Post-Quantum Cryptography Transition Planning to Mitigate “Harvest Now, Decrypt Later” Risk
Organizations are accelerating post-quantum cryptography (PQC) planning amid concerns that adversaries are already conducting “harvest now, decrypt later” operations—collecting encrypted traffic today for future decryption once sufficiently capable quantum computers emerge. A supply-chain-focused analysis highlighted that procurement and third-party ecosystems often rely on long-lived trust anchored in RSA and ECC, and that sensitive data exchanged across supplier onboarding, invoicing, contracts, pricing, and banking workflows could be exposed retroactively if captured now and decrypted later.
A U.S. State Department cybersecurity official urged tighter public-private coordination on PQC migration, framing quantum resilience as an ecosystem-wide modernization effort rather than isolated upgrades by individual organizations. The official emphasized that adversaries (including China) can target entire digital ecosystems, and argued that transition plans must account for long-term national security risks such as data harvesting, with modernization efforts designed to reduce predictability and strengthen collective defenses across interconnected systems, devices, and data flows.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
41 events from the most recent confirmed update back to the earliest known activity.
Federal agencies and industry target post-quantum migration by 2035
U.S. federal agencies and private-sector organizations are described as broadly working toward transitioning most or all high-risk assets to post-quantum cryptographic algorithms by 2035, with some officials considering whether faster timelines may be needed.
NSA issues quantum-resistant algorithm requirements for national security systems
On 2022-01-01, the NSA published future quantum-resistant algorithm requirements for National Security Systems, setting policy direction for how NSS environments should prepare for migration away from quantum-vulnerable cryptography. The announcement marked an early U.S. national-security transition milestone ahead of NIST’s July 2022 selection of initial post-quantum algorithms for standardization.
U.S. commits $2 billion in CHIPS funding to nine quantum firms
On 2026-05-21, the U.S. government announced $2 billion in CHIPS Act funding for nine quantum-computing companies, with the federal government taking minority equity stakes in each recipient. The largest awards reportedly went to IBM for its Anderon quantum chip foundry and to GlobalFoundries for specialized semiconductor manufacturing, signaling accelerated federal support for domestic quantum capability.
Draft White House order sets 2030-2031 federal PQC migration deadlines
Nextgov/FCW reported that the White House is preparing a draft executive order requiring agencies to migrate high-impact systems and high-value assets to post-quantum key establishment by Dec. 31, 2030, and digital signatures by Dec. 31, 2031. The draft would also direct OMB to issue implementation guidance and apply a 2030 compliance deadline to covered contractors, excluding national security systems from the mandate.
Survey maps PQC readiness across nine major Internet protocols
A March 2026 survey paper assessed the post-quantum readiness of nine widely used protocols, finding TLS and Signal furthest along because hybrid post-quantum key exchange has already been deployed at scale. It also concluded that DNSSEC and BGP face especially difficult migration challenges because large post-quantum signatures conflict with protocol constraints, and that authentication migration is generally harder than key-exchange migration.
Chrome unveils plan for quantum-safe HTTPS certificates
On 2026-03-02, Infosecurity Magazine reported that Chrome unveiled a plan for quantum-safe HTTPS certificates, marking a notable web-browser and PKI ecosystem step toward post-quantum protection for encrypted web traffic. The development adds a distinct deployment milestone beyond earlier messaging-focused post-quantum rollouts and standards activity already captured in the timeline.
apexanalytix report warns supply chains face long-lived PQC exposure
A research report summarized by Help Net Security said procurement, supplier onboarding, invoicing, and supply-chain platforms still rely heavily on RSA and ECC, creating long-term exposure to 'harvest now, decrypt later' risks. The report said post-quantum cryptography is becoming a business requirement and that organizations need to begin multi-year crypto-agility efforts well before quantum computing is broadly practical.
State Department highlights predictive attack-chain analysis exploration
Lacy also said the State Department is exploring predictive analysis of attack chains using historical telemetry to anticipate future threats and reduce predictability for adversaries. The remarks framed this as part of a broader long-term resilience strategy against quantum-enabled cyber risks.
State Department official calls for durable post-quantum transition planning
Deputy Assistant Secretary Gharun Lacy said the U.S. must coordinate public and private efforts to move systems, devices, and data to quantum-resistant encryption, warning that isolated modernization efforts will fail. He emphasized the 'harvest now, decrypt later' threat and said post-quantum transition plans must endure beyond current leadership cycles.
