The Quantum Threat Timeline: When Should You Act?
Assess your quantum risk in 5 minutes - determine if you need PQC today or can wait
🔍 Take quantum risk assessment
5-Minute Quantum Risk Assessment
Answer these 5 questions to determine your quantum risk:
Question 1: How long must your data stay confidential?
- A: < 5 years (short-term)
- B: 5-15 years (medium-term)
- C: 15+ years (long-term)
- D: Indefinite (trade secrets, classified data)
Question 2: What type of data do you protect?
- A: Public data (no confidentiality)
- B: Internal data (moderate sensitivity)
- C: Confidential data (high sensitivity)
- D: Classified or highly regulated (maximum sensitivity)
Question 3: What industry are you in?
- A: Technology/SaaS (standard retention)
- B: Financial services (7-10 year retention)
- C: Healthcare (30-year retention)
- D: Government/Defense (50+ year retention)
Question 4: What's your threat model?
- A: Casual attackers (opportunistic)
- B: Organized crime (financially motivated)
- C: Nation-states (advanced persistent threats)
- D: Future quantum attackers ("harvest now, decrypt later")
Question 5: What's your regulatory environment?
- A: No specific crypto regulations
- B: Industry standards (PCI DSS, HIPAA)
- C: Federal requirements (FISMA, FedRAMP)
- D: National security (CNSA 2.0, TOP SECRET)
Your Risk Score
If you answered mostly A's: ✅ Low Risk - Can wait - Quantum threat not immediate (data expires before 2035) - Classical crypto (RSA, AES) sufficient for now - Monitor NIST updates, plan transition for 2028-2030
If you answered mostly B's: ⚠️ Medium Risk - Start planning - Quantum threat relevant (data overlaps quantum timeline) - Recommend: Pilot PQC in 2026, production by 2028 - Use composite keys (RSA + ML-KEM) for defense-in-depth
If you answered mostly C's: 🔴 High Risk - Act NOW - Quantum threat immediate ("harvest now, decrypt later") - Recommend: Deploy PQC in 2026 (full production) - Use pure ML-KEM or composite keys
If you answered mostly D's: 🔴🔴 Critical Risk - Urgent action - Already vulnerable (adversaries harvesting data today) - Recommend: Emergency PQC deployment (Q1 2026) - Use composite keys + air-gapped + HSM
📥 Download detailed risk assessment (PDF, 12-page report)
The Quantum Computing Timeline
Current State (2026)
Largest quantum computers: - IBM: ~1,121 qubits (Condor processor, 2023) - Google: ~70 qubits (Sycamore, error-corrected) - China: ~255 qubits (Zuchongzhi)
Can they break RSA-2048? ❌ Not yet
Estimate needed: ~4,000-8,000 logical qubits (requires millions of physical qubits with error correction)
Conclusion: Classical crypto (RSA, ECDSA) still secure TODAY
Near-Term (2027-2030)
Expected progress: - 2027: 2,000+ qubit systems (IBM roadmap) - 2028: 4,000+ qubit systems (possible) - 2029: Error-corrected quantum computers (gate fidelity >99.9%) - 2030: NSA CNSA 2.0 deadline (quantum-resistant mandatory for classified)
Can they break RSA-2048? ⚠️ Maybe (depends on error correction breakthroughs)
Estimate: 50% probability by 2030 (conservative estimate)
Regulatory response: NSA requires PQC by 2030 (hedge against uncertainty)
Long-Term (2030-2040)
Expected capability: - 2030-2035: Cryptographically relevant quantum computers (CRQC) likely - 2035-2040: Large-scale quantum computers (10,000+ logical qubits) - 2040+: Quantum computers commonplace (cloud quantum services)
Can they break RSA-2048? ✅ Almost certainly
Impact: All data encrypted with RSA/ECDSA before 2035 vulnerable
Conclusion: Data encrypted TODAY must use PQC (if confidential beyond 2035)
The "Harvest Now, Decrypt Later" Attack
How the Attack Works
Step 1: Harvest (Happening NOW - 2026)
Adversary intercepts encrypted traffic:
• VPN connections (encrypted with RSA)
• Email (S/MIME with RSA)
• Database backups (TDE with RSA keys)
• Cloud storage (AWS S3 with KMS RSA)
Storage: Hard drives, tapes, cloud (cheap storage)
Cost: Minimal (storage is pennies per GB)
Step 2: Wait (2026-2035)
Adversary waits for quantum computers:
• Monitors quantum computing progress
• Waits for Shor's algorithm to become practical
• Maintains encrypted data archive
Step 3: Decrypt (2035+)
Quantum computer breaks RSA:
• Factors RSA modulus in hours/days (vs billions of years classically)
• Recovers encryption keys
• Decrypts all captured data from 2026
Result: 10-year-old confidential data now compromised
Who Is Vulnerable?
