Defining quantum cybersecurity

Before we look at quantum computing in cybersecurity, let’s start by defining the field of quantum computing itself. Despite emerging in the 20th century and undergoing various technological developments since then, quantum computing remains largely a theoretical topic. It’s an imagining of a future where quantum devices create faster machine learning algorithms and develop more intelligent AI systems.

Quantum computers are naturally compared to regular computers—the word "compute" in the name refers to the computers’ ability to parse binary values. Classic computers, as well as smartphones and tablets, take all input as bits—binary values of 1 and 0—and translate them into output that can be seen on a screen, such as this blog post.

Quantum computers approach the input and output with more complexity. Instead of the binary system, quantum computing uses quantum bits. These qubits, as they are also called, introduce a superposition state of both 0 and 1 simultaneously. While regular computers are limited to calculating each 1 and 0 individually, qubits include values of 00, 01, 10, and 11.

In short, quantum computers can parse more values at a much higher rate. One of the most practical applications of qubits is processing cryptography schemes that are used for encryption. This application was developed by Professor Peter Shor at MIT in 1994 and is aptly named Shor’s algorithm.

Quantum computing goes beyond the borders of today’s fundamental physics and into the particle level of quantum physics. Due to the sophistication and limited practicality of quantum computers, it’s unlikely they will fully replace classic computers. Instead, they’ll be used as tools to solve problems that our current technology can’t crack.

In cybersecurity, quantum computing is expected to be a key player in detecting cyberattacks in the early stages, before any significant damage is done. It will probably also be used to develop stronger cryptography standards that better protect digital data. More use cases may appear as the technology develops, but researchers can already draw prospects for cybersecurity.

Quantum key distribution and quantum cryptography

One of the biggest prospects seen in quantum cybersecurity is its potential to create fully protected communications channels. Quantum mechanics is being used to develop quantum key distribution and quantum cryptography.

Quantum cryptography (QC) is an umbrella term for encrypted communications that use quantum physics to keep complete privacy between all communication channels and detect any attempts at eavesdropping. Quantum security systems are highly dependent on the concept of quantum cryptography, as it should theoretically solve issues of data replication and obscure attempts to read encrypted data.

Quantum key distribution (QKD) is considered a form of quantum cryptography and refers to a mechanism for encrypting and decrypting messages. It uses a cryptographic protocol to generate a secret key that’s shared and known only between a single pair of sender and recipient. QKD cannot be used to authenticate the source of the transmission; it's responsible only for key creation. The process is hardware-dependent and requires fiber connections to be successfully performed.

Despite the high potential of quantum encryption algorithms, this technology remains too expensive and inaccessible for mainstream implementation in the near future.

Breaking down the three PQC algorithm families

While quantum cryptography is one path forward, most near-term protection will come from post-quantum cryptography (PQC) — classical algorithms designed to resist quantum attacks. NIST's standardization work has narrowed the field to three leading mathematical families, each built on a different "hard problem" that quantum computers struggle to solve.

  • Lattice-based cryptography rests on the difficulty of finding specific points in a high-dimensional grid, or lattice. In two or three dimensions, the task is trivial; in 400 dimensions, it is computationally out of reach, even for a quantum machine. Lattice problems underpin some of NIST's first selected PQC algorithms.

  • Hash-based cryptography builds on one-time signature schemes — small, well-understood primitives whose security depends only on the strength of the underlying hash function (such as SHA-2 or SHA-3). Stacking these into structures like Merkle trees allows a single master public key to sign many messages.

  • Code-based cryptography uses error-correcting codes, a technique pioneered by McEliece and Niederreiter in the late 1970s. Decoding a random linear code without the secret key is a problem that has resisted attack from both classical and quantum methods for more than 40 years.

Each family offers a different balance of key size, signature size, and performance, which is why standards bodies are advancing several in parallel rather than picking a single winner.

From Y2K to Y2Q: bracing for the quantum leap

In the late 1990s, as the internet slowly stretched its reach, scientists started cautiously bracing for the impact that the year 2000 could bring. How would a computer distinguish between a date in 1900 and one in 2000, abbreviated to its last two digits? This problem, called Y2K, was seen as the ultimate doomsday scenario for the still-fresh global network. The reality was far less dramatic. Errors related to the new millennium were few and far between, and the anticipated financial damages did not materialize.

