Security experts have long had the idea that quantum computers could one day help threat actors dismantle today’s encryption systems.
With the advancements currently going on in quantum development, that day may no longer be far off. In a bid to secure its infrastructure early, Microsoft has introduced what it calls Quantum Safe Program (QSP) – a company-wide initiative that includes adopting protections for quantum capabilities with a deadline set for 2033.
Microsoft describes this approach as a blueprint for weaving quantum-resistant cryptography into its products and services long before the quantum technology reaches maturity. While experts at Deloitte believe large-scale quantum computing may not arrive until 2030 or later, the long timelines involved in updating global security infrastructure mean preparations must begin now.
Key Takeaways
- Quantum computers can break current encryption and threaten digital security.
- Microsoft’s Quantum Safe Program sets a 2033 deadline and plans phased adoption of quantum-resistant cryptography.
- The “harvest now, decrypt later” threat makes early adoption of quantum-safe security solutions critical.
- NIST and NSA standards guide post-quantum cryptography, and companies like Microsoft and Apple already implement these protocols.
- Enterprises that plan and integrate quantum protection now will reduce risks and improve resilience before large-scale quantum computing arrives.
Why Quantum Attacks Demand Attention
Although quantum computing remains in its early development, its national security and economic implications have rapidly gained traction. According to a survey by the Global Risk Institute, approximately 46% of experts believe there’s more than a 5% likelihood of a quantum threat emerging within just a decade.
This rising concern comes from the realization that adversaries could engage in “harvest now, decrypt later” (HNDL) attack – a concept in which they can accumulate encrypted data now to decrypt when quantum capability matures, in what is known as the Q-Day.
This quantum risk has been tested and considered potent by research conducted by a group of scientists from Shanghai University. Based on the study, which was published in the Chinese Journal of Computers, the researchers claim they have successfully used a D-Wave quantum annealing machine to develop an attack on some classical encryption algorithms, particularly on SPN-based algorithms such as AES variants.
Though the researchers did acknowledge that limitations would hamper, at least for now, a full-on quantum hack, the experiment itself has shown great danger that lies ahead.
If there is anything organizations, including governments and financial institutions, should learn, it is the urgency to adopt post-quantum cryptography, quantum-safe security, and quantum-resistant cryptography well before Q-Day arrives.
The Post-Quantum Arms Race Has Begun
The US Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Security Agency (NSA) and National Institute of Standards and Technology (NIST), has advised organizations to begin planning their transition to “Quantum Readiness.” This should become a fundamental part of their security and business continuity strategies.
- FIPS 203 (CRYSTALS-Kyber) for key establishment mechanisms
- FIPS 204 (CRYSTALS-Dilithium)
- FIPS 205 (SPHINCS+) for digital signature algorithms
With the NSA CNSA 2.0 roadmap for full quantum readiness expected to elapse by 2035, organizations are now racing to achieve post-quantum resilience before the deadline.
Microsoft, for instance, is aiming for early adoption of quantum-safe capabilities in its products and services by 2029 and a full transition by 2033, two years ahead of the NSA CNSA 2.0 roadmap for quantum readiness completion.
In the meantime, the tech giant has released these PQC capabilities early to some Windows and Linux users, to enable its customers to test them and identify any potential challenges.
Apple has also deployed PQ3, a hybrid quantum-resistant protocol in iMessage, which is one of the first mass-market deployments of PQC.
Inside Microsoft Quantum Safe Program Strategy
To prepare its ecosystem before Q-Day, Microsoft has set up an initiative aimed at unifying and accelerating the efforts to protect its infrastructure from the evolving risk of quantum computing.
Microsoft said in a blog post:
“Our QSP is a comprehensive and company-wide effort to enable Microsoft, our customers, and partners, to transition smoothly and securely into the quantum era. The program is governed by the QSP leadership team with representatives across all major business groups, research and engineering divisions, and functions.”
Microsoft stated that its roadmap aims to complete this transition by 2033, with early adoption beginning at least by 2029.
The company outlines three phases in its roadmap:
1. Foundational Security Components
Launched in 2024, this phase integrates post-quantum cryptography directly into SymCrypt, the core cryptographic library for Windows, Azure, and Microsoft 365.
SymCrypt now supports ML-KEM for key encapsulation and ML-DSA for digital signatures, alongside traditional algorithms like AES, RSA, and ECDSA. Hybrid implementations in TLS 1.3 provide quantum-proof encryption against “harvest now, decrypt later” threats, giving enterprises a first look at quantum-safe cryptography in practice.
2. Core Infrastructure Services
The second phase will bring updates to Microsoft’s core security services, including Entra authentication, key and secret management, and signing services.
Getting these systems reinforced early ensures that Microsoft’s most sensitive infrastructure benefits from quantum-safe security solutions ahead of the broader rollout.
3. All Services & Endpoints
This final phase is all about full integration across the Microsoft ecosystem, from Windows, Azure, data platforms, and Microsoft 365 to AI platforms and networking services. According to the Windows maker, this will deliver quantum-safe security solutions to enterprises and individuals worldwide.
The Bottom Line
Quantum computers may not be here yet, but concerns about their potential capabilities have created many uncertainties around their ability to decrypt current encryption systems.
Microsoft’s Quantum Safe Program offers a roadmap through the uncertainty. However, the main challenge for the enterprises is not just to adopt new quantum-safe tools, but to ensure these cryptography changes actually work with their existing systems and risk models.
With this kind of momentum, organizations that get involved now are likely to shape how secure digital infrastructure evolves over the next decade.
FAQs
Quantum computers are powerful enough to break today’s encryption algorithms. As such, they can be used by threat actors to break into protected data.
They can get started by taking stock of their cryptographic assets, adopting NIST-approved PQC algorithms, and testing quantum-safe integrations to ensure a smooth transition before quantum computing reaches full maturity.
This is an attack in which adversaries collect encrypted data today with the intention of decrypting it once quantum computers become powerful enough to break current algorithms.
According to NIST and NSA roadmaps, full adoption is expected by the mid-2030s. Though major providers like Microsoft and Apple have started pushing early quantum-resistant cryptography.
