The Quantum Threat Timeline: When Should You Act?

Assess your quantum risk in 5 minutes - determine if you need PQC today or can wait

🔍 Take quantum risk assessment

5-Minute Quantum Risk Assessment

Answer these 5 questions to determine your quantum risk:

Question 1: How long must your data stay confidential?

A: < 5 years (short-term)
B: 5-15 years (medium-term)
C: 15+ years (long-term)
D: Indefinite (trade secrets, classified data)

Question 2: What type of data do you protect?

A: Public data (no confidentiality)
B: Internal data (moderate sensitivity)
C: Confidential data (high sensitivity)
D: Classified or highly regulated (maximum sensitivity)

Question 3: What industry are you in?

A: Technology/SaaS (standard retention)
B: Financial services (7-10 year retention)
C: Healthcare (30-year retention)
D: Government/Defense (50+ year retention)

Question 4: What's your threat model?

A: Casual attackers (opportunistic)
B: Organized crime (financially motivated)
C: Nation-states (advanced persistent threats)
D: Future quantum attackers ("harvest now, decrypt later")

Question 5: What's your regulatory environment?

A: No specific crypto regulations
B: Industry standards (PCI DSS, HIPAA)
C: Federal requirements (FISMA, FedRAMP)
D: National security (CNSA 2.0, TOP SECRET)

Your Risk Score

If you answered mostly A's: ✅ Low Risk - Can wait

Quantum threat not immediate (data expires before 2035)
Classical crypto (RSA, AES) sufficient for now
Monitor NIST updates, plan transition for 2028-2030

If you answered mostly B's: ⚠️ Medium Risk - Start planning

Quantum threat relevant (data overlaps quantum timeline)
Recommend: Pilot PQC in 2026, production by 2028
Use composite keys (RSA + ML-KEM) for defense-in-depth

If you answered mostly C's: 🔴 High Risk - Act NOW

Quantum threat immediate ("harvest now, decrypt later")
Recommend: Deploy PQC in 2026 (full production)
Use pure ML-KEM or composite keys

If you answered mostly D's: 🔴🔴 Critical Risk - Urgent action

Already vulnerable (adversaries harvesting data today)
Recommend: Emergency PQC deployment (Q1 2026)
Use composite keys + air-gapped + HSM

📥 Download detailed risk assessment (PDF, 12-page report)

The Quantum Computing Timeline

Current State (2026)

Largest quantum computers:

IBM: ~1,121 qubits (Condor processor, 2023)
Google: ~70 qubits (Sycamore, error-corrected)
China: ~255 qubits (Zuchongzhi)

Can they break RSA-2048? ❌ Not yet

Estimate needed: ~4,000-8,000 logical qubits (requires millions of physical qubits with error correction)

Conclusion: Classical crypto (RSA, ECDSA) still secure TODAY

Near-Term (2027-2030)

Expected progress:

2027: 2,000+ qubit systems (IBM roadmap)
2028: 4,000+ qubit systems (possible)
2029: Error-corrected quantum computers (gate fidelity >99.9%)
2030: NSA CNSA 2.0 deadline (quantum-resistant mandatory for classified)

Can they break RSA-2048? ⚠️ Maybe (depends on error correction breakthroughs)

Estimate: 50% probability by 2030 (conservative estimate)

Regulatory response: NSA requires PQC by 2030 (hedge against uncertainty)

Long-Term (2030-2040)

Expected capability:

2030-2035: Cryptographically relevant quantum computers (CRQC) likely
2035-2040: Large-scale quantum computers (10,000+ logical qubits)
2040+: Quantum computers commonplace (cloud quantum services)

Can they break RSA-2048? ✅ Almost certainly

Impact: All data encrypted with RSA/ECDSA before 2035 vulnerable

Conclusion: Data encrypted TODAY must use PQC (if confidential beyond 2035)

The "Harvest Now, Decrypt Later" Attack

How the Attack Works

Step 1: Harvest (Happening NOW - 2026)

