What is the difference between Q-Day and a quantum attack?

Q-Day is the point at which a quantum computer powerful enough to break current asymmetric encryption algorithms becomes operational. A quantum attack refers to the act of using that capability to compromise security systems. But it is essential to understand that Q-Day is not a prerequisite for action. The HNDL strategy means adversaries are already collecting encrypted data today, with the intent to decrypt it once a quantum computer is available. The threat is already active, even if the decryption capability is still future.

Is post-quantum cryptography (PQC) production-ready?

Yes. NIST finalized its first post-quantum cryptography standards in 2024. These algorithms, notably ML-KEM and ML-DSA, are production-ready today. Several major organizations, including Google and players in the banking sector, have begun deploying them. Solutions such as CryptoNext's PQC Library make it possible to integrate these algorithms into existing systems, typically in hybrid mode during the transition period. The readiness question has been answered. The relevant question now is whether your organization has begun.

How to start preparing your organization for Q-Day?

The first step is always the cryptographic inventory. Before migrating anything, you need to know what you are running: which algorithms, in which systems, protecting which types of data, and with which partners and vendors downstream. That is often where organizations discover the true scale of their exposure. Once that inventory exists, it becomes possible to prioritize migrations based on data sensitivity and system lifecycle. For organizations looking for structured support, CryptoNext offers COMPASS, an automated cryptographic inventory product, along with advisory expertise to build a migration roadmap tailored to their regulatory and operational context.

Does Q-Day only affect large enterprises or critical infrastructure?

No. Any organization using encrypted communications, digital certificates, authentication systems, or secure transactions is potentially at risk. Small and mid-sized businesses, healthcare facilities, local governments, law firms, and academic institutions are all in scope. The main difference from large infrastructure lies in the migration horizon: a smaller organization using cloud solutions or third-party software also depends on the readiness of its vendors. In all cases, starting by mapping your cryptographic exposure is an accessible and necessary step, regardless of organizational size.

Does Q-Day also apply to stored data?

Yes, and this is often the least understood dimension. Data encrypted with current asymmetric algorithms and stored on servers, in archives, or in backups can be captured today and decrypted at Q-Day. That is the logic behind HNDL attacks. Any data with long-term strategic value — intellectual property, medical records, sensitive financial information, diplomatic communications — should already be treated as at risk. The threat's timeline is not linear: what will be decrypted in ten years can be collected today.

Q-Day

Q-Day: Definition, Stakes, and Preparation

What Is Q-Day?

Q-Day, short for Quantum Day, refers to the hypothetical point at which a sufficiently powerful quantum computer, also known as a Cryptographically Relevant Quantum Computer (CRQC), becomes capable of breaking the asymmetric encryption algorithms that secure majority of the world’s digital communications today.

RSA, elliptic curves, key exchange protocols like Diffie-Hellman: every pillar of modern digital security would be rendered highly vulnerable from that point forward.

No one knows exactly when it will happen. But experts, government agencies, and standards bodies treat it as a certainty: Q-Day is coming. And that is precisely the challenge for organizations: acting on a threat with no fixed deadline, yet one that demands a preparation process that is long, structured, and irreversible.

Why Q-Day Puts Today’s Cybersecurity at Risk

Asymmetric Cryptography: The Hidden Pillar of the Digital Economy

Since the 1970s, information security has rested on a simple mathematical principle: some problems are too complex for a classical computer to solve in any reasonable timeframe. Factoring a large integer, computing a discrete logarithm: these are the operations that make RSA and elliptic curve algorithms work. The private key stays secret because deriving it from the public key would require thousands of years of computation, far beyond any human timescale.

Quantum computers fundamentally change this equation.. In 1994, mathematician Peter Shor proved that a functional quantum computer could solve these problems exponentially faster. What classical machines could not crack in millennia, a sufficiently powerful quantum machine could accomplish in hours, or even minutes.

Q-Day is the day that theoretical capability becomes operational.

Which Systems Are at Risk?

The short answer: almost all of them.

TLS certificates securing; HTTPS connections, electronic signature protocols, authentication systems, banking transactions, diplomatic communications, energy infrastructure, healthcare systems: any architecture that relies on asymmetric cryptography today is potentially exposed.

Quantum computers do not break symmetric encryption the same way. AES-256, for instance, remains relatively resistant in a post-quantum world, provided sufficient key lengths are used. It is asymmetric cryptography, namely RSA, ECDSA, and ECDH, that is directly threatened.

For organizations, this means a precise cryptographic asset inventory is non-negotiable. Without one, there is no way to know what is exposed, what can wait, and what must be prioritized for migration.

The Threat Does Not Start at Q-Day

This is the point many organizations have yet to internalize: quantum-related attacks have already begun. Just in a different form.

“Harvest Now, Decrypt Later”: Collecting Encrypted Data Today

Nation-states, organized groups, and well-resourced adversaries are already harvesting encrypted data. Their storage systems are accumulating communications, financial transactions, strategic data, and trade secrets. That data is encrypted with today’s algorithms and unreadable now, but that will change at Q-Day

This strategy, known as Harvest Now, Decrypt Later (HNDL), makes the threat immediate, even though the quantum computer capable of decrypting that data does not yet exist.

What is captured today can be decrypted tomorrow.

For organizations that handle sensitive long-term information like customer confidential data, intellectual property, diplomatic communications, or defense data, the urgency is real today, not in ten years.

Where Does Quantum Computing Stand in 2025?

Estimates vary. Some experts place Q-Day within a 5-to-15-year window. Others project shorter timelines, particularly as investment in quantum computing accelerates.

What is certain: the pace of progress is fast. What is certain is the accelerating pace of development in the field.

IBM, Google, Chinese players, and classified government programs are all investing heavily in stable, scalable quantum machines. Qubit capacity grows every year. Error rates are falling. Quantum error correction, long considered the main technical barrier, is seeing regular breakthroughs.

The NSA has set a 2030 deadline for the most critical systems to begin transitioning to quantum-resistant algorithms. NIST finalized its first post-quantum cryptography standards in 2024, following a multi-year selection process involving experts from around the world. In France, ANSSI has published detailed guidance on the cryptographic transition and is actively encouraging both public bodies and private organizations to begin their migration work now.

These signals are not incidental. They define a timeline.

How to Prepare Without Knowing When Q-Day Will Arrive

The exact date of Q-Day is not the most important question.

The quantum threat has exposed a blind spot in cybersecurity that must be addressed: regaining control over cryptography, and building the ability to update it in an agile way to protect sensitive data.

Security agencies have stepped in and published regulations to that effect and the sheer duration of such a project makes it imperative to start the transition to quantum-resistant cryptography now.

Q-Day should be understood as a structuring horizon for security decisions made today: in procurement, system architecture, governance policies, and cybersecurity budgets.

More terms:

Cryptographic Inventory Post-Quantum Cryptography Asymmetric Cryptography