:::info All images in this article AI-generated by the author using NightCafe Studio.

:::

Post-Quantum Cryptography For Dummies

The Quantum Doomsday Clock

In 1994, a mathematician at Bell Labs named Peter Shor published a paper that became a quiet, ticking time bomb placed at the foundations of our digital world.

He didn't build a weapon; he wrote a recipe—an algorithm.

This algorithm was a theoretical proof that if humanity could ever construct a computer based on the bizarre laws of quantum mechanics, the mathematical locks protecting everything from government secrets and bank accounts to the very fabric of cryptocurrencies like Bitcoin could be picked in mere hours.

For decades, this threat remained theoretical.

But now, as quantum computers grow from lab experiments into million-qubit prototypes, the clock is ticking faster.

This is the story of that algorithm, the digital infrastructure it threatens, the immediate danger it poses today, and the global race to build a new generation of cryptography before the clock strikes zero.

The Digital Locksmith's Secret: How RSA and ECC Built the Modern Internet

\

Before we can understand the quantum threat, we must understand the ingenious invention that secured our world: Public-Key Cryptography.

Before the 1970s, if you wanted to send a secret message, you needed a pre-shared secret key, like in old spy movies.

This was unworkable for a global network like the internet.

The solution was a system where everyone has two keys:

\

1. A Public Key, which you can share with anyone. Think of it as an open padlock. You can send millions of these padlocks out into the world.
2. A Private Key, which you keep absolutely secret. It is the only key in existence that can open your padlock.

If someone wants to send you a secure message, they place it in a box, snap your public padlock shut on it, and send it to you.

Once locked, not even they can open it.

Only you, with your unique private key, can unlock the box and read the message.

This is the magic behind the little lock icon in your browser, securing everything you do online.

This system relies on mathematical problems called "one-way functions"—operations that are easy to do in one direction but practically impossible to reverse.

RSA Cryptography: The Internet's Bedrock

The first and most famous public-key system is RSA (Rivest-Shamir-Adleman). Its one-way function is prime factorization.

• Easy Direction (Locking): To create your keys, you pick two massive, secret prime numbers and multiply them together to get a huge public number, N.
• Hard Direction (Breaking): If someone knows your public number N, the only way for them to derive your private key is to figure out the two original prime numbers you used to create it. For a number with 600 digits (the length used in RSA-2048 encryption), the world's most powerful supercomputer would need billions of years to find those factors.

Because of this incredible security, RSA became the workhorse of the internet, forming the backbone of the TLS/SSL protocol that secures web traffic, email, VPNs, and virtually all online commerce.

Elliptic Curve Cryptography (ECC): The Leaner, Meaner Successor

As computing power grew, the numbers needed for RSA had to get larger and larger, making it slower. A more efficient system emerged: Elliptic Curve Cryptography (ECC). Bitcoin, along with most modern secure messaging apps, uses ECC.

• Easy Direction: Its one-way function involves "point addition" on a complex, curved surface. You start at a public point G and "add" it to itself a secret number of times (k) to land on a new point, P.
• Hard Direction: Knowing the start point G and end point P (the Public Key), it is impossible for a classical computer to determine k (the Private Key).

Both RSA and ECC are built on the same principle: a mathematical one-way street that is easy to travel but impossible to reverse.

Peter Shor's algorithm, however, is a quantum bulldozer that can drive straight back up that street.

Shor's Algorithm – The Quantum Lockpick

\

To grasp Shor's Algorithm, you must discard the idea of "guessing factors faster."

A quantum computer doesn't try every number at once.

Instead, it brilliantly transforms the factoring problem into a different kind of problem it is naturally suited to solve: finding a hidden rhythm, or a period.

Shor's genius was realizing that both factoring (for RSA) and the discrete logarithm problem (for ECC) are mathematically equivalent to finding the period of a long, repeating sequence.

Imagine a clock. If you repeatedly perform a specific modular arithmetic operation, the results will eventually create a repeating cycle. The length of this cycle is called the period, r.

For a classical computer, finding this period is as hard as the original problem because the sequence looks random for trillions of steps.

But for a quantum computer, finding a period is as natural as a musician picking a note out of a chord.

The core of the algorithm is the Quantum Fourier Transform (QFT).

It acts like a mathematical prism.

\

1. Superposition (The White Light): The quantum computer first prepares a register representing all possible inputs to the function simultaneously.
2. Encoding (The Imprint): It runs a function that encodes the hidden rhythm of the sequence into the quantum state.
3. The QFT (The Prism): The QFT is then applied. All the wrong frequencies (incorrect periods) cancel each other out through destructive interference. The one correct frequency—the hidden period r—amplifies itself through constructive interference.
4. Measurement (The Result): When you measure the computer, the number that emerges with high probability is the period, r.

Once you have the result, a simple classical calculation uses it to break the lock and derive the private key.

The quantum computer does the one impossible part—finding the period—and hands the key to a classical computer to finish the job.

