The honest objection to post-quantum cryptography is a good one: no machine on Earth can break a properly configured 2048-bit key today, and the cryptographically relevant quantum computer is, depending on who you ask, a decade or more away. So why spend effort now on a threat that is not here?
Because the timeline that matters is not "when can it be broken." It is "how long does this data need to stay secret." For some of what an exam platform handles, that answer is measured in decades.
Harvest now, decrypt later
The attack does not require a quantum computer today. It requires patience. An adversary records encrypted traffic now — session data, identity documents, the contents of a high-stakes exam bank — and simply stores it. When a capable quantum machine eventually arrives, they decrypt the archive retroactively.
So the real question for any given piece of data is blunt: if someone reads this in 2040, does it still hurt? A throwaway session token, no. A candidate's identity documents, the seed of a professional credential, the unreleased question bank a programme reuses for years — yes. That data has a long shelf life, and "we'll migrate when quantum is real" means it was already harvested while you waited.
You do not get to choose when the adversary decrypts. You only get to choose whether the data was protected when they captured it.
The standards are no longer hypothetical
This used to be a research-paper conversation. It is now a procurement one. In 2024 NIST finalised the first post-quantum standards — FIPS 203 for key encapsulation and its companions for signatures — drawn from years of public competition and review. There is now a concrete, vetted target to migrate toward, which removes the last good excuse to wait for the dust to settle. The dust has settled.
What a sane migration looks like
Nobody flips a switch to "quantum-safe." The migrations that go well share a few habits:
- Inventory first. You cannot protect what you have not located. Find where long-lived secrets actually live before touching algorithms.
- Go hybrid. Run a classical and a post-quantum algorithm together so a flaw in the new, less battle-tested scheme cannot leave you worse off than before.
- Prioritise by shelf life. Migrate the decades-secret data first. Ephemeral tokens can wait.
- Build for agility. Treat the algorithm as swappable, because it will be swapped again. Crypto-agility is the durable win, not any single cipher.
This is the work behind our post-quantum cryptography practice, and it is part of why OroLink treats its transport as something to be upgraded over a credential's lifetime rather than fixed at launch.
The unglamorous conclusion
Post-quantum migration is not exciting and the threat is not at your door. But the data you most need to keep secret is exactly the data with the longest memory, and it is being recorded now to be read later. Starting early is not paranoia — it is just matching the protection to how long the secret has to last. If you want to map your own exposure, our team is happy to walk through where to begin.
Discussion 0
Sign in or create a free account to comment and vote.
No comments yet. Be the first to share your thoughts.