Quantum Computers and Cryptography: Assessing Real Threats and Repeating Decimal Timelines

In March 2026 meme, when news about advances in quantum computers spread, there is usually an urgent call to switch immediately to Post-Quantum cryptography. However, this concern often lacks balanced analysis and fails to distinguish between threats with fundamentally different characteristics. In reality, the risk of quantum computing to data encryption is urgent, but digital signatures like Bitcoin and features of Zero-Knowledge Proofs have properties that make them less vulnerable in terms of time constraints—problems tend to recur in cycles. Their urgency differs greatly from what media reports suggest.

This article aims to clarify common misconceptions about the HNDL (“Steal Now, Decrypt Later”) threat, which is still often misrepresented. It focuses especially on impacts within blockchain systems and provides balanced guidance for system operators.

Timeline: The Strange Gap from Technology to Application

The first question is: how long will it take before quantum computers can break widely used encryption systems?

While some companies claim 2030 or even 2035, the reality is more nuanced. Currently, “quantum computers related to cryptography” refer to systems capable of deviating from errors, running Shor’s Algorithm efficiently, and large enough to potentially break RSA-2048 or secp256k1 within acceptable timeframes (e.g., under one month).

Based on publicly available technology, we are still far from this goal. Current ion-trap, superconducting qubit, or neutral atom systems lack key components for serious use:

• Number of qubits: Although some physical systems exceed 1,000 qubits, this is misleading. No system has sufficient connectivity and fidelity for practical cryptographic computations.
• Error correction: Running Shor’s Algorithm requires logical qubits in the thousands, built from hundreds of thousands to millions of physical qubits via error correction. So far, no one has reliably operated more than a few logical qubits.
• Circuit depth: Shor’s Algorithm demands deep circuits with fault tolerance and non-Clifford gates, exposing a large gap between theoretical proof and practical implementation.

Scott Aaronson, a prominent computer scientist, notes that hardware progress is astonishingly rapid. He believes we might see fault-tolerant quantum computers before the next U.S. presidential election. However, he clarifies that he does not mean machines capable of breaking real cryptography, only small demonstrations like factoring 15 = 3×5.

HNDL Attacks: Who Is Truly at Risk?

The “Steal Now, Decrypt Later” (HNDL) attack involves an adversary capturing encrypted communications today and storing them until quantum computers can break the encryption. Political and intelligence agencies may record large volumes of encrypted data, especially for information needing confidentiality over 10–50 years. Delayed encryption should be upgraded immediately, regardless of cost.

However, encryption and digital signatures differ. Signatures are not secret; attackers can forge signatures after quantum computers exist, as long as they can prove the signature was created before. Such signatures remain valid. This means transitioning to Post-Quantum signatures is less urgent than upgrading encryption.

Many major platforms have begun using hybrid encryption schemes combining X25519+ML-KEM, and Chrome and Cloudflare have adopted this for TLS. Apple’s PQ3 and Signal also follow similar approaches. Yet, deploying Post-Quantum signatures in core infrastructure remains delayed due to high performance costs and implementation risks.

Zero-Knowledge Proofs (zkSNARKs) are similar to signatures. Although those based on elliptic curves are vulnerable to quantum attacks, their “zero-knowledge” property remains secure—no secret can be stolen and decrypted in the future. Therefore, zkSNARKs are not affected by HNDL threats.

Debunking Misconceptions: Different Risks for Encryption and Digital Signatures

Four main misconceptions fueling unnecessary paranoia are:

1. “Quantum Advantage” fabricated: Most current demonstrations are designed to fit existing hardware, not to produce real advantage. This is often overstated in publicity.
2. Confusion about “hundred-bit quantum”: Most claims refer to Quantum Annealers, not gate-model quantum computers capable of running Shor’s Algorithm.
3. Misunderstanding “logical qubits”: Some companies claim large numbers of logical qubits but only use error-detection codes (e.g., distance -2) that cannot correct errors, which is meaningless.
4. Fake roadmaps: Many plans specify “logical qubits” supporting only Clifford operations, which can be classically simulated and are insufficient for Shor’s Algorithm.

Blockchain and Bitcoin: Actual Risks and Technical Limitations

Most blockchains like Bitcoin and Ethereum rely more on digital signatures than on encryption. Therefore, they are not directly vulnerable to HNDL-style attacks in communication. The main quantum risk for Bitcoin is forging signatures (stealing coins), not decrypting transaction data, since the blockchain is public.

However, the transition is not trivial due to technical constraints:

• Slow upgrade process: Bitcoin changes slowly; disagreements can lead to hard forks, splitting the community.
• User-initiated migration: Users must actively move their Bitcoin holdings; “sleeping” or vulnerable coins are at risk. It’s estimated that billions of dollars worth of BTC face this threat.

Real quantum attacks on Bitcoin will not happen instantly but will be targeted and gradual. Attackers will choose high-value wallets and act stealthily.

Privacy-focused blockchains like Monero need urgent changes, as current encrypted data could be decrypted once quantum computers are available.

Costs and Risks: Why Gradual and Careful Transition Matters

Post-Quantum signatures incur significant efficiency costs. This explains why infrastructure (web, blockchain) should not rush to adopt them:

• Size issues: ML-DSA signatures are 2.4–4.6 KB, 40–70 times larger than elliptic-curve signatures. Falcon signatures are smaller (0.7–1.3 KB) but complex to implement.
• Security considerations: Lattice-based signatures are more secure and involve complex sampling logic, requiring side-channel protections and robust error handling. These risks are more immediate than quantum threats.
• Lessons from history: Algorithms like Rainbow (MQ-based) and SIKE/SIDH (elliptic curve isogeny) have been broken by classical algorithms, illustrating the danger of premature standardization.

Seven Actionable Recommendations

Based on the above analysis, the main guidance is:

01. Implement hybrid encryption immediately for long-term confidentiality and HNDL protection. Major players like Chrome, Cloudflare, iMessage, and Signal have already started.

02. Use hash-based signatures where possible (e.g., for software updates). Hash-based schemes offer “security margins” if quantum computers appear sooner than expected.

03. Blockchain upgrades should be planned, not rushed. Transition to Post-Quantum schemes should be based on research and testing, not on deadlines.

04. Follow PKI community caution. Developers should study how traditional internet PKI manages cryptographic transitions.

05. Bitcoin must start planning now—not because quantum computers are imminent, but due to slow governance, coordination challenges, and high management costs.

06. Invest in Post-Quantum SNARK research. Concerns about locking in unsuitable options apply equally to SNARKs and signatures.

07. Blockchain privacy protocols must adapt. Privacy schemes need redesigns to prevent HNDL attacks.

08. Design for flexibility. Modular architectures that separate signing methods from process logic allow easier transitions and support features like Sponsored Transactions and Social Recovery.

09. Prioritize operational security. For years, side-channel and fault-injection attacks pose greater threats than quantum. Invest in fuzz testing and formal verification now.

10. Support ongoing quantum research. From a national security perspective, continuous investment in quantum capabilities and workforce development is essential.

11. Stay informed about quantum developments. While progress is exciting, each milestone underscores how far we are from practical threats. Public reports should be viewed as progress updates, not urgent signals.

Summary: Balancing Caution and Rationality

The real risk of quantum attacks on cryptography exists but is likely 10–20 years away. Upgrading cryptography is necessary, but changing signatures and infrastructure should await more mature research and stronger implementations.

By understanding the different risks for encryption, signatures, and zkSNARKs, we can allocate resources wisely and avoid unnecessary panic driven by premature alarm.