Adversary intercepts encrypted traffic:
  • VPN connections (encrypted with RSA)
  • Email (S/MIME with RSA)
  • Database backups (TDE with RSA keys)
  • Cloud storage (AWS S3 with KMS RSA)

Storage: Hard drives, tapes, cloud (cheap storage)
Cost: Minimal (storage is pennies per GB)

Step 2: Wait (2026-2035)

Adversary waits for quantum computers:
  • Monitors quantum computing progress
  • Waits for Shor's algorithm to become practical
  • Maintains encrypted data archive

Step 3: Decrypt (2035+)

Quantum computer breaks RSA:
  • Factors RSA modulus in hours/days (vs billions of years classically)
  • Recovers encryption keys
  • Decrypts all captured data from 2026

Result: 10-year-old confidential data now compromised

Who Is Vulnerable?

High-risk targets (actively harvested):

✅ Government communications: Classified cables, intelligence reports
✅ Financial transactions: Wire transfers, trading algorithms
✅ Healthcare records: Genetic data, long-term patient records
✅ Corporate secrets: Merger plans, R&D data, trade secrets
✅ Personal data: Biometric data, financial history

Attack economics: Adversary invests ~$1M/year (storage) for $100B+ potential value (state secrets, financial data)

Probability: ALREADY HAPPENING (NSA, China, Russia likely harvesting)

The Math: When Does Your Data Become Vulnerable?

Formula:

Vulnerable if: (Encryption Date + Data Retention) > Quantum Arrival Date

Examples:
  2026 encryption + 5 year retention = 2031 expiration
    vs 2035 quantum arrival
    Result: ✅ Safe (data expires before quantum)

  2026 encryption + 10 year retention = 2036 expiration
    vs 2035 quantum arrival
    Result: ❌ Vulnerable (quantum breaks before expiration)

  2026 encryption + 30 year retention = 2056 expiration
    vs 2035 quantum arrival
    Result: ❌ HIGHLY vulnerable (20 years of exposure!)

Your calculation:

Your encryption date: 2026
+ Your retention period: _____ years
= Data expires: _____

Quantum arrival (est.): 2035

Vulnerable if expiration > 2035? _____

📊 Interactive vulnerability calculator

Regulatory Response Timeline

2022: NSA Announces CNSA 2.0

September 2022: NSA releases updated algorithm suite

Key change: Classical (RSA, ECDSA) → Quantum-resistant (ML-KEM, ML-DSA)

Deadline: January 1, 2030 (quantum-resistant mandatory for NSS)

Impact: 8-year transition period (2022-2030)

2024: NIST Publishes PQC Standards

August 13, 2024: NIST releases final PQC standards

Published:

✅ FIPS 203: ML-KEM (key encapsulation)
✅ FIPS 204: ML-DSA (digital signatures)
✅ FIPS 205: SLH-DSA (stateless signatures)

Impact: Algorithms now standardized (can deploy in production)

Industry response: Early adopters (banks, healthcare, government) begin deployments

2025: White House Executive Order 14144

May 2025: Presidential directive on quantum readiness

Requirements:

Federal agencies inventory cryptographic systems (by Dec 2025)
Begin PQC migration (2026-2030)
Report progress quarterly to CISA

Impact: Federal procurement favors PQC-ready vendors

Competitive advantage: Vendors with PQC (like AnkaSecure) win contracts

2030: NSA CNSA 2.0 Deadline

January 1, 2030: Quantum-resistant algorithms mandatory for classified data

After 2030:

❌ RSA, ECDSA not allowed for new classified data
⚠️ Existing RSA data must migrate by 2035 (5-year grace period)
✅ Only ML-KEM, ML-DSA, SLH-DSA approved

The rush problem: Agencies waiting until 2029 face vendor shortages, high costs

Smart strategy: Transition 2026-2029 (avoid rush, spread costs)

When to Deploy PQC (Decision Framework)

Deploy in 2026 (Immediate) if:

