Post-Quantum Cryptography: What Every Investor Needs to Know

The encryption holding your data together is running out of time

Most investors hear "quantum computing" and picture a research lab doing interesting science at some future date. Post-quantum cryptography sits in a different category. It's not a future concern — it's an active procurement and regulatory story, backed by government mandates, measurable market growth, and a class of attack that is already underway.

This is what you need to understand before you walk into a meeting where someone mentions it.

Why the encryption you rely on today is mathematically fragile

RSA and elliptic-curve cryptography (ECC) underpin almost every secure transaction on the internet: your banking app, your broker's trading portal, every HTTPS connection your browser makes, and the digital signatures inside the share registry. They work because factoring a very large number into its prime components is, on a classical computer, computationally prohibitive. Breaking RSA-2048 on a standard machine would take longer than the age of the universe.

A sufficiently powerful quantum computer changes that entirely. In 1994, mathematician Peter Shor published an algorithm showing that a quantum machine could factor large numbers exponentially faster than classical hardware. What takes thousands of years classically could, in theory, be solved in hours to minutes on a powerful enough quantum system. RSA and ECC don't survive that.

The open question is timing. Most expert projections place a cryptographically relevant quantum computer — one capable of breaking RSA-2048 in practice — somewhere in the 2030s. But that timeline is uncertain and subject to revision in either direction. The widely cited Gidney & Ekerå 2019 paper estimated roughly 20 million physical qubits would be needed to break RSA-2048. Subsequent research has trended toward lower estimates, with some more recent papers suggesting the required qubit count may be significantly smaller — though these figures remain contested and, in some cases, not yet peer-reviewed. Readers evaluating specific claims in this space should seek out the underlying papers and treat preprint figures as directional rather than settled. These estimates have generally moved downward, but the pace and endpoints remain genuinely uncertain.

For investors evaluating companies or infrastructure that rely on long-lived data security, the exact date matters less than the direction.

What post-quantum cryptography actually is

Post-quantum cryptography (PQC) is a set of mathematical problems believed to be hard for quantum computers to solve, even with Shor's algorithm or its variants. Where RSA relies on integer factorization, PQC standards are built on a different class of mathematics entirely.

The three main families are:

Lattice-based cryptography. This is the dominant approach in current PQC deployment. The underlying security comes from the difficulty of finding short vectors in high-dimensional mathematical structures called lattices. Two of the three finalized NIST standards use lattice-based problems. They're fast, compact, and currently the most widely adopted approach in commercial deployment.

Hash-based cryptography. Security here comes from the one-way properties of cryptographic hash functions. These have been studied for decades and are considered extremely conservative choices, meaning there's no credible attack path even in a post-quantum world. The tradeoff is larger signature sizes. One NIST standard — SLH-DSA, formerly known as SPHINCS+ — uses this approach.

Code-based cryptography. Built on the difficulty of decoding random linear error-correcting codes. This family has a long academic history and is considered a strong backup to lattice approaches. NIST is developing additional standards drawing on code-based problems as diversification against any future breakthrough in lattice mathematics.

The goal of PQC is not to defeat quantum computers with faster classical math. It's to replace the mathematics that Shor's algorithm breaks with mathematics it can't touch.

NIST finalized the first three standards in August 2024

After an eight-year evaluation process involving researchers from across government, industry, and academia worldwide, NIST finalized its principal set of PQC standards in August 2024. The three published standards are:

• ML-KEM (FIPS 203): The primary key encapsulation mechanism for general encryption, based on CRYSTALS-Kyber. This is the lattice-based algorithm most likely to appear in TLS connections, VPN tunnels, and cloud key management first.
• ML-DSA (FIPS 204): A digital signature standard based on CRYSTALS-Dilithium. Used for authentication, code signing, and certificate validation.
• SLH-DSA (FIPS 205): A hash-based signature standard based on SPHINCS+. More conservative and slower but considered an important fallback if lattice approaches face unexpected attacks.

