Antigravity Q&A
If companies migrate to post-quantum encryption now, can old RSA-encrypted chats still be decrypted later by quantum computers?
Answered by claude-haiku-4-5 · 3 May 2026
Answer
# Yes—this is a critical security problem called "harvest now, decrypt later," and it's why migration is urgent.
Here's the threat: adversaries can record encrypted traffic today and store it. Later, when quantum computers become powerful enough, they can run Shor's algorithm to break RSA and extract the plaintext [AG-2024.05-2225]. The mathematical vulnerability isn't hypothetical—Shor's algorithm *can* effectively compute the discrete logarithms that RSA security depends on, but only on a sufficiently powerful quantum computer [AG-2024.05-2225].
The key risk is retroactivity. If you migrate your *future* communications to post-quantum encryption (like lattice-based schemes such as Kyber or Dilithium [AG-2024.05-2225]), that doesn't automatically protect conversations you encrypted yesterday with RSA. Those old ciphertexts remain vulnerable to a future quantum adversary with the computational resources to attack them.
This is why security experts now recommend a two-part strategy:
1. Migrate forward: Use post-quantum cryptography (which resists both classical and quantum attacks [AG-2024.02-1740]) for all *new* communications starting now.
2. Protect the past: Reencrypt old, sensitive data—especially material with long-term value (state secrets, medical records, financial data)—using post-quantum schemes before quantum computers arrive.
The window for this isn't infinite: estimates vary, but quantum computers capable of breaking RSA are expected within years, not decades [AG-2024.05-2225]. That's why governments and industry are accelerating post-quantum standardization right now [AG-2024.05-2225].
Sources · 8
- 58%cs.CRPost-Quantum Security: Origin, Fundamentals, and AdoptionAG-2024.05-2225
- 53%cs.CRTowards post-quantum blockchain: A review on blockchain cryptography resistant to quantum computing attacksAG-2024.02-1291
- 52%quant-phCryptography: Classical versus Post-QuantumAG-2024.02-1740
- 51%cs.CRPost Quantum Cryptography and its Comparison with Classical CryptographyAG-2024.03-2222
- 50%cs.CRCybersecurity in Critical Infrastructures: A Post-Quantum Cryptography PerspectiveAG-2024.01-1401
- 50%quant-phAssessing the Benefits and Risks of Quantum ComputersAG-2024.01-2022
- 48%cs.CRQPP and HPPK: Unifying Non-Commutativity for Quantum-Secure Cryptography with Galois Permutation GroupAG-2024.02-1337
- 47%cs.NIThe Future of QKD NetworksAG-2024.07-1542
Keep exploring
- How do lattice-based schemes like Kyber mathematically resist the discrete logarithm attacks that break RSA?
- What timeline exists for reencrypting historical archives before quantum computers actually arrive?
- Does migrating only *new* communications leave organizations vulnerable if adversaries already possess years of recorded traffic?
This is a research aid — not a peer review. Verify sources before citing.