Quantum computing encryption: Why 1024-bit security is no longer safe
We are looking at a fundamental shift in data security.
Quantum computing encryption is not a future problem. With quantum computing appearing over the horizon, anyone still using traditional 1024-bit security is at the mercy of hackers.
Maybe not immediately. But harvesting data now for decryption later really is an issue.
Think about what your organisation holds today. Financial records. Healthcare data. Legal documents. Intellectual property. Patient records in the NHS. Client files in a law firm. Transaction histories in a bank. Any of that data, if intercepted now, can be stored by an attacker and decrypted once the hardware catches up. That is not a distant threat. It is the position many organisations are already in, without knowing it.
What quantum computing encryption actually does to your data
Quantum computing has been discussed for the past few years and has started to appear in labs for demonstration.
It will be a game-changing technology over the next few years, but it has some time yet to become relevant in the corporate space.
One area that will be affected, and if rumours are true, is already in existence, is the ability for quantum to break the current 1024-bit encryption technology prevalent across the market.
Any data encrypted using current standards is considered lost if you suffer a breach. It may not be immediately decrypted. But it is only a matter of time before it is.
Why 1024-bit RSA is specifically at risk
The encryption protecting your systems relies on a mathematical problem that classical computers cannot solve in any practical timeframe. RSA, Elliptic Curve Cryptography, Diffie-Hellman. All of them depend on that assumption. Quantum computers break that assumption using Shor’s algorithm. A machine with enough stable qubits can factor the integers underpinning RSA in hours rather than thousands of years.
The algorithm already exists. In May 2025, Google Quantum AI researcher Craig Gidney published research showing RSA-2048 could be broken with fewer than one million noisy qubits, down from earlier estimates of 20 million. 1024-bit RSA requires far less than that. Read the paper.
NIST has already called time on it. The US National Institute of Standards and Technology has earmarked 112-bit equivalent security, which is what 1024-bit RSA provides, for deprecation after 2030 and plans to disallow it entirely after 2035. See NIST IR 8547.
The risk is not waiting for quantum computers to arrive
This is the question most organisations get wrong. You do not need to wait for Q-Day to be exposed. Nation-state actors are already collecting encrypted data. So are sophisticated criminal groups. They store it now and decrypt it once the hardware exists. This is called a harvest now, decrypt later attack. Cloudflare documents this clearly. Encrypted traffic captured today can be decrypted after Q-Day. Read Cloudflare’s 2025 State of the Post-Quantum Internet report.
For sectors that hold data with a long confidentiality requirement, this matters more than most. A patient record that needs to stay private for decades. A government contract that cannot be exposed for twenty years. A legal file that must stay sealed. The attacker does not need to read it today. They just need to keep it.
Attackers are already collecting your encrypted data. They will decrypt it later. If you use 1024-bit RSA, that data can be considered lost. Share on X
How close is Q-Day?
Nobody knows exactly. Most credible researchers put a realistic threat to RSA-2048 in the mid-2030s. IBM’s roadmap targets its first error-corrected quantum computer by 2029. Around one in three security experts consider a disruptive quantum threat likely within a decade. Global Risk Institute Quantum Threat Timeline Report, 2024.
What we do know is that migrating enterprise encryption across a large organisation takes years. Financial services firms, healthcare providers, government departments and large corporates all have estates that have accumulated cryptographic dependencies over decades. You are not switching a setting. You are changing the foundations. Organisations that wait for certainty before starting will almost certainly be too late.
How do you protect yourself? Three steps.
This is not a straightforward process. Quantum computing encryption requires a structured approach across your applications, networks and cryptographic dependencies. There are three clear steps to follow, and we have a programme to deliver the outcomes.
To protect yourself against the threat there are three steps to follow:
Step 1: Find out where you currently use crypto technology in your apps
Start with discovery. Find out where cryptography sits across your entire estate. For most organisations this is a bigger job than expected. Database connections, API authentication, internal service calls, digital certificates, VPN tunnels, background jobs, cloud integrations. Much of it is invisible in day-to-day operations. You need a clear inventory: where encryption is in use, which algorithms are running, and what key lengths are in place. If you are running 1024-bit RSA anywhere in your applications, that becomes an immediate priority. You cannot protect what you have not found.
Step 2: Work out the interactions between network and application environments (TLS, SSL, etc)
Cryptographic protocols do not sit alone. TLS and SSL sessions, certificate chains, VPN tunnels, authentication flows all create dependencies across your network and application layers.
Change one component without understanding what it connects to and you risk outages or gaps. Changing a certificate in one system can break a handshake in another. A protocol upgrade in one layer can cut off a legacy integration.
You need to map those dependencies before you touch anything. This is also where you plan for the hybrid period, running classical and quantum-safe encryption side by side while the migration takes place. That parallel running is how you keep the business operational throughout.
Step 3: Apply quantum-safe algorithms
In August 2024, NIST published the first post-quantum cryptography standards. Read the NIST announcement.
- FIPS 203 (ML-KEM, based on CRYSTALS-Kyber) for encryption and key exchange
- FIPS 204 (ML-DSA, based on CRYSTALS-Dilithium) for digital signatures
- FIPS 205 (SLH-DSA, based on SPHINCS+) as a backup signature scheme
In March 2025, NIST added HQC as a fifth algorithm, giving organisations more cryptographic options. See NIST IR 8545.
These standards replace the mathematical foundations that quantum computers would otherwise break. Migrating to them is how you protect against both the future quantum threat and the harvest now, decrypt later attacks happening today.
The recommended approach is hybrid migration: run classical and post-quantum algorithms in parallel. This keeps your systems interoperable and your business running while you make the transition
Frequently Asked Questions FAQ’s
Q: How long does a quantum encryption migration take?
For most enterprise organisations, between two and five years. The more legacy infrastructure you have, and the more hard-coded cryptographic dependencies, the longer it takes. A financial services firm with thirty years of accumulated systems will face a different challenge to a newer technology business. Starting the discovery phase now is the single most important step.
Q: Is quantum computing encryption a current risk or a future one?
Both. The quantum computing encryption threat is active today through harvest now, decrypt later attacks. The full decryption capability arrives later, but the data collection is happening now. If you hold data that needs to stay confidential for five or more years, treat it as a current risk. Healthcare records, legal files, government data and financial transaction histories all fall into that category.
Q: What tools support quantum-safe compliance monitoring?
Cryptographic discovery and monitoring tools can scan your applications and network environments for vulnerable algorithms. Northdoor can advise on the right tooling for your environment, aligned with NIST, NCSC and CISA guidance.
Q: What is crypto agility and why does it matter?
Crypto agility means building your systems so that cryptographic algorithms can be changed without rebuilding the applications around them. If your estate does not have it, every step of this migration gets harder. It is also what allows you to respond quickly when standards develop further, which they will.
Speak to a quantum engineer at Northdoor
We work with organisations in financial services, healthcare, government and large corporates to assess their current cryptographic position and build a clear path to quantum-safe security.
This is not a straightforward process. But we have a three-step programme to deliver the outcomes. If you would like to speak to a quantum engineer, please contact us.