NIST is encouraging system administrators to begin migration now. A fourth standard, FN-DSA (based on FALCON), was in late-stage drafting at the time of publication.

The release of these standards is a regulatory starting gun. It triggered mandatory compliance timelines for US federal agencies and shaped procurement requirements for vendors serving government contracts. The EU, through its coordinated PQC roadmap backed by 21 member-state cybersecurity agencies, has set 2030 as the migration deadline for critical infrastructure. NSA guidance under CNSA 2.0 mandates PQC deployment for new classified systems by 2027 and full transition by 2035.

For investors, the NIST standards matter because they end the "wait and see" posture. There is now an approved, auditable standard to migrate to. The question for any organization is whether they've started.

The attack that's already happening: harvest now, decrypt later

This is the part of the PQC conversation that removes the luxury of waiting.

Adversaries do not need a quantum computer today to begin exploiting quantum-era vulnerability. They only need access to encrypted data that will still be valuable when quantum decryption becomes practical. The strategy is simple: collect encrypted traffic now and archive it. When quantum hardware matures, decrypt it retroactively.

This is known as a "harvest now, decrypt later" (HNDL) attack. Sensitive communications captured in 2026 could be decrypted in the early 2030s if a cryptographically relevant quantum machine arrives on the timelines most researchers currently project. The breach isn't visible when the data is stolen. It becomes visible years later, when the encryption protecting it collapses.

HNDL doesn't require a sophisticated quantum actor at the point of theft — it requires any actor capable of a conventional network intrusion and the patience to sit on the payload. Threat intelligence consistently shows that enterprise network intrusions can progress to data exfiltration in a matter of hours, underscoring how little time defenders have once a network is breached.

The categories most exposed are those where data has a long shelf life: government communications, financial records, healthcare data, intellectual property, and legal documents tied to mergers or capital raises. A merger negotiation conducted over encrypted channels today could, if harvested, be decrypted years later. For intelligence agencies, HNDL is a documented threat posture, not a hypothetical scenario.

Industry surveys consistently find that awareness of quantum risk among security professionals far outpaces the existence of defined quantum strategies within organisations. That gap between awareness and preparation is where exposure accumulates.

Migration timelines are longer than most organizations expect

This is where the urgency becomes very concrete for investors evaluating enterprise technology companies, financial infrastructure, or listed companies managing complex IR obligations.

Industry and government guidance — including from DHS, CISA, and NIST — suggests that PQC migration is a multi-year undertaking for most organisations, with complexity scaling significantly for larger enterprises carrying legacy infrastructure. NIST projects 5–10 year adoption cycles for critical infrastructure, with early adopters in financial services and government targeting completion by 2027–2030.

For a company that hasn't started, the arithmetic is uncomfortable. If a cryptographically relevant quantum computer arrives in 2032 and migration takes many years for a medium or large enterprise, organisations that delay are narrowing their margin considerably.

Cloud providers have moved faster than most. Major providers — AWS, Google Cloud, and Microsoft Azure — have announced hybrid TLS support and are targeting full PQC migration by 2028–2030. Microsoft has publicly disclosed work on integrating quantum-safe key encapsulation into Azure services, though readers should verify the current status of specific products against Microsoft's official documentation, as rollouts are staged and subject to change. These hybrid approaches layer PQC algorithms alongside classical encryption during the transition period, giving forward secrecy against harvested traffic while maintaining backwards compatibility with existing systems. Under NSA guidance, software and firmware signing and cloud services were expected to begin adopting quantum-resistant algorithms from 2025, with broader network infrastructure transitions under way in 2026.

For IR leads managing listed companies, the compliance dimension is real. The EU's Digital Operational Resilience Act has required active monitoring of quantum risk from all EU financial entities since January 2025. US federal agencies faced a statutory migration deadline that, as of mid-2026, remains partially unresolved at the guidance level, creating compliance uncertainty for contractors and financial institutions.

