Quantum computing holds the potential to solve immense challenges facing humanity, from global logistics forecasting and synthesizing new materials via chemistry simulations, to exponentially expanding the training capabilities of artificial intelligence models. While the reduction in computational effort and time savings offered by quantum computing is highly promising, a new frontier of cybersecurity risk accompanies this emergent technology. Where organizations once felt safe and secure in the cryptographic protections offered by contemporary encryption algorithms, they must now wonder how long their protection strategy will remain intact—both for on-premise data and data presently encrypted using at-risk algorithms but is in the hands of cyber threat actors. This article will briefly explore some of the cybersecurity considerations businesses may contend with as 2025 unfolds and as Quantum Computing as a Service increases in both short-term adoption and long-term maturity.

Recent Uses of Quantum Computers in a Cybersecurity Context

While the University of Shanghai in China has recently claimed to have compromised a 50-bit RSA key in early 2024, this is a significant stretch toward compromising a 2048-bit RSA key. RSA publicly challenged these findings, providing linked resources to the United States National Institutes of Standards and Technology (NIST), which stated contemporary public key encryption methods are expected to remain secure up to 2030. Businesses should familiarize themselves with the following quantum-resistant encryption algorithms, digital signature, and hashing standards, and create a roadmap to implement these standards sooner rather than later:

● FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard

● FIPS 204: Module-Lattice-Based Digital Signature Standard

● FIPS 205: Stateless Hash-Based Digital Signature Standard

FIPS 203, FIPS 204, and FIPS 205 introduce advanced cryptographic standards designed to enhance key establishment and digital signature security in the face of emerging threats like quantum computing. FIPS 203 specifies the Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), a secure key establishment scheme derived from the CRYSTALS-KYBER submission, improving upon current NIST standards based on discrete logarithm and integer factorization cryptography. FIPS 204 and FIPS 205 focus on digital signatures, with FIPS 204 introducing the Module-Lattice-Based Digital Signature Algorithm (ML-DSA) from CRYSTALS-Dilithium and FIPS 205 specifying the Stateless Hash-Based Digital Signature Algorithm (SLH-DSA) from SPHINCS+. These standards provide stronger defenses against quantum threats compared to existing NIST-approved schemes. NIST may further expand these options with a FALCON-derived digital signature algorithm.

Quantum Risks of Password Cracking or Guessing

Most modern authentication systems secure passwords using symmetric key encryption algorithms like the Advanced Encryption Standard (AES), which is currently not anticipated to be at short-term risk from quantum computers. The risk to password security in the context of quantum attacks largely depends on the security posture presently adopted by the organization.

"As quantum computing evolves, organizations must act decisively to mitigate the associated cybersecurity risks while capitalizing on its transformative potential."

Consider Grover's quantum algorithm, which can reduce the effective security strength of symmetric encryption and cryptographic hashes, such as those used in password storage systems, by half.

For example, AES-256-bit encryption may only provide the equivalent protection of AES-128-bit encryption in a quantum-enabled environment. Common password hashing algorithms like SHA-2 and PBKDF2 would require doubling the hash length to maintain their current levels of security. This exponential reduction in protective strength highlights the urgency for transitioning to post-quantum cryptographic standards or exploring and doubling current encryption standards where possible (i.e., AES-256 to AES-512).

While quantum computers do not inherently accelerate password-guessing attacks due to typical online login rate limits and mitigation techniques, they excel in pattern recognition and behavioral analysis. This makes them potentially adept at predicting likely passwords based on human behavior, such as common patterns or frequently used characters. A quantum-enabled guessing algorithm could prioritize more probable passwords, improving success rates without increasing the number of attempts. To counter this, individuals and organizations should adopt fully random, complex passwords that defy prediction. In both guessing and hash-cracking scenarios, embracing quantum-resistant cryptographic practices will be essential to future-proof security systems against the evolving capabilities of quantum computing.

Making Critical Infrastructure Quantum-Resistant

Hosted hardware security modules (HSMs) transform how organizations manage sensitive cryptographic keys to protect their critical infrastructure. Offering scalability and low barriers to entry, hosted HSMs allow businesses to offload the complexities of key management to specialized providers with advanced security measures, such as tamper-resistant hardware and stringent access controls. These solutions are particularly advantageous for regulated industries like finance, healthcare, and government, which face strict compliance requirements. Modern cloud-based HSM providers also deliver FIPS-certified services with low-latency guarantees, removing the need for physical infrastructure, maintenance, and specialized personnel. By pairing hosted HSMs with quantum-resistant algorithms, organizations gain a flexible, cost-effective solution that aligns with business security requirements, operational efficiency, and regulatory demands.

As quantum computing evolves, organizations must act decisively to mitigate the associated cybersecurity risks while capitalizing on its transformative potential. The shift toward quantum-resistant cryptographic standards, such as FIPS 203, 204, and 205, offers a pathway to safeguarding critical systems and data from future quantum threats. By adopting advanced encryption algorithms and integrating scalable solutions like hardware security modules (HSMs), businesses can enhance their resilience against emerging quantum threats. This proactive approach ensures that encryption strategies remain robust, even as quantum computing matures and becomes more accessible to the general populace. Embracing these measures today protects sensitive assets while positioning organizations as forward-thinking leaders in the digital security landscape.