The Immediate Threat – "Store Now, Decrypt Later"

\

The common rebuttal to the quantum threat is, "But we don't have powerful quantum computers yet."

:::warning This dangerously misunderstands the nature of the attack.

\ Every person on the Internet must understand this - and that is one of the reasons I decided to write this article.

\ Quantum Computers, even if they will only work by 2040, are a serious threat today.

:::

The threat is not just in the future; it has already begun, through a strategy called Store Now, Decrypt Later (SNDL).

The process is simple and devastating:

\

1. Harvesting (Store Now):

2. Hostile actors—governments, intelligence agencies, or sophisticated criminal groups—are currently intercepting and recording vast amounts of encrypted internet traffic.

3. They are capturing everything: sensitive government communications, corporate trade secrets, financial transactions, private health records, and encrypted backups.

4. They cannot read any of it today.

5. But they are storing it on massive server farms.

6. Waiting:

7. They are patiently waiting for the day the first large-scale, fault-tolerant quantum computer comes online.

8. Unlocking (Decrypt Later):

9. On that day, they will feed this trove of historical data into the quantum computer.

10. Using Shor's algorithm, they will retroactively break the RSA and ECC keys that were used to encrypt it years or even decades earlier.

==This means that secrets that need to remain secret for 50 years—such as the identities of intelligence assets, national security vulnerabilities, or long-term financial strategies—are already at risk.==

The security of data is not determined by the cryptography of today, but by its vulnerability to the computers of tomorrow.

:::warning The SNDL threat makes the development of quantum-resistant solutions an urgent, present-day national security imperative.

:::

The people who truly understand this today are not enough in number.

No encryption on the Internet today will be safe unless Post-Quantum Cryptographic standards (PQC) are implemented.

As soon as humanly possible!

And what do we do about the billions of Bitcoin crypto available with public keys online?

:::warning The Bitcoin Community needs to decide today!

:::

The Quantum Doomsday Clock: Qubits and Timelines

\

The power of a quantum computer isn't just about the number of qubits; it's about their quality. This is the critical distinction between a physical qubit and a logical qubit.

\

• Physical Qubits:
• These are the actual hardware components.
• Today's physical qubits are extremely "noisy" and fragile, losing their quantum state in microseconds due to environmental interference.
• An algorithm as complex as Shor's would fail instantly on such a machine.
• Logical Qubits:
• This is the solution.
• A logical qubit is a stable, "perfect" virtual qubit made from thousands of physical qubits working together using Quantum Error Correction (QEC).
• This collective constantly checks for and corrects errors, allowing for long, complex calculations.

The critical question is: how many logical qubits are needed, and when will we have them?

\

• To Break RSA-2048 (The Internet Standard):
• A highly cited 2019 paper from Google researchers estimated it would take 2,048 logical qubits to factor a 2048-bit RSA integer in about 8 hours.
• This would effectively break the security of a vast portion of the internet.
• To Break Bitcoin (ECC):
• Bitcoin's secp256k1 elliptic curve is a harder target.
• Estimates suggest it would require approximately 4,098 logical qubits and billions of quantum operations.
• The milestone of 10,000 logical qubits is often used as a benchmark for a machine that could break Bitcoin's security quickly and reliably.

The Timeline to 2035-2040:

While we currently have zero true logical qubits, the roadmaps of industry leaders like Google, IBM, and specialized startups like PsiQuantum and QuEra are aggressively pursuing them.

The consensus in the field is that the engineering challenges are immense, but a breakthrough is a matter of "when," not "if."

Most expert projections place the arrival of a cryptographically relevant quantum computer (CRQC) in the 2035 to 2040 timeframe.

:::warning Given the SNDL threat, we are already well behind schedule in preparing our defenses.

:::

The Quantum Escape Plan – A New Generation of Cryptography

\

Fortunately, the mathematical community has been preparing for this day for over two decades.

The field of Post-Quantum Cryptography (PQC) involves designing new one-way functions based on mathematical problems believed to be hard for both classical and quantum computers.

The U.S. National Institute of Standards and Technology (NIST) has been running a global competition to standardize these algorithms, and the first winners have been chosen.

Here are the leading families of quantum-resistant cryptography:

1. Lattice-Based Cryptography

This is the front-runner and the big winner of the NIST competition (with algorithms like CRYSTALS-Kyber and CRYSTALS-Dilithium).

• Its security is based on the difficulty of finding the shortest vector (or closest point) in a vast, high-dimensional, and slightly "wobbly" geometric grid, or lattice.
• For a quantum computer, navigating this complex space to find the secret shortest path is believed to be an intractable problem.
• Due to its efficiency and strong security proofs, lattice-based cryptography is poised to become the new default standard for securing web traffic and general-purpose encryption.

2. Hash-Based Signatures

This is the most conservative and trusted approach.