Researchers propose Pinnacle Architecture cutting RSA-2048 qubit estimate
On 2026-02-12, researchers published an arXiv paper introducing the Pinnacle Architecture for fault-tolerant quantum computing using quantum LDPC codes. The paper claims that, under stated hardware assumptions, factoring a 2048-bit RSA integer could require fewer than 100,000 physical qubits, substantially reducing prior resource estimates for breaking RSA-2048.
Federal Reserve examines PQC privacy risks for distributed ledger networks
On 2026-01-30, the Federal Reserve published a research paper titled 'Harvest Now Decrypt Later,' examining post-quantum cryptography and data-privacy risks for distributed ledger networks. The paper added a U.S. central-banking perspective to quantum-risk analysis, with a specific focus on ledger-network exposure to future decryption threats.
Apple documents quantum-secure cryptography across Apple operating systems
On 2026-01-28, Apple published support documentation describing quantum-secure cryptography in Apple operating systems and devices. The publication marks a broader Apple ecosystem milestone beyond the earlier PQ3 iMessage announcement, indicating platform-level post-quantum security deployment or guidance.
CISA publishes initial PQC-capable product categories list
On 2026-01-23, CISA announced an initial list of widely available product categories that use or are expected to support post-quantum cryptography standards, developed with NSA collaboration. The list was issued pursuant to Executive Order 14306 to help organizations prioritize procurement and migration planning for PQC-capable technologies.
Study models enterprise PQC migration timelines by organization size
On 2025-12-24, an MDPI paper analyzed post-quantum cryptography migration timelines for small, medium, and large enterprises, estimating roughly 5–7 years, 8–12 years, and 12–15+ years respectively, with some large organizations potentially taking 20+ years. The study said migration speed depends not only on enterprise size but also on dependency chains including HSM replacement, certificate and application upgrades, vendor readiness, procurement, deployment, and partner coordination.
BIS publishes Project Leap phase 2 on quantum-proofing payment systems
On 2025-12-11, the Bank for International Settlements published 'Project Leap phase 2: quantum-proofing payment systems.' The publication represents a concrete follow-on effort from earlier BIS quantum-risk work, focusing specifically on post-quantum resilience for payment-system infrastructure.
UK government publishes perspectives on post-quantum transition plan
On 2025-11-27, the UK government published 'Perspectives on the plan for PQC transition,' adding a UK public-sector policy and transition-planning milestone for migration to post-quantum cryptography. The publication represents a distinct national-government development alongside U.S. NIST and White House transition efforts already captured in the timeline.
Signal introduces post-quantum ratchets in Signal Protocol
On 2025-10-02, Signal published details of its Signal Protocol post-quantum ratchets, describing a protocol-level step to strengthen messaging security against future quantum decryption threats. The announcement marked a notable deployment-oriented milestone for post-quantum protections in a widely used secure messaging ecosystem.
Researchers propose ECDLP benchmark suite for quantum cryptanalysis tracking
On 2025-08-19, researchers published an arXiv paper proposing a graded benchmark suite of elliptic curve discrete logarithm problem instances, derived from Bitcoin’s curve, to measure progress in fault-tolerant quantum cryptanalysis. The paper estimated under stated assumptions that solving the full 256-bit instance could become feasible in the 2027–2033 timeframe and argued this supports proactive migration to post-quantum signatures.
NIST publishes second draft of CSWP 39 on cryptographic agility
On 2025-07-17, NIST published the second public draft of CSWP 39, 'Considerations for Achieving Cryptographic Agility: Strategies and Practices.' The draft expands NIST guidance on how organizations can replace and adapt cryptographic algorithms across systems and infrastructure, incorporating feedback from the March 2025 initial draft and the April 2025 Crypto Agility Workshop.
Canada issues government roadmap for post-quantum cryptography migration
In June 2025, the Canadian Centre for Cyber Security published an unclassified roadmap directing the Government of Canada to migrate non-classified IT systems to standardized post-quantum cryptography. The roadmap defined preparation, identification, and transition phases and set milestones including departmental migration plans and annual reporting by April 2026, high-priority system migration by the end of 2031, and remaining-system migration by the end of 2035.
