Evidence Pack: The National Security Migration to Post-Quantum Cryptography

The digital foundation of U.S. national security relies on public-key cryptography—mathematical locks that would take classical supercomputers millennia to break. However, the theoretical advent of cryptanalytically relevant quantum computers (CRQCs) threatens to shatter these defenses using Shor's algorithm. In response, the U.S. government has initiated a sweeping, legally mandated migration to Post-Quantum Cryptography (PQC). This evidence pack evaluates the primary claims, timelines, and underlying science of this transition, mapping the government's response to the looming quantum threat.[1]

The primary claim driving the national security apparatus is that adversaries are actively executing a "harvest now, decrypt later" strategy. According to cybersecurity analysts and federal warnings, state-sponsored actors are vacuuming up massive volumes of encrypted internet traffic. While they cannot read this data today, they are hoarding it in vast data centers until quantum hardware matures enough to break the encryption.[5][7]

The evidence supporting this espionage claim is considered highly robust by the intelligence community. Storage costs have plummeted over the last decade, making it economically feasible for nation-states to archive petabytes of encrypted communications. Because highly classified government data and long-term corporate intellectual property retain their value for decades, the incentive to harvest this data today is overwhelming.[6]

To counter this threat, the central technical claim is that the newly finalized algorithms can withstand quantum decryption. After an exhaustive eight-year global competition, the National Institute of Standards and Technology (NIST) published its first three finalized standards—FIPS 203, 204, and 205—in August 2024. Unlike legacy systems such as RSA and Elliptic Curve Cryptography, which rely on the difficulty of prime factorization, these new standards utilize entirely different mathematical foundations.[2][5]

Specifically, FIPS 203 and 204 are built on lattice-based cryptography. This approach involves hiding data within complex, multi-dimensional grids that are mathematically proven to be incredibly difficult to navigate, even for a quantum machine operating in superposition. FIPS 205 utilizes hash-based signatures, providing a secondary method for verifying digital identities without relying on vulnerable legacy math.[2]

The evidence supporting the security of these new algorithms is mathematically rigorous, yet it carries transparent uncertainty. Because quantum computers capable of breaking current encryption do not yet exist, the security of lattice-based cryptography relies on theoretical proofs rather than empirical field-testing against actual quantum hardware. Cryptography is an inherently adversarial science, and the possibility remains that a classical mathematical shortcut could eventually be discovered.[1][2]

To mitigate this uncertainty, NIST continues to evaluate a secondary batch of algorithms based on entirely different mathematical principles, such as code-based and multivariate cryptography. This intentional diversification ensures that a backup exists if a critical vulnerability is ever discovered in the primary lattice-based approach, preventing a single point of failure in national security architectures.[1][2]

On the regulatory front, the claim that federal agencies must migrate immediately is backed by concrete statutory mandates. The Quantum Computing Cybersecurity Preparedness Act, passed with overwhelming bipartisan support, legally obligates federal agencies to inventory vulnerable systems and begin the migration process. This legislative foundation ensures that the transition survives any changes in presidential administrations, cementing PQC as a permanent fixture of U.S. defense infrastructure.[3][6]

The timeline for this migration is strictly defined by the Office of Management and Budget (OMB) and NIST frameworks. OMB Memorandum M-23-02 serves as the operational playbook, requiring agencies to submit prioritized inventories of their quantum-vulnerable cryptographic systems annually until 2035. This granular reporting ensures that blind spots in legacy government networks are identified and patched before they can be exploited.[4]

Draft guidelines from NIST further establish a critical deprecation timeline. The framework targets the phase-out of highly vulnerable algorithms, such as RSA-2048, by 2030. Following this phase-out period, the government will enforce a hard disallowance of all quantum-vulnerable public-key cryptography by 2035, aligning with broader national security directives to harden critical infrastructure.[2][4]

A crucial distinction in the evidence pack is the differing impact of quantum computing on public-key versus symmetric encryption. While public-key cryptography is devastated by Shor's algorithm, symmetric encryption—such as the Advanced Encryption Standard (AES) used to protect classified government data—faces a lesser threat from Grover's algorithm. Grover's algorithm provides a quadratic speedup, meaning it weakens but does not instantly break symmetric keys.[5]

The evidence strongly supports that simply doubling the key size, such as moving from AES-128 to AES-256, effectively blunts the quantum advantage. Ultimately, the transition to post-quantum cryptography represents one of the largest infrastructural upgrades in the history of the internet. The evidence indicates that while the mathematical foundations of the new standards are sound, the primary vulnerability lies in the speed of implementation. For national security agencies, the 2026 landscape is a race to deploy these new cryptographic locks before adversaries can build the keys.[1][6][7]