The quantum era might not be quite on the horizon yet, but quantum researchers are already considering how breakthroughs in quantum computing might impact the internet. Just as January 1, 2000, was supposed to be the day that broke the internet, the day when quantum computing has its breakthrough—aptly named Q-Day—will end cybersecurity as we know it.

The main victim of Q-Day will be current data encryption algorithms. The arrival of quantum cryptography and its practical implementation will mean that today's methods become obsolete, breachable by quantum systems in seconds. This would pose a threat to all networks connected to the internet, from individual users to businesses and governments. Y2Q researchers focus on preparing shields for this day to minimize the damages.

The exact Q-Day is impossible to predict—it may be years or decades away. This is both an advantage and a setback. Scientists, for now, have time to work out Y2Q scenarios, but they can’t be sure how or when the clock will stop ticking.

Quantum cybersecurity benefits

Most discussions about how quantum security will benefit users are still theoretical, although some use cases are already applicable with the right computational power. Current research shows potential for quantum computing security and cryptography to become the norm, shaping new types of cyber threats and defenses alike.

Perhaps the biggest prospect of quantum computing is its potential scalability. As quantum computers become more widespread and handle increasing amounts of data, they will be able to offer more computational power. Organizations will then be able to apply quantum mechanics to optimize data management and encoding for business and internal security.

Quantum calculations are essential to developing more advanced cryptographic algorithms known as post-quantum cryptography (PQC). Currently, algorithms are pseudo-random number generators (PRNGs). They cannot generate truly random encryption numbers because the code they're built on can never be purely random and always follows a pattern.

Thanks to their computational power and use of quantum physics, quantum algorithms are expected to act as truly random number generators (TRNGs). By offering pure randomization, quantum computers will provide the highest possible standard of data security. They will be virtually impenetrable because guessing the random number correctly is patternless.

Instead of using symmetric (AES) or asymmetric (RSA) cryptography, PQC will use new algorithmic models to protect data from pre- and post-quantum threats alike. It will also be able to predict events targeting databases and internal systems before they occur and detect any anomalies that signal breaches.

Quantum-protected communication channels and global networks will also be a possibility in the future. They will use unbreakable encryption keys on all ends of the channels to prevent external parties from interfering. The earliest tests for wireless quantum networks were completed in the early 2000s. Current networks support quantum key communication distribution as long as the transmission does not exceed 100 kilometers of optical fiber. However, the quantum internet is expected to join the global network in the next couple of decades. This will allow businesses and individuals to improve digital safety through a more reliable and resistant network than the current wireless infrastructure.

The risks of quantum computing in cybersecurity

The prospects of employing quantum computing in cybersecurity are broad. However, we cannot ignore the other side of the coin – that the technology can be just as effectively used for nefarious purposes. The UK’s National Cyber Security Centre (NCSC) has already published a whitepaper detailing the potential threats of quantum computing development and how to mitigate them.

Quantum computers can cause trouble when dealing with algorithms. Algorithms act as instructions for solving complex mathematical formulas. Classic computers using bits have limited computational power compared to quantum computing. Quantum machines add qubits to the equation and can solve these difficult numerical problems much more quickly, as long as there is enough power available.

One of cybercriminals’ biggest challenges today is acquiring encrypted data that they can't unscramble. Such information is useless while it remains incomprehensible, protected by symmetric or asymmetric encryption algorithms.

The expectation is that the computational power of quantum computers would be enough to crack widely used encryption schemes—including AES, RSA, ECC (Elliptic Curve Cryptography), and the Diffie-Hellman key exchange—without regular computers detecting it, as the data would have already been stolen. If executed, such a decryption event would have the potential to trigger one of the biggest mass data breaches in history.

However, as daunting as it may seem, such an incident is still low-risk. That’s down to the computational power required to decipher data. It would take millions of qubits to break through advanced encryption—a power level that no quantum computer can currently handle.

Quantum decryption is one of the focal research topics in this field. Figuring out how rapidly the technology is developing can make it easier to work on defenses against its potential negative effects. In response to these threats, quantum computing scientists and engineers are working on creating quantum-resistant encryption algorithms and the earliest versions of PQC algorithms.

As quantum computers with enough power to cause significant threats to our online presence inch closer to reality, so do algorithmic solutions that will provide even stronger protection for data than the current mainstream cryptography.