[ ] Data retention > 10 years (financial, healthcare, government)
[ ] Federal contractor (CNSA 2.0 deadline 2030)
[ ] Highly regulated (banking, healthcare, defense)
[ ] High-value data (trade secrets, classified, financial)
[ ] Nation-state threats (APT groups targeting you)

Action: Start PQC deployment now

Deploy in 2027-2028 (Near-term) if:

[ ] Data retention 5-10 years (moderate-term)
[ ] Industry compliance requirements emerging (PCI DSS updates)
[ ] Competitive advantage (market differentiation)
[ ] Planning for scale (growing to federal contracts)

Action: Pilot in 2026, production in 2027

Can Wait Until 2029-2030 if:

[ ] Data retention < 5 years (short-term)
[ ] Low-sensitivity data (public, internal use only)
[ ] No regulatory requirements (no federal, no healthcare)
[ ] Small organization (< 20 employees, limited budget)

Action: Monitor NIST updates, budget for 2029 migration

Risk: Last-minute rush (vendor shortages, high costs)

The Cost of Waiting

Scenario: Wait Until 2029 (Last-Minute)

Problems:

Vendor shortages (everyone migrating simultaneously):

2029: All federal agencies scrambling to meet 2030 deadline
Vendor capacity exhausted (long wait times)
Premium pricing (supply/demand, vendors charge more)

Rushed deployment (high risk):

Insufficient testing (security vulnerabilities)
Downtime (unplanned outages)
Data loss (migration errors)

Estimated cost (2029 migration):

Traditional migration: $840,000 (rushed, premium pricing +50%)
                     = $1,260,000

AnkaSecure (if available): $30 + premium ($100 rush fee)
                          = $130

But: Vendor availability NOT guaranteed (may be fully booked)

Scenario: Deploy in 2026 (Proactive)

Benefits:

Vendor availability (no rush):

Choose vendors (competitive market)
Negotiate pricing (buyers market)
Extensive testing (2-3 year validation period)

Gradual migration (low risk):

Phased rollout (10% per quarter)
Continuous validation
Rollback capability

Cost (2026 migration):

AnkaSecure: $30 (normal pricing)
Timeline: 1-2 years (relaxed, low-risk)

Savings: $1,259,970 (vs 2029 rushed migration)

Plus: 4 years of quantum resistance (data protected 2026-2030)

The Quantum Threat Landscape

Who Can Build Quantum Computers?

Countries with active programs:

🇺🇸 USA: IBM, Google, Microsoft, Amazon (Rigetti)
🇨🇳 China: University of Science and Technology, Alibaba
🇪🇺 EU: IQM (Finland), Pasqal (France)
🇨🇦 Canada: Xanadu, D-Wave
🇯🇵 Japan: RIKEN, Fujitsu

Investment: $10B+ annually (government + private sector)

Conclusion: Quantum computing is well-funded, progress is real

What Data Is At Risk?

Encrypted data vulnerable to quantum attacks:

Data Type	Typical Retention	Quantum Vulnerable?
Application logs	30-90 days	✅ No (expires before quantum)
Customer passwords	Active users	⚠️ Maybe (hash, not encrypt)
Credit card data	18 months (PCI DSS)	✅ No (short retention)
Financial transactions	7-10 years	❌ YES (overlaps quantum timeline)
Patient health records	30 years	❌ YES (vulnerable 2035-2056)
Classified documents	50+ years	❌ YES (highly vulnerable)
Trade secrets	Indefinite	❌ YES (permanent vulnerability)

Rule of thumb: Data retention > 10 years = Quantum vulnerable

PQC Migration Strategies by Timeline

Strategy 1: Immediate PQC (2026)

Who: Federal, financial, healthcare, high-security

Approach: Deploy pure ML-KEM from day 1

curl -X POST https://api.ankatech.co/keys \
  -d '{"algorithm":"ML_KEM_1024","purpose":"IMMEDIATE_PQC"}'