High-risk targets (actively harvested): - ✅ Government communications: Classified cables, intelligence reports - ✅ Financial transactions: Wire transfers, trading algorithms - ✅ Healthcare records: Genetic data, long-term patient records - ✅ Corporate secrets: Merger plans, R&D data, trade secrets - ✅ Personal data: Biometric data, financial history
Attack economics: Adversary invests ~$1M/year (storage) for $100B+ potential value (state secrets, financial data)
Probability: ALREADY HAPPENING (NSA, China, Russia likely harvesting)
The Math: When Does Your Data Become Vulnerable?
Formula:
Vulnerable if: (Encryption Date + Data Retention) > Quantum Arrival Date
Examples:
2026 encryption + 5 year retention = 2031 expiration
vs 2035 quantum arrival
Result: ✅ Safe (data expires before quantum)
2026 encryption + 10 year retention = 2036 expiration
vs 2035 quantum arrival
Result: ❌ Vulnerable (quantum breaks before expiration)
2026 encryption + 30 year retention = 2056 expiration
vs 2035 quantum arrival
Result: ❌ HIGHLY vulnerable (20 years of exposure!)
Your calculation:
Your encryption date: 2026
+ Your retention period: _____ years
= Data expires: _____
Quantum arrival (est.): 2035
Vulnerable if expiration > 2035? _____
📊 Interactive vulnerability calculator
Regulatory Response Timeline
2022: NSA Announces CNSA 2.0
September 2022: NSA releases updated algorithm suite
Key change: Classical (RSA, ECDSA) → Quantum-resistant (ML-KEM, ML-DSA)
Deadline: January 1, 2030 (quantum-resistant mandatory for NSS)
Impact: 8-year transition period (2022-2030)
2024: NIST Publishes PQC Standards
August 13, 2024: NIST releases final PQC standards
Published: - ✅ FIPS 203: ML-KEM (key encapsulation) - ✅ FIPS 204: ML-DSA (digital signatures) - ✅ FIPS 205: SLH-DSA (stateless signatures)
Impact: Algorithms now standardized (can deploy in production)
Industry response: Early adopters (banks, healthcare, government) begin deployments
2025: White House Executive Order 14144
May 2025: Presidential directive on quantum readiness
Requirements: - Federal agencies inventory cryptographic systems (by Dec 2025) - Begin PQC migration (2026-2030) - Report progress quarterly to CISA
Impact: Federal procurement favors PQC-ready vendors
Competitive advantage: Vendors with PQC (like AnkaSecure) win contracts
2030: NSA CNSA 2.0 Deadline
January 1, 2030: Quantum-resistant algorithms mandatory for classified data
After 2030: - ❌ RSA, ECDSA not allowed for new classified data - ⚠️ Existing RSA data must migrate by 2035 (5-year grace period) - ✅ Only ML-KEM, ML-DSA, SLH-DSA approved
The rush problem: Agencies waiting until 2029 face vendor shortages, high costs
