Post-Quantum Cryptography Migration and Its Impact on Security Infrastructure
Security experts are intensifying efforts to develop and implement post-quantum cryptography (PQC) in anticipation of the eventual arrival of quantum computers capable of breaking current encryption algorithms, a milestone referred to as "Q-Day." The transition to PQC is recognized as a complex, multi-year process that requires not only new cryptographic algorithms but also significant changes to cybersecurity infrastructure, including the adoption of hybrid solutions and the integration of PQC into zero-trust architectures. High-security sectors are particularly urged to begin migration early to mitigate the risk of "harvest now, decrypt later" attacks, where adversaries collect encrypted data now to decrypt once quantum capabilities are available.
Industry analysts highlight that the migration to post-quantum encryption presents unique challenges compared to previous cryptographic upgrades, as it involves extensive updates to hardware, software, and system architectures. While some areas, such as blockchain, are not immediately threatened by quantum computing, the scale and complexity of the migration require coordinated efforts across security, product management, and IT operations. Experts emphasize the need for proactive planning and the adoption of best practices to ensure a smooth transition before quantum computers become a practical threat to digital security.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
Proton Mail rolls out optional post-quantum encryption to all users
Proton Mail announced immediate availability of post-quantum encryption for newly sent encrypted emails across its platform, including free accounts and its more than 100 million users. The rollout keeps existing RSA and ECC protections as the baseline, adds OpenPGP v6 support, and is framed as a response to the 'harvest now, decrypt later' threat.
Microsoft outlines PQC migration strategy with 2033 readiness deadline
Ars Technica reported that Microsoft said its most distant post-quantum cryptography readiness deadline is 2033 and that its migration strategy prioritizes NIST standards, customer compatibility, and platform-led rollout across Windows, Azure, and identity systems. The same reporting also described Amazon, Meta, and Apple as taking differing approaches to PQC readiness, with Meta publishing maturity guidance rather than a public deadline.
Google says breaking ECC with Shor may need far fewer qubits
Google recently claimed that solving the elliptic curve discrete logarithm problem with Shor’s algorithm may require about 20 times fewer physical qubits than previously estimated. The finding renewed concern about the long-term safety of legacy elliptic-curve cryptography and intensified debate over the urgency of post-quantum migration.
Traficom publishes guidance on migrating to quantum-safe cryptography
Finland’s Transport and Communications Agency Traficom Cyber Security Centre published guidance warning that current encryption methods may not remain secure against future quantum computers and advising organizations to begin preparing for migration to quantum-safe cryptography. The guidance highlighted risks to long-term confidentiality for data such as personal, health, trade secret, and classified government information.
Experts say quantum computing is not yet a practical threat to blockchains
A 2025 expert discussion highlighted that quantum computing does not yet pose an immediate real-world threat to blockchain systems, indicating the risk remains more prospective than operational at present.
Finland sets PQC requirements for cryptographic product evaluations
Finland’s national cryptography working group issued policy guidance for national cryptographic product evaluations, requiring products entering evaluation on or after 2026-01-01 to use quantum-safe key establishment based on PQC KEMs and to use quantum-safe signatures or justify how quantum risks are addressed. The guidance also strongly recommended hybrid PQC-classical approaches and aligned Finland’s transition goals with EU timelines through 2030 and 2035.
Organizations launch post-quantum cryptography initiatives in 2023
Multiple post-quantum cryptography initiatives were launched during 2023 to prepare for future quantum threats, reflecting growing industry and government efforts toward migration readiness for 'Q-Day.' The references do not provide specific initiative dates or names beyond indicating that these efforts began in 2023.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
12 references tracked. Mallory keeps watching after this page renders.