Timeline: 1-3 months

Cost: $30 (AnkaSecure config-driven)

Benefit: Immediate quantum resistance

Strategy 2: Hybrid Transition (2026-2029)

Who: Most enterprises, gradual adopters

Approach: Composite keys (RSA + ML-KEM)

curl -X POST https://api.ankatech.co/keys/composite \
  -d '{
    "classicalAlgorithm":"RSA_4096",
    "pqcAlgorithm":"ML_KEM_1024",
    "mode":"COMPOSITE_KEM_COMBINE"
  }'

Timeline: 3-year gradual transition

Benefits:

✅ Quantum resistance (ML-KEM component)
✅ Rollback capability (RSA fallback)
✅ Low risk (defense-in-depth)

Cost: $30 + monitoring (negligible)

Strategy 3: Wait and See (2029-2030)

Who: Low-risk organizations, short retention

Approach: Monitor quantum progress, migrate when necessary

Timeline: 3-4 years from now

Risk: Last-minute rush (vendor shortages, high costs)

Cost: Unknown (depends on 2029 market conditions)

What Experts Say

NIST (National Institute of Standards and Technology)

Quote (from NIST PQC project):

"Organizations should begin transitioning to quantum-resistant cryptography as soon as practical. The threat of 'harvest now, decrypt later' attacks is real and immediate for data with long confidentiality requirements."

Recommendation: Start transition in 2024-2026 (avoid 2029 rush)

NSA (National Security Agency)

Quote (from CNSA 2.0 announcement):

"All National Security Systems must transition to quantum-resistant algorithms by 2030. Organizations should begin planning and pilot deployments immediately."

Deadline: January 1, 2030 (mandatory for classified data)

Industry Analysts (Gartner, Forrester)

Gartner prediction:

"By 2026, 40% of enterprises will have initiated post-quantum cryptography projects. By 2029, this will reach 80% as the 2030 deadline approaches."

Market dynamics:

2026: Early adopters (competitive advantage)
2027-2028: Mainstream adoption (standard practice)
2029: Late adopters (last-minute rush, high costs)

Recommendation: Join early adopters (2026) for vendor availability and lower costs

Test Your Quantum Readiness

Quantum Readiness Checklist

Infrastructure:

[ ] Inventory all systems using RSA/ECDSA encryption
[ ] Identify data with retention > 10 years
[ ] Assess quantum threat relevance (nation-state targets?)
[ ] Calculate data value (what if compromised in 2035?)

Compliance:

[ ] Check regulatory requirements (CNSA 2.0, PCI DSS updates, HIPAA)
[ ] Review contracts (federal contracts require PQC by 2030)
[ ] Assess liability (data breach costs if quantum attack succeeds)

Technical:

[ ] Test PQC algorithms (ML-KEM encryption performance)
[ ] Pilot deployment (1-2 non-critical applications)
[ ] Measure performance impact (latency, throughput)
[ ] Plan migration timeline (phased over 2-3 years)

Business:

[ ] Calculate migration cost (traditional vs AnkaSecure)
[ ] Assess ROI (cost avoidance, compliance, competitive advantage)
[ ] Get executive buy-in (present business case)
[ ] Budget allocation (2026-2029 phased spending)

📥 Download readiness checklist (PDF, printable)

What's Next?

Ready to assess your risk?

🔍 Take assessment (5-minute quiz)
📊 Vulnerability calculator (when does YOUR data become vulnerable?)
📥 Download risk report (12-page detailed analysis)
📧 Request consultation (free 30-min threat assessment)

Start your PQC journey:

Migration strategy - Complete roadmap
NIST compliance - Federal requirements

Explore quantum protection:

Composite keys - Defense-in-depth strategy
Algorithm selection - Choose right PQC algorithm
Performance impact - How fast is PQC?

Have questions? Email [email protected] or join our community forum

Last updated: 2026-01-07 | Quantum timeline estimates based on NIST, NSA, and industry consensus