Tech companies’ strategies against quantum computing risks

While the timeline of quantum computing developments remains murky, the threat landscape is already taking shape, allowing businesses to start considering their defense strategies.

Following the news in the cybersecurity world and seeing how the latest technologies can be implemented could be a game-changer for many organizations. Companies upgrade the encryption algorithms they use for data protection and ensure their software and hardware are current. Although such developments aren't frequent, each breakthrough is significant. For instance, Apple has taken steps ahead of the curve by implementing the PQ3 post-quantum cryptographic protocol in its messaging service.

NIST is already working on post-quantum cryptography standardization, setting a framework for data protection against classical and quantum threats. In its first round of standardized algorithms, NIST selected CRYSTALS-Dilithium, FALCON, and SPHINCS+ for digital signatures, and CRYSTALS-KYBER for public key encryption. Each draws on a different mathematical foundation—lattice problems for CRYSTALS-Dilithium, CRYSTALS-KYBER, and FALCON, and hash functions for SPHINCS+—so a future weakness in one family does not collapse the entire standard. 

This will allow businesses to prepare their quantum computing security strategies for the new era of cyber threats.

How will quantum computing affect artificial intelligence applications?

The topic of quantum computing is closely tied to artificial intelligence. Currently, quantum computing is primarily used for researching and developing machine learning (ML) models, particularly quantum natural language processing (QNLP). Machine learning is used to teach computers to parse large quantities of information, create predictions, and make decisions—the fundamentals of artificial intelligence development.

Artificial intelligence and quantum technology are still in their relative infancy, and the future outlook for both is unpredictable. However, breakthroughs in quantum computing are generally assumed to directly affect AI algorithms and their applications by speeding up machine learning processes.

AI running on quantum computers may also help develop new security strategies. Post-quantum cryptography will be a game-changer, introducing different, more randomized, and reliable encryption algorithms. Using quantum AI, security teams will be able to predict complex system attacks and set up defenses promptly.

Current versions of AI are resource-intensive, requiring massive amounts of power to operate. Trying to run artificial intelligence algorithms on quantum computers with the current technology is still unsustainable. However, as this technology develops, quantum computers will be able to substitute part of AI's power requirements, making processes both faster and more energy-efficient.

The ideas for AI applications in quantum computing cybersecurity are still highly speculative and can verge into the sci-fi realm. Researchers can only expect that quantum computers will lead to new breakthroughs in AI development.

Bottom line

Quantum computing has the potential to alter our perception of cybersecurity as we know it today. Given its potential to be used both as a destructive force and as a protective tool, quantum computing in cybersecurity is undeniably a topic that experts cannot overlook. The future beyond quantum physics is hard to imagine. But one thing is certain—the security of our data will be as important as ever.

Organizations don’t need to wait for Q-Day to start preparing. A practical first step is to map where sensitive data lives, how long it needs to stay confidential, and which systems still rely on RSA, ECC, or Diffie-Hellman. Long-lived secrets (intellectual property, customer records, government data) are the most exposed to "harvest now, decrypt later" attacks, where adversaries collect encrypted traffic today to decrypt once a powerful enough quantum computer exists.

From there, the work shifts to building a defense-in-depth posture that does not depend on any single layer. Useful actions to plan for include:

  • Adopting quantum-safe networks based on NIST-selected PQC algorithms.

  • Applying network segmentation to limit how far an attacker can move after a breach.

  • Implementing zero-trust architectures so that no user, device, or workload is trusted by default.

  • Using 5G private networks for sensitive workloads that need both isolation and modern transport security.

  • Re-encrypting stored data with quantum-resistant algorithms, prioritizing archives that must remain confidential for a decade or more.

  • Building crypto agility into systems so that algorithms can be swapped without rewriting applications.

NordPass strives to stay ahead of the curve and is ready to adopt the next big development in quantum cybersecurity. Until post-quantum security becomes a reality, NordPass offers the next best thing. Our password manager uses the modern XChaCha20 encryption algorithm, invented by post-quantum cryptography researcher Daniel J. Bernstein and already used by some of the pioneers in quantum computing research like Google and Cloudflare.

Start preparing for the quantum future by protecting your organization's data with an advanced password manager. Keep passwords, passkeys, and other sensitive information in a securely encrypted vault, enable strong IT password management, and stay ahead of data breaches with NordPass.