Smart strategy: Transition 2026-2029 (avoid rush, spread costs)
When to Deploy PQC (Decision Framework)
Deploy in 2026 (Immediate) if:
- [ ] Data retention > 10 years (financial, healthcare, government)
- [ ] Federal contractor (CNSA 2.0 deadline 2030)
- [ ] Highly regulated (banking, healthcare, defense)
- [ ] High-value data (trade secrets, classified, financial)
- [ ] Nation-state threats (APT groups targeting you)
Action: Start PQC deployment now
Deploy in 2027-2028 (Near-term) if:
- [ ] Data retention 5-10 years (moderate-term)
- [ ] Industry compliance requirements emerging (PCI DSS updates)
- [ ] Competitive advantage (market differentiation)
- [ ] Planning for scale (growing to federal contracts)
Action: Pilot in 2026, production in 2027
Can Wait Until 2029-2030 if:
- [ ] Data retention < 5 years (short-term)
- [ ] Low-sensitivity data (public, internal use only)
- [ ] No regulatory requirements (no federal, no healthcare)
- [ ] Small organization (< 20 employees, limited budget)
Action: Monitor NIST updates, budget for 2029 migration
Risk: Last-minute rush (vendor shortages, high costs)
The Cost of Waiting
Scenario: Wait Until 2029 (Last-Minute)
Problems:
Vendor shortages (everyone migrating simultaneously): - 2029: All federal agencies scrambling to meet 2030 deadline - Vendor capacity exhausted (long wait times) - Premium pricing (supply/demand, vendors charge more)
Rushed deployment (high risk): - Insufficient testing (security vulnerabilities) - Downtime (unplanned outages) - Data loss (migration errors)
Estimated cost (2029 migration):
Traditional migration: $840,000 (rushed, premium pricing +50%)
= $1,260,000
AnkaSecure (if available): $30 + premium ($100 rush fee)
= $130
But: Vendor availability NOT guaranteed (may be fully booked)
Scenario: Deploy in 2026 (Proactive)
Benefits:
Vendor availability (no rush): - Choose vendors (competitive market) - Negotiate pricing (buyers market) - Extensive testing (2-3 year validation period)
Gradual migration (low risk): - Phased rollout (10% per quarter) - Continuous validation - Rollback capability
Cost (2026 migration):
Savings: $1,259,970 (vs 2029 rushed migration)
Plus: 4 years of quantum resistance (data protected 2026-2030)
The Quantum Threat Landscape
Who Can Build Quantum Computers?
Countries with active programs: - 🇺🇸 USA: IBM, Google, Microsoft, Amazon (Rigetti) - 🇨🇳 China: University of Science and Technology, Alibaba - 🇪🇺 EU: IQM (Finland), Pasqal (France) - 🇨🇦 Canada: Xanadu, D-Wave - 🇯🇵 Japan: RIKEN, Fujitsu
Investment: $10B+ annually (government + private sector)
Conclusion: Quantum computing is well-funded, progress is real
What Data Is At Risk?
