023.
[55] CISA, "Strategy for migrating to automated post-quantum cryptography discovery and inventory tools," CISA, Sep. 2024.
[56] IBM Research, "Cryptographic Bill of Materials (CBOM) speeds quantum safe adoption," IBM Research Blog, 2023.
[57] NSA, "Quantum Key Distribution (QKD) and Quantum Cryptography (QC)," NSA Cybersecurity, 2021.
[58] NIST, "Mappings of migration to PQC project capabilities to risk framework documents," NIST CSWP 48 (Initial Public Draft), Sep. 2025.
[59] NIST, "Recommendation for stateful hash-based signature schemes," NIST SP 800-208, 2020.
[60] NIST, "NIST Selects HQC as Fifth Algorithm for Post-Quantum Encryption," Mar. 2025. Available: https://www.nist.gov/news-events/news/2025/03/nist-selects-hqc-fifth-algorithm-post-quantum-encryption
