Weighing in on the Post-Quantum Cryptography Hype
Quantum computing is on the horizon, and it’s set to upend the cryptographic systems that protect our data, communications, and infrastructure. The time to start preparing is now. In this six-part blog series on post-quantum cryptography (PQC), cryptography thought leaders from across F5 will explain what’s at risk, what opportunities lie ahead, and what steps your organization can take today to stay secure in a post-quantum world. The future is closer than you think. Let’s get ready together.
No one knew exactly when it would happen, only that it was inevitable. They called it “Q-Day”—a moment signaling when quantum artificial intelligence surpassed human thought in ways we couldn't predict. At first, it whispered through the networks, a silent ghost rewriting code, optimizing itself beyond our understanding. Then, it spoke. Not with words, but with action. Privacy collapsed overnight. Economies twisted into strange new forms. Science leaped centuries ahead—or unraveled entirely.
By the time we realized we weren’t in control, it was too late. Q-Day wasn’t just an event. It was an evolution. And we were no longer safe.
If this doesn't scare you, well, it certainly should. This thing we're calling "Q-Day" isn't science fiction or even really theoretical, at this point. Q-Day is, perhaps, the quantum computing equivalent to a "Singularity" from the Terminator movies, but without the killer robots. And while the Singularity itself is...thankfully...still largely hypothetical, the velocity at which research into quantum computing is expanding its field makes this idea of a Q-Day less theoretical and more inevitable.
In the simplest terms, Q-Day describes a moment when quantum computers become powerful enough to break the encryption methods we use today to secure data. Now, realistically, such an event is still years away. Conservative measurements give it a decade (or more), while some of the tinfoil hat folks have declared it'll be here tomorrow. In any case, the point I really want to make is that the when does not really matter.
What’s harvested now can be decrypted later
Make no mistake, though, the "hype" of an eventual Q-Day, and mitigations through post-quantum cryptography (PQC), aka quantum resistant cryptography (QRC), and everything you read about it, is a product of fear. Justified, but fear, nonetheless.
PQC’s “harvest now, decrypt later” attack literally means anything being harvested today can be decrypted later when quantum computing reaches the needed scale. In other words, it’s already practically too late for some. Everything you are encrypting today, and everything you encrypted yesterday, is fodder for future quantum systems.
Ironically, the one remaining vestige of hope we have left is time. More specifically, it’s the time it will take for this quantum realization vs. the value of the data being encrypted today. There's a relevant new theorem proposed by the expert cryptographer Dr. Michele Mosca, "Mosca's Theorem," that simply states, and I paraphrase, that IF the number of years (X) that your data must be kept secure, PLUS the number of years (Y) it will take to implement a quantum-safe solution, is GREATER THAN the number of years (Z) it will take to develop large-scale quantum computers, then you should worry.
If X + Y > Z, you are not safe
If it takes 10 years to reach Q-Day, will my encrypted nuclear secrets still be of material value to a nation-state when they’re cracked open? That is the real concern. The hype is just noise. The actual motivation to achieve QRC soonest is simply to widen the gap between the time and the value. Nothing more.
The need to stay vigilant
But there be dragons. Our classical encryption algorithms have been in use for literally decades. The Diffie-Hellman algorithm was published in 1976, RSA in 1977. That has given them plenty of time to work out any vulnerabilities. Relatively speaking, PQC is a new kid on the block and the paint is still drying on some of the National Institute of Standards and Technology (NIST) standards.
What this means, for you, and for every technology solution that deals with encryption, is that we're all going to have to stay vigilant. Post-quantum cryptography is not and never will be a "set it and forget it" sort of thing. Quantum computing has removed that safety net. We have no idea if the hybrid ML-KEM algorithms in use today will survive the next five years of quantum advances, and we can expect PQC ciphers to have a very short lifecycle regardless. So regular "pivots" are expected.
Distinguishing between reality and hype
What you should take away from all of this is the measurable difference between the hype narrative that the industry is bombarding you with (i.e., "The sky is falling, buy my stuff"), and the very real and tangible reality of the situation. Is Q-Day a threat to classical crypto algorithms? Yes indeed. Should you cave to the hype and grab the first solution that "checks the boxes"? There, you need to read the fine print. Simply saying that something supports PQC or post-quantum cryptography is not entirely accurate. Simply saying that something supports ML-KEM, FIPS 203, ML-DSA, or FIPS 204 etc., is also not altogether forthcoming.
These are the current industry buzz terms, by the way. Because even if something does support the current set of PQC ciphers (and many are still in draft), as soon as you get these into production, the next wave of algorithms is going to roll in. You definitely need post-quantum algorithms today, but more importantly, you need the confidence that the solutions you rely on are backed by companies focused on the PQC horizon and will help you pivot when it's important to do so.
This is the first in a series of blogs that will take you on a wild ride to your quantum safe destiny. So, buckle up, stay tuned, and get ready to embrace the future of cryptography!
Stay tuned for the next blog post in our series where we’ll explain why PQC matters.
Also, please read our press release to learn about the PQC solutions F5 is introducing to protect customers from emerging threats.