Encrypted data vulnerable to quantum attacks:
| Data Type | Typical Retention | Quantum Vulnerable? |
|---|---|---|
| Application logs | 30-90 days | ✅ No (expires before quantum) |
| Customer passwords | Active users | ⚠️ Maybe (hash, not encrypt) |
| Credit card data | 18 months (PCI DSS) | ✅ No (short retention) |
| Financial transactions | 7-10 years | ❌ YES (overlaps quantum timeline) |
| Patient health records | 30 years | ❌ YES (vulnerable 2035-2056) |
| Classified documents | 50+ years | ❌ YES (highly vulnerable) |
| Trade secrets | Indefinite | ❌ YES (permanent vulnerability) |
Rule of thumb: Data retention > 10 years = Quantum vulnerable
PQC Migration Strategies by Timeline
Strategy 1: Immediate PQC (2026)
Who: Federal, financial, healthcare, high-security
Approach: Deploy pure ML-KEM from day 1
curl -X POST https://api.ankatech.co/keys \
-d '{"algorithm":"ML_KEM_1024","purpose":"IMMEDIATE_PQC"}'
Timeline: 1-3 months
Cost: $30 (AnkaSecure config-driven)
Benefit: Immediate quantum resistance
Strategy 2: Hybrid Transition (2026-2029)
Who: Most enterprises, gradual adopters
Approach: Composite keys (RSA + ML-KEM)
curl -X POST https://api.ankatech.co/keys/composite \
-d '{
"classicalAlgorithm":"RSA_4096",
"pqcAlgorithm":"ML_KEM_1024",
"mode":"HYBRID_KEM_COMBINE"
}'
Timeline: 3-year gradual transition
Benefits: - ✅ Quantum resistance (ML-KEM component) - ✅ Rollback capability (RSA fallback) - ✅ Low risk (defense-in-depth)
Cost: $30 + monitoring (negligible)
Strategy 3: Wait and See (2029-2030)
Who: Low-risk organizations, short retention
Approach: Monitor quantum progress, migrate when necessary
Timeline: 3-4 years from now
Risk: Last-minute rush (vendor shortages, high costs)
Cost: Unknown (depends on 2029 market conditions)
What Experts Say
NIST (National Institute of Standards and Technology)
Quote (from NIST PQC project):
"Organizations should begin transitioning to quantum-resistant cryptography as soon as practical. The threat of 'harvest now, decrypt later' attacks is real and immediate for data with long confidentiality requirements."
Recommendation: Start transition in 2024-2026 (avoid 2029 rush)
NSA (National Security Agency)
Quote (from CNSA 2.0 announcement):
"All National Security Systems must transition to quantum-resistant algorithms by 2030. Organizations should begin planning and pilot deployments immediately."
Deadline: January 1, 2030 (mandatory for classified data)
Industry Analysts (Gartner, Forrester)
Gartner prediction:
"By 2026, 40% of enterprises will have initiated post-quantum cryptography projects. By 2029, this will reach 80% as the 2030 deadline approaches."
Market dynamics: - 2026: Early adopters (competitive advantage) - 2027-2028: Mainstream adoption (standard practice) - 2029: Late adopters (last-minute rush, high costs)
Recommendation: Join early adopters (2026) for vendor availability and lower costs
Test Your Quantum Readiness
Quantum Readiness Checklist
Infrastructure: - [ ] Inventory all systems using RSA/ECDSA encryption - [ ] Identify data with retention > 10 years - [ ] Assess quantum threat relevance (nation-state targets?) - [ ] Calculate data value (what if compromised in 2035?)
Compliance: - [ ] Check regulatory requirements (CNSA 2.0, PCI DSS updates, HIPAA) - [ ] Review contracts (federal contracts require PQC by 2030) - [ ] Assess liability (data breach costs if quantum attack succeeds)
Technical: - [ ] Test PQC algorithms (ML-KEM encryption performance) - [ ] Pilot deployment (1-2 non-critical applications) - [ ] Measure performance impact (latency, throughput) - [ ] Plan migration timeline (phased over 2-3 years)
Business: - [ ] Calculate migration cost (traditional vs AnkaSecure) - [ ] Assess ROI (cost avoidance, compliance, competitive advantage) - [ ] Get executive buy-in (present business case) - [ ] Budget allocation (2026-2029 phased spending)
📥 Download readiness checklist (PDF, printable)
What's Next?
Ready to assess your risk? - 🔍 Take assessment (5-minute quiz) - 📊 Vulnerability calculator (when does YOUR data become vulnerable?) - 📥 Download risk report (12-page detailed analysis) - 📧 Request consultation (free 30-min threat assessment)
Start your PQC journey: - Migration strategy - Complete roadmap - NIST compliance - Federal requirements - Why AnkaSecure - Platform overview
Explore quantum protection: - Composite keys - Defense-in-depth strategy - Algorithm selection - Choose right PQC algorithm - Performance impact - How fast is PQC?
Have questions? Email [email protected] or join our community forum
Last updated: 2026-01-07 | Quantum timeline estimates based on NIST, NSA, and industry consensus