About
Subscribe

The future is already stealing secrets

Quantum computing shifts cyber security into a new era in which encrypted data could be stolen today only to be decrypted years later.
Dr Jannie Zaaiman
By Dr Jannie Zaaiman, CEO, South Africa Information and Communication Technology Association.
Johannesburg, 07 Jul 2026
Dr Jannie Zaaiman, CEO of the South Africa Information and Communication Technology Association, a non-governmental, non-profit professional body.
Dr Jannie Zaaiman, CEO of the South Africa Information and Communication Technology Association, a non-governmental, non-profit professional body.

For decades, encrypted was considered secure because cracking it would take classical computers thousands or even millions of years. The quantum threat changed the equation entirely.

Attackers no longer needed to decrypt stolen information immediately. They only needed patience. And foresight is something state actors and well-resourced criminal organisations seem to have in abundance.

They can harvest and store encrypted data today in the expectation that future computing advances will make it possible to crack it. It is a that requires no sophistication at the point of , only foresight.

Uncomfortable math

People had been lulled into complacency because modern encryption never appeared to catastrophically fail. Peter Shor’s 1994 warning remained theoretical. 

Currently, the biggest threat to any organisation comes from within because two-thirds of passwords can be cracked within a day as people remain spectacularly unimaginative, cheerfully using “123456” and leaving the door ajar.

The waiting game is being shaped less by classical Moore’s law than by a combination of quantum hardware scaling, error correction and algorithmic improvement. For decades it drove an almost relentless expansion in computing power, making machines faster, smaller and cheaper at a pace that reshaped modern society.

The concern is that attackers harvesting encrypted data today may eventually be rewarded for their patience.

On its own, even that exponential growth did not fundamentally threaten modern encryption. But paired with something else, it pointed toward an uncomfortable destination.

But wait. Shor has shown that a sufficiently powerful quantum computer could break many of the encryption systems underpinning the modern internet far faster than any classical machine.

If fault-tolerant quantum computing continues to advance, Shor’s algorithm could eventually become practical against widely used public-key systems such as RSA, Diffie-Hellman and elliptic-curve cryptography. As a result, the conclusion that data that had been “safely” stored will eventually become vulnerable is hard to ignore.

Steam train incoming

That inflection point is rapidly approaching. We are in a transitional phase toward quantum computing – not just a faster machine, but one that processes calculations in an entirely different way.

Classical computers work in bits, and every value is either a 0 or a 1. Quantum computers use qubits, which can exist in multiple states simultaneously, allowing certain problems to be solved dramatically faster.

Currently, quantum computing is no longer purely theoretical, but it is nowhere near capable of cracking modern internet-scale encryption. That middle ground is exactly why the harvest-now, decrypt-later concern is real and present.

Major companies and governments have built working quantum processors with hundreds, and in some cases more than 1 000, physical qubits, but these systems remain noisy, error-prone and extremely unstable.

In 2023, IBM announced its Condor processor, the first to surpass 1 000 qubits, at 1 121. California-based Atom Computing has since developed a neutral atom quantum computer at 1 225 qubits, using trapped neutral atoms rather than superconducting circuits.

The concern is that attackers harvesting encrypted data today may eventually be rewarded for their patience.

Targeting gold

The target these machines are increasingly being measured against is RSA – one of the foundational public-key cryptography systems that still underpins large parts of the internet today. Named after its creators Rivest, Shamir and Adleman, RSA made public-key cryptography practical.

One public key, shared openly. One private key, kept secret. A message encrypted with the public key can only be unlocked with the matching private key, and its security rests on how hard it is to factor very large numbers.

For classical computers, that problem is effectively unsolvable at the key sizes in use today. For a sufficiently powerful quantum machine, it is not.

Mathematicians are already working out how many qubits it would take. In 2019, Craig Gidney and Martin Ekerå estimated around 20 million qubits and eight hours to break a 2 048-bit RSA key. A newer 2025 paper by Gidney has since proposed mechanisms that could bring that number down considerably.

Hunter gatherers

We are still a long way from any of those numbers. RSA’s limitations also matter in the meantime as it is slow and handles only small amounts of data, so it is almost exclusively used to exchange keys or authenticate identities rather than encrypt files directly. The attack surface is therefore broader than RSA alone.

For now, properly implemented RSA-2048 remains secure against practical quantum attack. But the assumption that today’s public-key protection will remain safe indefinitely has already disappeared.

Share