Analysis revises RSA-2048 quantum break forecast to around 2030
On 2025-06-19, Post-Quantum published an analysis arguing that a cryptographically relevant quantum computer able to break RSA-2048 is likely to emerge around 2030, plus or minus about two years. The forecast cited 2025 developments including Craig Gidney’s lower factoring resource estimate, Oxford’s June 2025 gate-fidelity milestone, and IBM’s roadmap toward hundreds of logical qubits by 2029 and 1,000+ in the early 2030s.
U.S. pushes federal agencies to add PQC requirements to acquisitions
By 2025-05-15, U.S. officials were directing federal agencies to incorporate post-quantum cryptography requirements into procurement and acquisition processes for certain product categories. The effort, coordinated by CISA, ONCD, NIST, and NSA, tied future solicitations to a CISA vendor-support list and reflected a concrete federal implementation step driven by harvest-now-decrypt-later concerns.
NIST selects HQC as fifth post-quantum encryption algorithm
On 2025-03-11, NIST announced the selection of HQC as an additional algorithm for post-quantum encryption. The decision expanded NIST's post-quantum cryptography portfolio beyond the algorithms finalized in 2024 and marked a new standardization development.
Europol warns financial sector of imminent quantum threat
On 2025-02-10, Infosecurity Magazine reported that Europol warned the financial sector about an 'imminent' quantum threat to current cryptography. The warning added a major European law-enforcement voice to concerns that banks and financial institutions must accelerate post-quantum migration planning.
AWS announces phased post-quantum cryptography migration plan
On 2024-12-05, AWS published a phased migration plan for post-quantum cryptography under its shared responsibility model, prioritizing protection of data in transit and long-lived roots of trust. AWS said it plans ML-KEM-based hybrid key agreement on public endpoints, ML-DSA adoption in AWS KMS signing roots, and future PQC support for certificate-based authentication in protocols such as TLS and SSH.
NIST publishes draft IR 8547 for post-quantum transition planning
On 2024-11-12, NIST published draft Interagency Report 8547 outlining its expected approach for transitioning from quantum-vulnerable cryptographic algorithms to post-quantum digital signature and key-establishment standards. The draft identifies vulnerable current standards, recommends quantum-resistant replacements for migration planning, and was intended to guide federal agencies, industry, and standards bodies.
BIS paper warns quantum computing could disrupt financial-system cryptography
On 2024-10-04, the Bank for International Settlements published a paper examining quantum computing's potential benefits for finance and its risks to financial stability. The paper warned that future quantum computers could break widely used cryptographic algorithms, creating 'harvest now, decrypt later' exposure, and highlighted central-bank preparation efforts including Project Leap.
Chrome shifts hybrid PQ TLS from Kyber to standardized ML-KEM
On 2024-09-13, Google's Chrome team announced that Chrome 131 would replace the experimental Kyber768+X25519 hybrid TLS key exchange with standardized ML-KEM768+X25519 after NIST's standardization changes made the old Kyber implementation incompatible. Google said it had implemented ML-KEM in BoringSSL and would move to TLS codepoint 0x11EC, giving server operators time to update so Chrome clients retain post-quantum protection.
NIST finalizes FIPS 203, 204, and 205 for post-quantum cryptography
In August 2024, NIST finalized FIPS 203, 204, and 205, establishing core U.S. post-quantum cryptography standards. The milestone triggered divergent national implementation approaches, with jurisdictions adopting different algorithm choices, parameter levels, and hybrid-versus-pure PQC requirements.
EU issues recommendation for coordinated PQC transition roadmap
On 2024-04-11, the European Commission published a recommendation on a coordinated implementation roadmap for the transition to post-quantum cryptography. The measure marked a distinct EU policy milestone aimed at aligning member-state planning and implementation for migration away from quantum-vulnerable cryptography.
Apple introduces PQ3 post-quantum cryptography for iMessage
On 2024-02-21, Apple announced PQ3, a new post-quantum cryptographic protocol for iMessage intended to strengthen messaging security against future quantum attacks, including 'harvest now, decrypt later' risks. The move marked a major consumer-platform deployment milestone for post-quantum protections ahead of later similar messaging-protocol developments.