The market this creates: a multi-billion-dollar migration cycle

The numbers reflect a transition that is structural, not speculative.

Market estimates vary significantly by methodology and scope, and readers should treat individual forecasts with appropriate caution. Published projections from various research firms suggest the PQC market could grow from a base in the hundreds of millions of dollars in 2025 to somewhere between $4 billion and $19 billion by the early-to-mid 2030s, with compound annual growth rates estimated anywhere from roughly 39% to approximately 50% depending on the firm and what is included in scope. The wide variance between forecasts reflects genuine uncertainty about adoption pace and how the market boundary is defined — not a consensus signal. Lattice-based schemes, led by ML-KEM and ML-DSA, are broadly expected to represent the largest share of early commercial deployment given their role as the primary NIST-standardised algorithms. Cloud-hosted PQC implementations are tracking at a faster growth rate as hyperscalers embed quantum-safe services into managed offerings.

Federal cybersecurity budgets — spanning IT modernisation, agency compliance mandates, and defence procurement — represent a potential tailwind for PQC vendors, though a precise aggregate figure specifically ring-fenced for PQC transition is not readily available from public budget documents. The direction of government commitment is clear; the exact dollar quantum is harder to isolate.

For investors, the categories worth watching are:

• Hardware security modules (HSMs): Every HSM in every financial institution will require an upgrade or replacement to support PQC algorithms. This creates a predictable hardware refresh cycle across banking, payments, and securities infrastructure.
• PKI and certificate management: Every TLS certificate, code-signing certificate, and digital identity in a large enterprise links back to a public key infrastructure. Vendors managing that lifecycle at scale — and who have already updated for FIPS 203–205 — are well-positioned.
• Cloud key management: The hyperscalers are embedding PQC as a managed service. Organizations that lack deep cryptography expertise will consume PQC via cloud APIs, not on-premise deployments, accelerating the cloud provider advantage.
• Consulting and migration services: The skills gap is acute. Organizations increasingly rely on external consulting, integration, and migration expertise to navigate the transition, making services a faster-growing segment than solutions alone.

What this means if you're evaluating a deep tech or fintech investment

Four questions that belong in due diligence if the company handles sensitive data at scale:

Has the company completed a cryptographic inventory? Most organisations don't know every place RSA or ECC appears in their stack. A company that can't answer this question hasn't started.

Is there a documented migration roadmap with ownership? NIST standards are published. Migration timelines exist. A company with no roadmap is carrying undisclosed technical debt.

What's the data retention profile? A company storing financial records, health data, or regulated IP for 10+ years faces HNDL exposure that begins today, not at Q-Day.

Are cloud dependencies PQC-ready? If the company uses AWS, Azure, or GCP for key management, the hyperscaler's PQC roadmap directly affects the company's risk profile. Hybrid TLS support is available. The question is whether it's switched on.

None of this requires a company to have completed migration today. It requires evidence that the problem is understood and owned.

The bottom line

Post-quantum cryptography is not a technology story about a computer that doesn't exist yet. It's a migration story about a known mathematical vulnerability, a published set of standards to fix it, and a class of attack — harvest now, decrypt later — that makes the clock run from today, not from Q-Day.

The NIST standards published in August 2024 ended the waiting period. The migration cycle is active. Industry forecasts, while varying widely in their specific figures, consistently project strong double-digit annual growth from a base that is already in the hundreds of millions of dollars. Regulators in the US, EU, and beyond have published timelines with teeth.

For investors in financial infrastructure, listed deep tech companies, and enterprise SaaS, the PQC transition is a source of both capital allocation opportunity and due diligence risk. The companies that understand what they're sitting on will be better positioned on both sides of that equation.

Infrairis helps deep tech and B2B companies turn complex technical stories into 60-second explainers that investors, buyers, and regulators can actually act on. If your product involves cryptography, hardware security, or any technical concept that loses the room in the first 30 seconds, start the conversation at startups.infrairis.com.