LatticeScan
← All news
post-quantumbackground

The quantum clock has already started

A quantum computer that breaks today’s encryption does not exist yet. That has not stopped the damage from beginning, or governments from setting deadlines.

The strange thing about the quantum threat to encryption is that the harm starts before the machine does.

Harvest now, decrypt later

An attacker does not need a working quantum computer to hurt you today. They can record your encrypted traffic now, store it cheaply, and decrypt it years later when a capable machine exists. Anything that has to stay private for a decade, medical records, contracts, source code, government data, is already exposed. This is why security teams treat the quantum transition as a present problem, not a future one.

The fix is not the hard part

In 2024 NIST finalized the replacement algorithms: ML-KEM for key exchange and ML-DSA for signatures. They are already shipping in major browsers and CDNs. The algorithms are settled. What is not settled, for almost every company, is a simple question: where is your cryptography, and which of it is still vulnerable?

Most organizations cannot answer that. They have certificates and keys spread across public sites, internal services, code, and the software they buy, and no single inventory of any of it.

Deadlines are appearing

Governments have started putting dates on this. The United States has directed federal agencies and their suppliers toward post-quantum standards, with milestones landing around 2030. Where the government moves, regulated industries and their supply chains follow. The vendor questionnaires are already starting to change.

Where to start

Knowing where you stand takes about ten seconds. Scan your main domain, see which connections already use post-quantum key exchange and which do not, and get an inventory you can actually hand to a security reviewer.

Get the next one

We email when there is something new. No noise.