The concept of Quantum Computing has raised high expectations for the next generation of computing, similar to the birth of computing in mid 1900’s, when ENIAC was powered for the first time. Although several challenges still burden the commercial availability of a general-purpose quantum computer, the breakthrough potential is huge and so are the challenges arising from the -needed- computing landscape refactoring.

Implications are mostly for current encryption techniques, which have dominated transport-layer security, protecting HTTP traffic. These techniques largely rely on the premise that cracking keys and factoring prime numbers is impossible within an attacker’s lifetime, considering the capabilities of today’s supercomputers. This assumption was challenged in 1995 by Peter Shor who proposed a polynomial-time quantum algorithm for this problem, which reduced an original problem of exponential complexity into one of polynomial complexity, thus allowing quantum computers to solve the numbers’ factoring problem in amazingly short time1.

Although Quantum Computing technology has only allowed to factor 35 as the biggest number so far on IBM’s Quantum Computer2, running Shor’s algorithm on a large integer -like 2048 bit RSA keys – is still a distant target. In addition, due to complexities of science and engineering, it is difficult to predict when the first fully functional quantum computer will be available, but steady progress is being made, and some argue it could be within the next few decades3.

Acknowledging the significance of post-quantum cryptography, several European National Agencies authorities have been investigating and preparing for potential mitigations. ENISA has proactively provided 2 proposals for system owners in order to protect against a quantum attacker, including hybrid implementations of pre-quantum and post-quantum schemes, and mixing of pre-shared keys into all keys established via public-key cryptography. However, these solutions come at considerable cost and at limited scope, since they apply to systems which keep state and have a limited set of peers4.

As preliminary standardization steps, the U.S. National Institute of Standards and Technology (NIST) in 2016 announced a call for post-quantum asymmetric encryption algorithms, as well as a call for digital-signature algorithms. The draft standards should be available in the timeframe between 2022-20245. The European Telecommunications Standards Institute (ETSI) has published multiple reports investigating various aspects of quantum computing6 7 , as well as providing migration strategies and recommendations for Quantum-Safe schemes, and enhancing cryptography awareness across all business sectors8, while monitoring the status of NIST standardization.

So, whatever the timeframe for breaking traditional cryptography and releasing quantum-safe standards, the digital world must be prepared for an unprecedented transition to post-quantum cryptographic schemes, which would affect any web application and service and which could last for decades till its full transition.  


2 M. Amico, Z. H. Saleem and M. Kumph, “Experimental study of Shor’s factoring algorithm using the IBM Q Experience,” Physical Review A, vol. 100, no. 1, 2019.
4 W. Beullens, J.-P. D’Anvers, A. Hülsing, T. Lange, L. Panny, C. de Saint Guilhem, N. P. Smart, E. Rekleitis, A. Aktypi and A.-V. Grammatopoulos, “Post Quantum Cryptography – Current state and mitigation,” ENISA, 2021
6 ETSI, “Quantum Safe Cryptography; Case Studies and Deployment Scenarios,” ETSI GR QSC 003, 2017
7 ETSI, “Quantum-Safe Cryptography; Quantum-Safe threat assessment,” ETSI GR QSC 004, 2017
8 ETSI, “CYBER; Migration strategies and recommendations to Quantum Safe schemes,” ETSI TR 103 619, 2020