NIST publishes draft FIPS 203, 204, and 205 for public comment
On 2023-08-24, NIST released initial public drafts of FIPS 203, FIPS 204, and FIPS 205, covering post-quantum key-establishment and digital-signature standards derived from its PQC standardization project. The drafts opened a formal public comment phase ahead of the standards' finalization in August 2024.
Chrome announces hybrid Kyber key exchange to protect browser traffic
On 2023-08-10, the Chromium team announced plans to protect Chrome traffic with a hybrid post-quantum key agreement combining X25519 with Kyber in TLS. The move marked an early large-scale browser deployment milestone aimed at mitigating 'harvest now, decrypt later' risks before NIST's final PQC standards were completed.
NIST updates Digital Signature Standard with FIPS 186-5 and SP 800-186
On 2023-02-03, NIST published FIPS 186-5 and SP 800-186, updating federal digital signature guidance to include RSA, ECDSA, and EdDSA while retaining DSA only for verifying existing signatures. The update marked a significant pre-PQC standards milestone ahead of NIST's 2024 post-quantum signature standards.
NIST NCCoE launches Migration to Post-Quantum Cryptography project
By 2022-08-01, NIST's National Cybersecurity Center of Excellence had published its 'Migration to Post-Quantum Cryptography' project, establishing an implementation-focused effort to help organizations plan and execute migration from quantum-vulnerable cryptography. The project represented an early practical transition milestone following NIST's initial July 2022 algorithm selections.
NIST announces first four post-quantum algorithms for standardization
On 2022-07-05, NIST announced the first four quantum-resistant cryptographic algorithms selected for standardization: CRYSTALS-Kyber for key establishment and CRYSTALS-Dilithium, FALCON, and SPHINCS+ for digital signatures. The announcement marked the key pre-standardization milestone that set the direction for later PQC standards finalized in 2024.
Booz Allen warns China may harvest encrypted U.S. data for future decryption
On 2021-11-22, Booz Allen Hamilton published a report warning that China is likely collecting encrypted American government data now with the expectation of decrypting it later using future quantum computers. The report said large-scale cryptographic breakage was unlikely before 2030 but argued organizations should begin post-quantum planning immediately because mitigations could take a decade to deploy.
Kudelski publishes comparative quantum attack estimates for RSA, DH/DSA, and ECC
On 2021-08-24, Kudelski Security Research published an analysis estimating the quantum resources required to break RSA, finite-field Diffie-Hellman/DSA, and elliptic-curve cryptography using Shor’s algorithm. The publication added a comparative benchmark for assessing which widely used public-key schemes may become practically vulnerable first under future fault-tolerant quantum computing assumptions.
Researchers publish reduced quantum resource estimate for breaking RSA-2048
On 2019-05-23, Craig Gidney and Martin Ekerå published a paper estimating that a 2048-bit RSA integer could be factored in about 8 hours using 20 million noisy qubits under specified assumptions. The work significantly lowered prior resource estimates and became an important benchmark in assessing the timeline for quantum threats to RSA and finite-field discrete-log cryptography.
NIST publishes IR 8105 on quantum threats and PQC transition planning
In 2016, NIST published Interagency Report 8105 explaining that sufficiently large quantum computers would break major public-key systems including RSA, Diffie-Hellman, DSA, ECDSA, and ECDH, while symmetric cryptography would mainly need larger parameters. The report urged agencies to prioritize crypto agility, surveyed post-quantum algorithm families, and said NIST would begin a public standardization process for post-quantum encryption, signatures, and key exchange.
G7 Cyber Expert Group issues quantum risk planning statement
The G7 Cyber Expert Group published a statement urging planning for the opportunities and cyber risks posed by quantum computing, including implications for cryptography and financial-sector resilience. The statement marked a new multilateral financial-sector policy milestone by adding coordinated G7 guidance on post-quantum preparedness.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
50 references tracked. Mallory keeps watching after this page renders.