• It builds security using only existing, well-understood cryptographic hash functions (like SHA-256), which are not vulnerable to Shor's algorithm.
• It works by creating a large tree of one-time-use keys.
• Its security is as solid as the hash functions themselves.
• The NIST standard is SPHINCS+.
• While incredibly secure, hash-based signatures are often large and "stateful" (the signer must remember which keys have been used), making them ideal for high-value, specific use cases like code signing or firmware updates, but less so for high-frequency transactions.

3. Code-Based Cryptography

This is the oldest family of PQC candidates, first proposed in the 1970s.

• It's based on the problem of error correction.
• A message is encoded into a very long string with a large number of deliberate "errors" added.
• The public key is the faulty encoding system, while the private key is the secret information needed to decode the message and correct the errors.
• The NIST standard is Classic McEliece.
• Code-based systems have withstood decades of scrutiny.
• Their main drawback is very large key sizes, which may limit their use in constrained environments, but they remain a solid option for applications where key size is not a primary concern.

4. Other Families

• Multivariate Cryptography:
• Based on the difficulty of solving a system of many non-linear equations with many variables.
• While still being researched, it has faced more successful attacks than other families.
• Isogeny-Based Cryptography:
• A newer approach based on finding a path between two elliptic curves.
• It was a promising candidate due to small key sizes, but a major breakthrough in 2022 broke a leading algorithm (SIKE), showcasing why the rigorous NIST vetting process is so crucial.

Securing Bitcoin – A Perilous Migration

\

Given these PQC tools, how does Bitcoin protect itself?

The path is clear, but fraught with danger.

The Ticking Time Bomb: Exposed Public Keys

As mentioned, the earliest Bitcoin wallets (including Satoshi Nakamoto's) have their public keys directly exposed on the blockchain.

:::warning These are the "low-hanging fruit" and will be the first to fall.

:::

Modern addresses are better protected by hashing, but are still vulnerable in the 10-minute window when a transaction is broadcast.

The Upgrade Process: The only viable solution is a network-wide upgrade to a quantum-resistant signature scheme, likely through a soft fork.

\

1. Integration:

2. Bitcoin developers would integrate a PQC algorithm, such as one based on hash-based signatures or a lattice-based scheme, into the protocol.

3. This would create new, quantum-resistant address types.

4. Mass Migration:

5. This is the most critical and dangerous phase.

6. Every Bitcoin user and institution would need to create a new, quantum-safe wallet and broadcast a transaction to move their funds from their old ECDSA address to the new PQC address.

7. The Race:

8. This migration must happen before a CRQC arrives.

9. Any funds left in the old addresses after "Q-Day" will be considered lost, as they will be trivial to steal.

10. This requires unprecedented community coordination and education.

:::tip It also requires awareness among every crypto holder and the anonymous holders (if they exist) of Satoshi Nakamoto’s Bitcoin billions - another reason for me to write this article.

:::

Conclusion

Shor's Algorithm is the ghost in the machine of our digital society.

It represents a fundamental paradigm shift in computation that invalidates the assumptions that have kept us safe for fifty years.

:::warning The threat is not just a distant, academic curiosity; the "Store Now, Decrypt Later" strategy makes it an active danger to long-term secrets today.

:::

The race is on.

On one side are the physicists and engineers pushing the boundaries of quantum mechanics, building machines that will one day unlock unprecedented scientific and computational power.

On the other are the cryptographers and developers building a new foundation of post-quantum security.

For Bitcoin, and for the internet itself, the transition will be the single greatest security upgrade in history.

It must be done proactively, methodically, and globally.

:::warning The quantum clock is ticking, and we have absolutely no time to waste.

:::

\

:::info Try to put no critical information on the Internet except with Post-Quantum Cryptographic Standards implemented, starting today.

:::

Are you being paranoid in doing so?

No.

You are aware and informed.

And if you hold Bitcoin, create awareness - worldwide!

:::warning The clock is ticking.

:::

References

1. Shor's Original Paper (1994):

• Shor, P. W. "Algorithms for quantum computation: discrete logarithms and factoring." (arXiv)

1. RSA and Public-Key Cryptography Explained:

• Khan Academy. "What is public-key cryptography?" (Khan Academy)

1. Quantum Resource Estimates:

• Gidney, C., & Ekerå, M. (2021). "How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits. (arXiv)

1. The "Store Now, Decrypt Later" Threat:

• Cloudflare. "Post-quantum cryptography and the impending security threat." Cloudflare Blog

1. Post-Quantum Cryptography (PQC) Standardization:

• NIST (National Institute of Standards and Technology): The official source for the selected PQC algorithms. NIST PQC Project Page

1. Bitcoin's Quantum Vulnerability:

• Aggarwal, D., et al. (2017). "Quantum attacks on Bitcoin, and how to protect against them." IACR ePrint Archive

  \

:::info Google Gemini 2.5 Pro was used in this article, available here.

:::

\ \