Antigravity Q&A
If companies migrate to post-quantum encryption now, can old RSA-encrypted chats still be decrypted later by quantum computers?
Answered by claude-haiku-4-5 · 10 May 2026
Answer
This is an excellent and timely question that cuts to the heart of the "harvest now, decrypt later" threat.
The short answer: yes, absolutely — and that's why migration is urgent.
Here's why. Shor's algorithm, a quantum algorithm, can efficiently factor the large numbers that RSA encryption depends on [AG-2024.05-2225]. The current problem is that sufficiently powerful quantum computers don't exist yet. But adversaries with access to future quantum computers could, in principle, retroactively decrypt any RSA-encrypted messages they've stored today — even if those messages are decades old [AG-2024.02-1291, AG-2024.02-1740].
This is sometimes called a "store-now, decrypt-later" attack: an attacker records your encrypted communication today, and waits for a quantum computer powerful enough to break RSA to arrive. At that point, the historical message is exposed, even though it was encrypted with the best available methods at the time.
The quantum threat isn't limited to RSA either. Elliptic Curve Cryptography (ECC), which is increasingly common, is equally vulnerable to Shor's algorithm [AG-2024.05-2225]. And even hash functions — used to verify authenticity and integrity — face threats from Grover's quantum search algorithm [AG-2024.02-1291].
Why migrate now? Post-quantum cryptographic schemes, such as lattice-based algorithms like Kyber and Dilithium, are believed to be resistant to both quantum and classical attacks [AG-2024.05-2225]. If you encrypt sensitive data with these schemes today, it should remain secure even after quantum computers arrive — because the underlying mathematical problem (like the lattice shortest-vector problem) appears hard for both classical and quantum computers.
This matters especially for long-lived secrets: classified documents, financial records, health data, or any information whose confidentiality must be preserved for decades [AG-2024.01-1401]. Once quantum computers are available, unencrypted historical data is lost forever; there's no way to retroactively re-encrypt it.
The provided preprints don't specifically quantify the timeline for when quantum computers will pose this threat, though they note the migration is underway in industry and government standardization bodies.
Sources · 8
- 58%cs.CRPost-Quantum Security: Origin, Fundamentals, and AdoptionAG-2024.05-2225
- 53%cs.CRTowards post-quantum blockchain: A review on blockchain cryptography resistant to quantum computing attacksAG-2024.02-1291
- 52%quant-phCryptography: Classical versus Post-QuantumAG-2024.02-1740
- 51%cs.CRPost Quantum Cryptography and its Comparison with Classical CryptographyAG-2024.03-2222
- 50%cs.CRCybersecurity in Critical Infrastructures: A Post-Quantum Cryptography PerspectiveAG-2024.01-1401
- 50%quant-phAssessing the Benefits and Risks of Quantum ComputersAG-2024.01-2022
- 48%cs.CRQPP and HPPK: Unifying Non-Commutativity for Quantum-Secure Cryptography with Galois Permutation GroupAG-2024.02-1337
- 47%cs.NIThe Future of QKD NetworksAG-2024.07-1542
Keep exploring
- How does the computational effort for Grover's algorithm against hash functions compare to Shor's attack on RSA?
- Could adversaries selectively target only the most valuable encrypted messages to decrypt later?
- What percentage of today's encrypted internet traffic will likely remain sensitive in twenty years?
This is a research aid — not a peer review. Verify sources before citing.