The Quantum Inflection Point: Industrial Policy, Equity Stakes, and the Cybersecurity Implications of America’s $2 Billion Bet - Center for Cyber Diplomacy and International Security
cybercenter.space
Open sourceDraft executive order would set deadlines for digital signature and key quantum encryption - Nextgov/FCW
nextgov.com
Open sourceWhy Criminals Won't Just Rent Quantum Compute
postquantum.com
Open sourceCNSA 2.0 vs Global PQC Requirements: Where Nations Diverge
postquantum.com
Open sourceUs Treasury News
home.treasury.gov
Open sourceNist
nvlpubs.nist.gov
Open sourceNSA Releases Future Quantum-Resistant (QR) Algorithm Requirements for National Security Systems > National Security Agency/Central Security Service > Article
nsa.gov
Open sourceNist
nvlpubs.nist.gov
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Post-Quantum Cryptography Migration and Its Impact on Security Infrastructure
Security experts are intensifying efforts to develop and implement post-quantum cryptography (PQC) in anticipation of the eventual arrival of quantum computers capable of breaking current encryption algorithms, a milestone referred to as "Q-Day." The transition to PQC is recognized as a complex, multi-year process that requires not only new cryptographic algorithms but also significant changes to cybersecurity infrastructure, including the adoption of hybrid solutions and the integration of PQC into zero-trust architectures. High-security sectors are particularly urged to begin migration early to mitigate the risk of "harvest now, decrypt later" attacks, where adversaries collect encrypted data now to decrypt once quantum capabilities are available. Industry analysts highlight that the migration to post-quantum encryption presents unique challenges compared to previous cryptographic upgrades, as it involves extensive updates to hardware, software, and system architectures. While some areas, such as blockchain, are not immediately threatened by quantum computing, the scale and complexity of the migration require coordinated efforts across security, product management, and IT operations. Experts emphasize the need for proactive planning and the adoption of best practices to ensure a smooth transition before quantum computers become a practical threat to digital security.
May 5, 2026
Post-Quantum Cryptography Planning for Identity and Machine-to-Machine Security
Security teams are accelerating **post-quantum cryptography (PQC)** planning as quantum computing threatens widely used public-key algorithms such as **RSA** and **ECC**, with particular concern for long-lived data and identity systems. Gopher Security argues that AI-agent identity and authorization flows—especially those relying on asymmetric signatures (e.g., **JWT** signing) and emerging AI integration patterns like the **Model Context Protocol (MCP)**—could be exposed to “harvest now, decrypt later” collection and future signature-forgery/impersonation risks if organizations delay migration; it also notes that simply increasing symmetric key sizes (e.g., moving to **AES-256**) does not address the asymmetric identity layer. Separately, Europol-coordinated research (as reported by Help Net Security) provides a practical prioritization framework for **financial institutions** to decide where PQC migration should start, combining a **Quantum Risk Score** (based on data “shelf life,” exposure, and business impact) with an estimate of **migration time/complexity** so leadership can sequence upgrades defensibly rather than attempting a “big bang” replacement. Additional Gopher Security material frames the same broader shift as a machine-identity problem—where service accounts, microservices, and automated connections dominate—and emphasizes modern transport protections (e.g., **TLS 1.3**) and stronger integrity/verification approaches for machine-to-machine data access, aligning with the need to modernize cryptographic controls as part of PQC readiness.
Apr 9, 2026
Growing Concern Over Quantum Computing Threats to Cryptography and Post-Quantum Migration
Concerns about **quantum computing** undermining today’s cryptography are influencing both market behavior and policy planning. A Jefferies strategist reportedly removed a 10% **Bitcoin** allocation from a model portfolio, citing the risk that future quantum advances could eventually compromise cryptographic protections underpinning cryptocurrencies (e.g., long-term concerns around breaking schemes associated with Bitcoin’s security model, which relies on `SHA-256` hashing and public-key cryptography for ownership control). The decision reflects broader investor anxiety that a surprise cryptographic break could rapidly erode confidence and value across crypto markets. In parallel, the **G7 Cyber Expert Group** published a roadmap calling for the financial sector to complete **post-quantum cryptography (PQC)** implementation by **2034**, emphasizing early-stage quantum risk awareness, sensitive data and critical system mapping, and building detailed inventories that include third-party dependencies. The roadmap recommends beginning migration activities in the 2026–2029 window, progressing to quantum-resistant solutions through 2034, and prioritizing **cryptographic agility** so organizations can adapt as standards and threats evolve. Separate reporting on a **58% increase in ransomware victims in 2025** describes a fragmented ransomware ecosystem and sector targeting trends, but it is not directly tied to quantum-driven cryptographic risk or PQC migration planning.
Apr 14, 2026