Proton Mail rolls out post-quantum encryption for all users as industry braces for 'harvest now, decrypt later' threat - IT Security Guru
itsecurityguru.org
Open sourceCrypto-Agility Is an Architecture Problem, Not a Library Swap
postquantum.com
Open sourceThe Signature Supply Chain: How Deep Does Digital Trust Go?
postquantum.com
Open sourceEnterprises are ramping up preparations for a post-quantum world - experts worry it could be too late for many | IT Pro
itpro.com
Open sourceNotable post-quantum cryptography initiatives paving the way toward Q-Day
csoonline.com
Open sourceQuantum Computing Isn’t A Threat To Blockchains – Yet – Sandy Carielli, Martha Bennett – ASW #354
scworld.com
Open sourceSuomen kansallisen kryptotyöryhmän linjaukset kansallisiin PQC-salaustuotearviointeihin 1.1.2026 alkaen | Traficom
kyberturvallisuuskeskus.fi
Open sourceCryptographic Bill of Materials (CBOM) for an Open RAN-Based Telecom RAN
postquantum.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Quantum Computing Threats Prompt Urgent Shift to Post-Quantum Cryptography
Cybersecurity leaders are raising alarms about the accelerating timeline for quantum computing to break current public encryption methods, a milestone known as Q-Day. Experts warn that Q-Day could arrive as soon as 2030, threatening to undermine the core trust mechanisms of the internet, including HTTPS, digital certificates, and public-key infrastructure. In response, governments and industries are developing plans to transition to post-quantum cryptography (PQC), but concerns remain that critical sectors such as banking, healthcare, and government may not be fully prepared in time. One of the earliest operational changes in anticipation of quantum threats is the reduction of SSL/TLS certificate lifespans to 47 days. This move, aligned with evolving browser requirements and NIST guidance, is designed to improve crypto agility and security hygiene, helping organizations adapt to a future where static cryptography is no longer viable. Security executives emphasize the need for urgent action, drawing parallels to the unpreparedness seen during the rapid adoption of AI, and stress that building operational readiness for PQC is now a strategic imperative for digital trust and business continuity.
Apr 17, 2026
Growing Concern Over Quantum Computing Threats to Cryptography and Post-Quantum Migration
Concerns about **quantum computing** undermining today’s cryptography are influencing both market behavior and policy planning. A Jefferies strategist reportedly removed a 10% **Bitcoin** allocation from a model portfolio, citing the risk that future quantum advances could eventually compromise cryptographic protections underpinning cryptocurrencies (e.g., long-term concerns around breaking schemes associated with Bitcoin’s security model, which relies on `SHA-256` hashing and public-key cryptography for ownership control). The decision reflects broader investor anxiety that a surprise cryptographic break could rapidly erode confidence and value across crypto markets. In parallel, the **G7 Cyber Expert Group** published a roadmap calling for the financial sector to complete **post-quantum cryptography (PQC)** implementation by **2034**, emphasizing early-stage quantum risk awareness, sensitive data and critical system mapping, and building detailed inventories that include third-party dependencies. The roadmap recommends beginning migration activities in the 2026–2029 window, progressing to quantum-resistant solutions through 2034, and prioritizing **cryptographic agility** so organizations can adapt as standards and threats evolve. Separate reporting on a **58% increase in ransomware victims in 2025** describes a fragmented ransomware ecosystem and sector targeting trends, but it is not directly tied to quantum-driven cryptographic risk or PQC migration planning.
Apr 14, 2026
Post-Quantum Cryptography Transition Planning to Mitigate “Harvest Now, Decrypt Later” Risk
Organizations are accelerating **post-quantum cryptography (PQC)** planning amid concerns that adversaries are already conducting “**harvest now, decrypt later**” operations—collecting encrypted traffic today for future decryption once sufficiently capable quantum computers emerge. A supply-chain-focused analysis highlighted that procurement and third-party ecosystems often rely on long-lived trust anchored in **RSA** and **ECC**, and that sensitive data exchanged across supplier onboarding, invoicing, contracts, pricing, and banking workflows could be exposed retroactively if captured now and decrypted later. A U.S. State Department cybersecurity official urged tighter **public-private coordination** on PQC migration, framing quantum resilience as an ecosystem-wide modernization effort rather than isolated upgrades by individual organizations. The official emphasized that adversaries (including **China**) can target entire digital ecosystems, and argued that transition plans must account for long-term national security risks such as data harvesting, with modernization efforts designed to reduce predictability and strengthen collective defenses across interconnected systems, devices, and data flows.
May 27, 2026