Quantum Threat Timeline
When will quantum computers break today's cryptography? This timeline shows estimated threat windows for common algorithms and why migrating to post-quantum cryptography matters now.
"Harvest Now, Decrypt Later" — The Threat Is Already Here
Adversaries are already intercepting and storing encrypted communications today, planning to decrypt them once quantum computers become powerful enough. This means data with long-term sensitivity — medical records, state secrets, financial data — is at risk right now, even before a cryptographically relevant quantum computer (CRQC) exists.
Encrypted traffic is captured and stored in bulk by nation-state actors today.
Stored ciphertexts are kept until quantum computers mature (estimated 2030–2035).
Shor's algorithm retroactively decrypts all stored RSA/ECC-protected data.
⟶ This is why NIST urges migration to PQC standards before quantum computers arrive.