Shouldn’t the goals be the other way round?
There already is quantum-resistant encryption. Currently, only a few categories of encryption are vulnerable to quantum-based attacks. There may be more in the future, but that’s only speculation.
Well they’re in luck; the US already has working quantum computers, and quantum-resistant encryption.
Can you elaborate? Just curious what you are referring to.
I don’t know what he’s talking about, but maybe he’s saying that the US already has quantum computers capable of breaking modern cryptography, and that it’s time to move to Post Quantum Cryptography (PGC). The process is pretty far along:
- https://postquantum.com/industry-news/microsoft-pqc-windows/
- https://www.redhat.com/en/blog/whats-new-post-quantum-cryptography-rhel-101
Both sites mention “harvest now, decrypt later.” That’s an attack where someone could scoop up all the encrypted traffic/files/whatever, and just store it until quantum computers are effective at breaking it. Because of the nature of the topic nobody who knows for sure is going to say, but it’s not going to be cheap to replace all the crypto out there with PGC so there’s a reason to think there’s a need even if nobody will confirm anything. I personally think just the possibility of the attack is enough reason to move if the algorithms are already in place. If you’ve got encrypted data and you expected it to stay unreadable for hundreds of years, then there’s reason to think that’s not achievable right now.
Replying to myself here and including a link that just dropped:
- https://lemmy.world/post/48881740
- https://nsa.2026.action.cr.yp.to/
- https://blog.cr.yp.to/20260405-votes.html
Apparently the debate was more spirited than I thought. The argument appears to revolve around whether it’s OK to jump to the new stuff directly, or use a combination of the old and new.
I think this is how I can message people…


