- Harvest-now-decrypt-later attacks are happening today: adversaries collect encrypted data with the intent to decrypt it when quantum computers arrive
- RSA and ECC — the encryption standards protecting most business data today — are vulnerable to quantum attack
- NIST standardised ML-KEM-768 (formerly CRYSTALS-Kyber) as the primary post-quantum key encapsulation mechanism in 2024
- HubSecure implements ML-KEM-768 via HydraShield, a proprietary Rust cipher suite, across Mail, ShieldChat, IoT, and Sheets modules
When security professionals talk about post-quantum encryption, the conversation often gets technical quickly — lattice-based cryptography, key encapsulation mechanisms, polynomial rings. For business decision-makers, that technical depth can make the topic feel abstract and distant.
It is not distant. The threat is active today, and the window for proactive response is closing.
What harvest-now-decrypt-later means for your data
The assumption underlying most current encryption is that even if an adversary captures your encrypted data today, they cannot decrypt it without the private key. RSA-2048 and elliptic curve cryptography (ECC) are computationally infeasible to break with classical computers — the mathematics require factoring numbers so large that even the most powerful classical supercomputers would take millions of years.
Quantum computers do not use classical computation. Shor's algorithm, running on a sufficiently powerful quantum computer, can factor the large numbers that underpin RSA and solve the discrete logarithm problem that underpins ECC — in polynomial time. RSA-2048 and ECC-256, which protect the majority of encrypted business data in use today, would become breakable.
The harvest-now-decrypt-later attack: Nation-state actors and sophisticated criminal groups are collecting encrypted data today — financial records, legal communications, client files, intellectual property — with no ability to read it yet. When quantum computers capable of breaking RSA and ECC become available, that archive of captured data becomes readable. Data encrypted with today's standards and captured today will not be safe in 2033.
For regulated businesses, this is not theoretical. Client communications and financial records often carry confidentiality obligations that extend 5, 10, or 20 years. A law firm's privileged communications from 2026, encrypted with RSA, may be decryptable by 2034. The obligation of confidentiality does not expire when the encryption breaks.
The quantum computing timeline
- 2024NIST finalises the first post-quantum cryptography standards: ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205). The standardisation process is complete.
- 2025Major cloud providers begin offering post-quantum TLS options. US federal agencies begin mandatory migration planning under NSA CNSA 2.0 guidance.
- 2026NIST recommends that all new systems implement post-quantum cryptography. Migration from legacy algorithms begins in earnest across critical infrastructure.
- 2030Estimated earliest date for "cryptographically relevant quantum computers" capable of breaking RSA-2048, per conservative estimates from national security agencies.
- 2035Upper bound of most mainstream estimates. Some researchers and agencies cite earlier dates depending on investment trajectories and technical breakthroughs.
What ML-KEM-768 is and why NIST selected it
ML-KEM-768 (Module Lattice-based Key Encapsulation Mechanism, security level 3) is the NIST-standardised post-quantum key encapsulation mechanism, formerly known as CRYSTALS-Kyber. It is based on the hardness of the Module Learning With Errors (MLWE) problem — a mathematical problem that is believed to be resistant to both classical and quantum attack.
NIST selected ML-KEM as the primary standard for key encapsulation after a seven-year public evaluation process involving cryptographers from around the world. The selection criteria included security proofs, resistance to implementation attacks, and performance characteristics compatible with real-world deployment. ML-KEM-768 provides a security level equivalent to AES-192 against both classical and quantum adversaries.
For business use, the relevant characteristics are: it is fast (faster than RSA in most implementations), it produces small ciphertexts compatible with existing network infrastructure, and it is supported by a formal NIST standard with a published security proof.
How HubSecure implements post-quantum encryption
HubSecure uses HydraShield, a proprietary post-quantum cipher suite written in Rust, to implement ML-KEM-768 key encapsulation across modules that handle sensitive communications and data. Rust was chosen for its memory safety guarantees and performance characteristics — both critical for cryptographic implementations where bugs can silently undermine security.
Secure Mail
End-to-end encrypted client communications use ML-KEM-768 for key exchange, ensuring that messages captured today cannot be decrypted by future quantum adversaries.
ShieldChat
Internal team messaging is protected with post-quantum key encapsulation, providing forward secrecy against quantum attack for all team communications.
IoT Module
Device-to-platform communications use HydraShield encryption, protecting sensor data and device commands from interception and future decryption.
Sheets
Sensitive data stored in the Sheets module is protected with AES-256-GCM combined with ML-KEM-768 key encapsulation — a hybrid classical/post-quantum approach.
HydraShield uses a hybrid approach for the transition period: classical algorithms (AES-256-GCM for symmetric encryption) combined with ML-KEM-768 for key exchange. This hybrid design means that security is maintained even if a vulnerability is discovered in the post-quantum algorithm — the classical layer remains intact, and vice versa.
Why your competitors are not doing this yet
Post-quantum cryptography migration is technically complex and requires changes at the infrastructure level — not just the application layer. Most software vendors are still running on RSA and ECC key exchange because the migration cost is high, the immediate business pressure is low, and the quantum threat feels distant.
This creates a window in which early adopters gain a genuine competitive advantage in regulated and security-conscious markets. For clients in legal, financial, healthcare, and government sectors — sectors where confidentiality obligations extend decades — the question "how are you protecting our data against the quantum threat?" is already being asked in procurement processes.
The compliance trajectory: NIST has completed its post-quantum standards. NSA has issued CNSA 2.0 guidance requiring post-quantum migration for national security systems. EU agencies are producing similar guidance. Regulatory requirements for post-quantum cryptography in regulated sectors are a matter of when, not if. Being ahead of the requirement is easier than retrofitting after it arrives.
Learn about HubSecure security
Read about HydraShield, our post-quantum cipher suite, and how HubSecure protects client data across all modules.
Security and trust centerRelated posts
Why Regulated Companies Need Governed AI, Not Just AI · Why European Companies Should Stop Sending Client Data Through US Cloud Tools · NIS2 Compliance Checklist: How HubSecure Covers Every Requirement · Proof by Default: How Automatic Evidence Creation Replaces Audit Scrambles