Warning: Bad actors may already be in store-now-decrypt-later mode

  • Thread starter Thread starter .Scott
  • Start date Start date
Click For Summary

SUMMARY

The discussion centers on the imminent threat posed by "store now, decrypt later" attacks leveraging future Cryptographically Relevant Quantum Computers (CRQCs). Google’s February 2026 security report confirms that malicious actors are already collecting encrypted data to decrypt once CRQCs become operational. Shor's Algorithm, capable of factoring large numbers and breaking RSA encryption, underpins this threat. NIST’s November 2024 draft standards recommend deprecating RSA-2048 by 2030 and all RSA variants by 2035, but recent Caltech research suggests fault-tolerant quantum computers capable of breaking RSA-2048 may arrive sooner than expected, potentially accelerating the need to abandon RSA encryption.

PREREQUISITES

  • Understanding of RSA cryptosystems and RSA-2048 key structure
  • Familiarity with Shor's Algorithm for quantum cryptanalysis
  • Knowledge of fault-tolerant quantum computing principles
  • Awareness of NIST cryptographic standards and their revision process

NEXT STEPS

  • Research NIST Post-Quantum Cryptography (PQC) standardization efforts
  • Study implementation and security of lattice-based cryptography algorithms
  • Explore quantum fault-tolerance techniques and error correction codes
  • Monitor developments in quantum hardware capabilities relevant to cryptanalysis

USEFUL FOR

Cryptographers, cybersecurity professionals, software engineers implementing encryption, and security policy makers focused on quantum-resistant cryptography and future-proofing data security against quantum threats.

.Scott
Science Advisor
Homework Helper
Messages
4,025
Reaction score
2,075
TL;DR
Assessing the adequacy of current on-line encryption methods - especially the industry standard RSA–2048.
A Feb 2026 Google security report states:
And while we’re not there yet, malicious actors are not waiting until a Cryptographically Relevant Quantum Computer (CRQC) is ready. They are likely already carrying out “store now, decrypt later” attacks and collecting encrypted data, just waiting for the day when a quantum computer can unlock it.

Just to decode that, a CRQC would be a quantum computer able to effectively perform cryptanalysis on commonly used encryption methods. No such CRQC has yet been engineered. The world is working on expanding the capacity of quantum computers for many practical purposes such as developing new drugs. Those same machines will eventually become usable as CRQC devices.

The first cryptanalysis QC algorithm developed was Shor's Algorithm. Given the right QC machine, this method can be used to factor large numbers into their prime number composites - thus defeating RSA cryptosystems.

The US National Institute of Standards and Technology (NIST) issued an "Initial Public Draft" of crypto standards in November 2024 which included this table:
NIST.webp

Again, to decode: for RSA, "112 bits of security strength" refers to RSA-2048 - with a 2048-bit encryption key. You are likely using this method in many of you apps and settings today. What this table shows is that RSA-2048 should be deprecated (not used in new situations) after 2030 and no RSA method (for example RSA-4096) be used at all after 2035.
This is only a 18-month-old "public draft", but I have not found any more recent NIST interest in this topic.

But there is new reason to suspect that RSA may need an earlier sunset. In a report posted to arxiv yesterday and announced on the Caltech site today, the CRQC bar for breaking RSA-2048 may not be as high as has been supposed. The report's authors are quoted in that Caltech article as follows:
Xu adds, "For decades, qubit count has been viewed as the main obstacle to fault-tolerant quantum computing. I hope our work helps shift that perspective."

The report stresses that the team's findings mean that fault-tolerant quantum computers could be on the horizon. Previously, experts in quantum computing thought that such an accurate machine would take another 10 or even 20 years to build.

"I've been working on fault-tolerant quantum computing longer than some of my coauthors have been alive," Preskill says. "Now at last we're getting close."

Huang says, "I always considered theoretical research on the usefulness of large-scale quantum algorithms to only be of interest in the distant future. Our new study made me realize they might come true in the next few years."
 
  • Informative
Likes   Reactions: FactChecker
Computer science news on Phys.org
[URL=https://blog.google/innovation-and-ai/technology/safety-security/the-quantum-era-is-coming-are-we-ready-to-secure-it/]Google quote from .scott[/URL] said:
They are likely already carrying out “store now, decrypt later” attacks and collecting encrypted data, just waiting for the day when a quantum computer can unlock it.
I mean, I guess that makes sense.

In the future, any data transplanted from an archaic security protocol would have to be treated as compromised. The only secure data is data that's germinated within the latest security protocols.
 
Last edited:
  • Like
Likes   Reactions: .Scott
DaveC426913 said:
In the future, any data transplanted from an archaic security protocol would have to be treated as compromised. The only secure data is data that's germinated within the latest security protocols.
You quoted from the Google security report.

The question is whether RSA-2048 should now be put into that "archaic" category for information that needs to be secure for more than just a few years. The NIST recommendations (or draft recommendations ) may not be as cautious as one would expect.
 
.Scott said:
You quoted from the Google security report.
Heh. I really didn't. Pulled that off the top of my head.
 
DaveC426913 said:
Heh. I really didn't. Pulled that off the top of my head.
I meant your "They are likely already carrying out “store now, decrypt later” attacks and collecting encrypted data, just waiting for the day when a quantum computer can unlock it." quote. You put it in a quote box with my name on it - but I was just quoting the security report. So, it's Google's words, not mine.
 
.Scott said:
it's Google's words, not mine.
Ah. That is a bit misleading, innit.
Fixed. Sort of. There's a way attribute a quote to a URL but I don't know it off hand.
 
  • Like
Likes   Reactions: .Scott

Similar threads

Replies
45
Views
9K
Replies
29
Views
6K
  • · Replies 0 ·
Replies
0
Views
2K
  • · Replies 13 ·
Replies
13
Views
5K
  • · Replies 9 ·
Replies
9
Views
3K
  • · Replies 3 ·
Replies
3
Views
2K
  • · Replies 7 ·
Replies
7
Views
4K
  • · Replies 7 ·
Replies
7
Views
4K
  • · Replies 1 ·
Replies
1
Views
11K