The Quantum Threat in Five Ideas
The threat to cryptography is the most investable part of the theme because its demand is driven by regulation and timelines, not by whether quantum computers work yet. A future fault-tolerant machine would break the encryption that secures the internet.
| Concept | What it means |
|---|---|
| Q-Day | The day a quantum computer can break RSA-2048 and elliptic-curve cryptography. Consensus estimates cluster around 2030, give or take a few years. |
| Harvest now, decrypt later | Adversaries capture encrypted data today to decrypt once a quantum computer exists, so long-lived secrets are already at risk regardless of when Q-Day actually arrives. |
| Shor's algorithm | The quantum algorithm that breaks RSA and elliptic-curve cryptography. It needs a large fault-tolerant machine that does not yet exist at scale. |
| Post-quantum cryptography | New encryption based on math believed hard even for quantum computers. NIST finalized the first standards in 2024 and the migration can start now. |
| Mandated spend | OMB estimates roughly $7.1B for US federal civilian agencies alone (2025 to 2035); private-sector and global spend is a large multiple, and the deadlines are fixed. |
NIST Post-Quantum Cryptography Standards
The standardized algorithms that replace today's quantum-vulnerable encryption. NIST finalized the first three in August 2024, with two more on the way as backups based on different underlying math.
| Standard | Algorithm | Status |
|---|---|---|
| FIPS 203 | ML-KEM (from Kyber) | Final (Aug 2024) |
| FIPS 204 | ML-DSA (from Dilithium) | Final (Aug 2024) |
| FIPS 205 | SLH-DSA (from SPHINCS+) | Final (Aug 2024) |
| FIPS 206 | FN-DSA (from FALCON) | Draft |
| FIPS 207 | HQC | Selected 2025, target 2027 |
Post-Quantum Migration Deadlines
The binding government deadlines forcing the migration to post-quantum cryptography. The clustering of hard dates between 2027 and 2035 is what makes this a near-certain, multi-year spend across government, defense, finance, and infrastructure.
USEUFranceUK
Post-Quantum Security Vendors
Companies selling into the migration, by layer. The pure-plays are tiny-revenue and narrative-sensitive; the large-caps treat post-quantum cryptography as one feature among many. This is the investable surface of the quantum threat.
| Company | Ticker |
|---|---|
| Arqit Quantum | ARQQ |
| SEALSQ | LAES |
| Quantum eMotion | QNC |
| Cloudflare | NET |
| Palo Alto Networks | PANW |
| IBM | IBM |
| Thales | HO |
| ID Quantique / Quantinuum | IONQ / QNT |