A U.S. House subcommittee issued a stark warning to the nation's financial sector this week: The quantum computing age is coming, and with it, the inevitable collapse of current data encryption.
In a Tuesday hearing titled "Preparing for the Quantum Age: When Cryptography Breaks," experts testified that the time to prepare is now, as foreign adversaries are already stealing encrypted American data with the intent to decrypt it once quantum computers are powerful enough to do so.
The hearing, held by the Subcommittee on Cybersecurity, Information Technology, and Government Innovation, delved into the urgent need to transition to post-quantum cryptography, or PQC, the impact of international student programs on national security, and the potential risks of federal funding cuts to U.S. leadership in the quantum field.
Lawmakers and expert witnesses from government and private industry, including the U.S. Government Accountability Office, or GAO, IBM and the cybersecurity firm Qrypt, painted a sobering picture of the nation's vulnerabilities.
'Harvest now, decrypt later' is already underway
Nancy Mace, the chairwoman of the subcommittee and a Republican from South Carolina, drew attention to the threat posed by foreign adversaries, saying that they are implementing a strategy of "steal now, decrypt later," meaning these adversaries are stealing encrypted information today that they will be able to decrypt in the future by using quantum computing.
Ranking member Shontel Brown, a Democrat from Ohio, highlighted the same threat.
When these nations "crack the code of quantum computing, they'll already have vast troves of sensitive, secret data from the American people and the federal government at their fingertips, ready to unlock and exploit," Brown said.
Scott Crowder, vice president of quantum adoption at IBM, agreed, saying that foreign adversaries are implementing this "with the hope today's data will still be valuable when they have a quantum computer," he said.
Denis Mandich, chief technology officer at Qrypt, cited recent compromises as examples of this strategy in action. This included the "Salt Typhoon" infiltration of nine major telecom backbone networks by China and the theft of Microsoft's master signing key by China's Storm-0558 group, which "compromised nearly all federal agency accounts," he said.
"Hostile actors already have pervasive access to collection points of encrypted data," Mandich said.
Quantum threat to encryption is 'inevitable'
Witnesses universally confirmed that sufficiently powerful quantum computers will undermine widely used cryptographic methods, including those protecting financial transactions and sensitive data.
Marisol Cruz Cain, director of information technology and cybersecurity at the U.S. Government Accountability Office, testified that "some experts predict that a quantum computer capable of breaking existing cryptography could be developed in the next 10 to 20 years."
Mandich labeled the arrival of a "cryptographically relevant quantum computer, or CRQC," not as a "black swan event" (rare and unforeseeable) but a "white swan" (broadly predictable, with only its precise timing in debate).
He noted that the threshold for such an event is roughly 4,000 logical qubits. Compare that to the
A 4,000-logical-qubit quantum computer poses a direct threat to the financial sector's widely used RSA encryption, which quantum algorithms like Shor's algorithm — named after Peter Shor, who published the algorithm in 1994 — can eventually break.
Mandich warned that once a CRQC comes online, it could decrypt the largest bitcoin wallet, driving the value of bitcoin to zero.
Big banks are investing in quantum computing. What does that mean for the future of finance? And, more importantly, will they ever become useful?
Call for immediate transition to post-quantum cryptography
Experts emphasized the urgent need to transition to post-quantum cryptography, or PQC, algorithms designed to resist quantum attacks.
The National Institute of Standards and Technology, or NIST, has already approved three cryptography standards for the post-quantum world.
"NIST has recommended existing encryption vulnerable to quantum computers be disallowed by 2035, and previous experiences have shown broad adoption of new cryptography can take more than a decade," Crowder said. "Thus, we must act now."
In her opening statements, Mace highlighted that Congress passed the Quantum Computing Cybersecurity Preparedness Act in 2022, which "requires the federal government to develop and execute a plan to migrate federal IT to post quantum cryptography," she said.
In a
Mandich stressed that simply upgrading algorithms is not enough.
"The industry's last major upgrade, which phased out deprecated algorithms decades ago, remains unfinished," he said, noting "legacy algorithms persist in production."
He advocated for "crypto-agility" — designing systems so "cryptographic algorithms can be updated or replaced seamlessly when vulnerabilities are discovered."
This is critical, he said, because even new PQC algorithms may have unforeseen flaws. For example, in 2022,
Security groups that focus on the financial industry have also advocated for cryptographic agility. A February report from Financial Services Information Sharing and Analysis Center, or FS-ISAC, recommended financial institutions inventory their cryptography usage to prepare for the PQC transition.
That report said one of the most significant challenges remaining for financial institutions has to do with EMV chips in credit and debit cards, which currently do not support PQC. In fact, many still rely on the Triple DES standard — one of the vulnerable, legacy standards that Mandich said persists in real-world use.
Competition with China and international students
A key theme throughout the hearing was the fierce global competition, particularly with China, and the need for the U.S. to maintain its lead in quantum computing.
Brenda Rubenstein, an associate professor at Brown University, expressed concern about what "American leadership will look like in the future" in the field of quantum computing, given that the U.S. relies "on a relatively small pool of people who are trained and educated in the United States."
Rubenstein appeared in the hearing as a minority witness. In other words, the Democrats on the subcommittee invited her.
Eli Crane, a subcommittee member and Republican from Arizona, called out Brown University's vetting process for international students from adversarial countries such as China.
"Does it concern you that universities like Brown and others allow students to come here ... and then they work with maybe a sympathetic professor who shifts them into something like nuclear engineering or quantum computing, and then they end up competing with the United States?" Crane asked Mandich.
Mandich responded that China "floods the United States with students."
"That's their frontline collection platforms," Mandich said. "We've effectively trained their entire quantum industry here in the United States."
Rubenstein advocated for a balanced consideration of the issues with and benefits of international student programs. She pointed out that the federal government vets these students on Brown's behalf, and she pointed to various benefits that international students bring to the U.S., including contributions to the multiculturalism of the university and workforce.
"Many of these people come to our country, they work at our companies, and they do in fact innovate in ways that are exceptional," Rubenstein said.
Budget cuts to research funding
Witnesses also highlighted significant risks due to proposed federal budget cuts under the Trump administration, which ranking member Brown stated have brought funding to its "lowest levels in decades."
Rubenstein emphasized the critical role of "basic research" in training the next generation of scientists, lamenting that "the NSF budget alone ... will be reduced by 57% and in a total of 85% for physics."
Such cuts impact graduate research programs and leave students "scared for their futures," she said.
Cruz Cain warned that without sufficient funding for research and workforce development, "we are not even prepared to start to protect our systems and transition them to PQC."
Subcommittee Republicans did not directly address these concerns about funding cuts during the hearing Wednesday.
