Today is World Quantum Day.
April 14. 4.14. The first three digits of Planck's constant — a number so fundamental to physics that an international community of scientists chose it to anchor a global celebration of quantum technology.
Most of the conversation today will center on the future: when will quantum computers break encryption? What's the qubit count needed to crack RSA-2048? How far away is cryptographically relevant quantum computing?
Those are the wrong questions. The threat isn't waiting for Q-Day.
The Attack That's Already Happening
In cryptography circles, it's called "harvest now, decrypt later." The attack is conceptually simple and operationally trivial for a well-resourced adversary.
You collect encrypted data today — VPN traffic, API payloads, authentication tokens, bulk data transfers, anything you can capture off the wire. You store it. And you wait. When quantum computers become capable enough to break classical encryption, you decrypt everything you've been holding.
This isn't theoretical. The NSA called it out in 2022. CISA has issued repeated warnings. Nation-state adversaries optimized for 10-to-20-year strategic plays have every incentive to be running harvest campaigns right now against data that will still be sensitive in a decade.
Medical records. Financial transactions. Classified communications. Intellectual property. Authentication credentials to systems that will still exist. If the data is worth something in 2035, it's worth harvesting in 2026.
What NIST Finalized in August 2024
The National Institute of Standards and Technology published three finalized post-quantum cryptography standards last August — the result of a global competition that began in 2016 with dozens of candidate algorithms evaluated, broken, refined, and re-evaluated over eight years.
Key encapsulation mechanism. Replaces RSA and elliptic-curve Diffie-Hellman for key exchange and encryption. The workhorse of the PQC stack.
Digital signature algorithm. Replaces RSA and ECDSA signatures for code signing, authentication, and document signing workflows.
Hash-based digital signature. A conservative backup built on different mathematics than ML-DSA — for defense in depth against lattice-based vulnerabilities.
A fourth algorithm — HQC, based on error-correcting codes — is in draft and expected to finalize in 2027, providing a second key encapsulation mechanism with different mathematical assumptions than ML-KEM.
These are not proposals. They're done. The mathematics is settled. The migration has a destination. The question is whether organizations are moving toward it.
Nine Years Is Not a Long Time
NIST's guidance calls for quantum-vulnerable cryptographic algorithms — RSA, elliptic curve cryptography, and Diffie-Hellman — to be deprecated by 2035. For organizations running modern, cloud-native infrastructure with good crypto agility, nine years may be manageable. For everyone else, it's not.
Consider what a full cryptographic migration actually requires:
Y2K remediation took a decade of organized global effort — and that was a simpler problem with a hard, visible deadline. PQC migration is more complex, more distributed, and the deadline isn't a power outage. It's a quiet key that finally breaks.
Third-party dependencies you don't control. Your infrastructure is only as quantum-resistant as your least-upgraded component. Certificate authorities. Hardware security modules. SaaS platforms. IoT devices that can't be patched over the air. VPN gateways running firmware that hasn't been updated in three years. Many of them are outside your direct control — and their PQC timelines may not align with yours.
Algorithm migration across every layer. TLS 1.3 libraries will need PQC cipher suites. Code signing pipelines need new signature schemes. Secrets management systems need to support ML-KEM key wrapping. Document signing workflows need ML-DSA or SLH-DSA. None of this happens automatically. All of it requires engineering work, testing, and staged rollout — across systems that may be running 24/7.
Vendor readiness verification. Enterprise procurement increasingly requires PQC roadmap commitments from vendors handling sensitive data. If you don't know your vendors' PQC status, you don't actually know your own exposure.
What to Do Today
World Quantum Day is a useful forcing function. Not to panic — but to start. Here's the concrete four-step sequence that security teams should be running:
Run a cryptographic discovery
Identify every place in your environment where RSA, ECC, or DH is in use. TLS certificates, code signing keys, SSH keys, API authentication mechanisms, database encryption, secrets vaults. Build the inventory. It will be larger than you expect. Most organizations find cryptographic usage in places engineering teams have no visibility into.
Assess your crypto agility
How quickly could you replace a cryptographic algorithm across your stack if you had to? Organizations with centralized key management, abstracted crypto libraries, and well-documented certificate management will migrate faster. Organizations with crypto scattered across application code, embedded in hardware, and managed by a dozen different teams will struggle. Know which category you're in before the urgency arrives.
Engage your vendors on PQC timelines
Ask your critical vendors — cloud providers, SaaS platforms, security tools — what their PQC migration timeline looks like. Which products support hybrid PQC/classical key exchange today? What's on the roadmap for ML-KEM readiness? Vendor readiness is now a supply chain risk question, and it belongs in your procurement conversations now.
Prioritize long-lived sensitive data first
Not all data carries the same harvest-now risk. Data that will still be sensitive in 10 years — healthcare records, financial data, intellectual property, government communications, authentication credentials — is highest priority. Start your migration posture analysis there. Not everything needs to migrate at once, but the highest-value targets do.
The Shift That's Already Happening
Some organizations aren't waiting.
The US government mandated PQC migration for all federal systems by 2035, with critical systems prioritized earlier. Financial services firms are running PQC pilot programs. Cloud providers have begun rolling out hybrid key exchange in TLS. Browser vendors have already shipped initial PQC support in production releases. NIST itself operates a hybrid TLS deployment today.
The ecosystem is moving. The standards are finalized. The mathematical threat is real and present in the form of harvest campaigns against data that will outlive today's encryption.
The only question left is whether your organization is moving with it — or waiting for Q-Day to force your hand, when the harvest has already been collected and the adversary's only remaining task is to decrypt.
World Quantum Day is 4.14. The first three digits of Planck's constant.
The PQC migration clock started in August 2024.
Both numbers matter. Only one is actionable today.