In 1994, the American mathematician Peter Shor was able to show that quantum computers, which were still hypothetical at the time, could greatly accelerate the decomposition of prime factors. Thus, the security of asymmetric encryption is no longer guaranteed. New encryption methods have to be developed that can withstand the quantum computers: Post-quantum cryptography is needed.

It is not possible to wait until the new computers are ready for use and then solve the security problems they raise. For one thing, the development of cryptographic procedures takes time. On the other hand, data sometimes have a long life span. If their confidentiality has to be guaranteed for decades, it is essential to develop an idea today of what tools will be available to an attacker in ten or twenty years’ time. Moreover, it cannot be ruled out that malicious actors are already hoarding encrypted data today in order to read them in plain text later, when quantum computers become available.

The fact that the dangers that quantum computers pose to cryptography have been discussed for a long time, and that it may take a long time before these dangers become real, weakens the awareness of the problem in some places; this “long time and not for a long time” lends many people a false sense of security. But the task of dealing with post-quantum cryptography can no longer be put off any longer.

“The danger is acute,” says the introduction to a report published in April by the American consulting firm Rand Corp. “Quantum computers pose a threat to every government agency, all critical infrastructures and all branches of industry.” This is a new type of threat that is not comparable to conventional security problems. It is directed against the very foundations of the Internet. It threatens to be a “quantum disaster”, an author of the study told journalists. The German Federal Office for Information Security (BSI) also sees an “acute need for action” with regard to post-quantum cryptography.