As we navigate through 2025, a remarkable transformation is underway in the fundamental security architecture of the internet. At InterLIR, where we’ve spent years helping organizations optimize their network infrastructure through strategic IPv4 resource management, we’re now witnessing an equally critical evolution in how that infrastructure must be secured. The achievement of majority post-quantum encrypted traffic on major platforms like Cloudflare represents more than a technical milestone-it signals a fundamental shift in how we must approach network security in an era where quantum computing threatens to render decades of cryptographic standards obsolete.
Since our founding in 2020, we’ve observed how network infrastructure decisions made today can have lasting implications for years to come. The same principle applies to cryptographic security. Organizations investing in network resources, whether through IPv4 acquisition, infrastructure expansion, or service deployment, must now consider not just current security standards but the quantum-resistant protocols that will protect their communications in the coming decades. This comprehensive analysis examines where we stand in the post-quantum transition, what threats are materializing, and what practical steps organizations should take to protect their network infrastructure investments.
In my conversations with clients across Europe and beyond, I’ve found that quantum computing often seems like an abstract, distant concern-something for research laboratories rather than practical business consideration. However, the reality is far more immediate and concerning for anyone operating network infrastructure today.
Quantum computers operate on fundamentally different principles than the classical computers that power our current internet infrastructure. By leveraging quantum mechanical phenomena such as superposition, interference, and entanglement, these machines can perform certain specialized computations exponentially faster than traditional systems. While they won’t replace conventional computers for general purposes-think of them more like specialized processors similar to GPUs or neural processing units-they excel at specific tasks that unfortunately include breaking the cryptographic systems protecting virtually all internet communications today.
The encryption protocols that secure everything from financial transactions to confidential business communications rely on mathematical problems that are extremely difficult for classical computers to solve. RSA encryption, for instance, depends on the difficulty of factoring large numbers, while elliptic curve cryptography (ECC) relies on the discrete logarithm problem. Quantum computers, through algorithms like Shor’s algorithm, can solve these problems efficiently, rendering these widely-deployed security measures effectively useless.
Perhaps the most insidious aspect of the quantum threat is what security professionals call “harvest-now/decrypt-later” attacks. This scenario doesn’t require functional quantum computers to exist today-it only requires adversaries with foresight and storage capacity. The attack is straightforward: collect encrypted communications now, store them indefinitely, and wait until quantum computers become powerful enough to break the encryption and reveal the contents.
For organizations managing network infrastructure and handling sensitive data, this threat is already active. Any confidential information transmitted today using conventional encryption could potentially be decrypted in the future. Consider the implications for:
This means that organizations cannot afford to wait until quantum computers are fully operational before addressing the threat. The time to implement post-quantum cryptography is now, before sensitive data is harvested for future decryption.
At InterLIR, we’ve learned that understanding market dynamics requires monitoring multiple indicators simultaneously. The same applies to assessing when quantum computers will pose a practical threat to cryptography-what experts call “Q-day.” This assessment requires tracking both hardware advancements and algorithmic breakthroughs, as progress in either domain can significantly accelerate the timeline.
The quantum computing industry often emphasizes qubit counts as a primary metric of progress, but this single number tells an incomplete story. The quality of qubits, their interconnectedness, error rates, and the overall system architecture are equally critical factors. Several competing technological approaches are advancing simultaneously, each with distinct advantages and challenges:
Silicon-based quantum computers offer excellent scalability and fast instruction execution but suffer from noisy qubits requiring extensive error correction
Trapped-ion systems provide significantly lower noise levels, making them more reliable, but have historically faced greater challenges in scaling to large qubit counts
Superconducting qubits, the approach pursued by Google in their Willow project, represent a relatively straightforward engineering path despite substantial technical challenges
Topological qubits, Microsoft’s ambitious approach, theoretically offer exceptional noise resistance but remain largely in the theoretical and early experimental stages
Google’s December 2024 announcement of their Willow quantum processor marked a genuine milestone in this progression. They achieved the first logical qubit using surface code error correction in a scalable manner-a critical step toward practical quantum computing. While this doesn’t represent an unexpected leap beyond projected timelines, it demonstrates that steady, predictable progress is being made toward systems capable of breaking current cryptography.
While hardware progress has been steady, the most significant development in recent years came from the software side. In June 2025, researcher Craig Gidney published a paper demonstrating that through clever quantum software optimizations, breaking RSA-2048 encryption might require fewer than one million qubits-a dramatic reduction from the previously estimated 20 million qubits.
This optimization effectively brought the theoretical Q-day approximately seven years closer under reasonable assumptions about hardware development rates. Even conservative estimates now suggest that breaking RSA-2048 might require “only” 242,000 superconducting qubits rather than the millions previously thought necessary. This breakthrough illustrates a critical point: algorithmic improvements can accelerate the quantum threat timeline just as significantly as hardware advances, and often more unpredictably.
In April 2024, the cryptographic community experienced a brief but intense scare when researcher Yilei Chen published a preprint claiming to have discovered a new quantum algorithm capable of solving certain lattice problems efficiently. This was particularly concerning because lattice-based cryptography forms the foundation of many post-quantum cryptographic schemes being deployed as replacements for vulnerable algorithms.
After intense scrutiny from cryptographers worldwide, experts identified a fundamental flaw in Chen’s approach, averting what could have been a catastrophic setback for post-quantum cryptography. However, this episode serves as an important reminder that while lattice-based approaches currently appear secure, concentrating too heavily on a single mathematical foundation does present some risk. It also demonstrates the vital importance of ongoing peer review and the cryptographic community’s ability to rapidly assess potential threats.
In our work helping organizations plan their network infrastructure investments, we’ve learned that understanding expert consensus and regulatory requirements is essential for making informed decisions. The same principle applies to post-quantum cryptography migration planning.
The Global Risk Institute has conducted annual surveys of quantum computing experts since 2019, asking about the probability of RSA-2048 being broken within various timeframes. The 2024 survey revealed that well over half of interviewed experts believed there was at least a 50% chance of RSA-2048 being broken within 15 years-a sobering assessment that should inform infrastructure planning decisions today.
Analyzing historical survey data reveals interesting patterns in expert predictions. When asked about Q-day with approximately even odds (50% likelihood), experts consistently predict “about 15 years away” regardless of when they’re surveyed-suggesting either genuine uncertainty or a psychological tendency toward medium-term predictions. However, when pressed for higher certainty levels (70% probability), expert predictions show more consistency over time, with roughly one-fifth of experts consistently identifying 2034 as the likely timeframe for cryptographically-relevant quantum computers.
This suggests that while precise timing remains uncertain, there’s growing expert consensus around the 2030-2035 timeframe as a critical period when quantum computing will likely threaten current cryptographic standards. For organizations planning network infrastructure investments and security architectures, this timeline should inform decision-making today.
Governments worldwide have recognized the quantum threat and established formal timelines for post-quantum cryptography migration. These regulatory requirements create concrete deadlines that organizations, particularly those serving government clients or operating in regulated industries, must meet:
| Regulatory Body | Target Migration Date | Announcement Year |
|---|---|---|
| NSA (CNSA 2.0) | 2030-2033 | 2022 |
| US Federal Government | 2035 | 2022 |
| Australian Government | 2030 | 2024 |
| UK National Cyber Security Centre | 2035 | 2025 |
| European Union | 2030-2035 | 2025 |
These timelines are not arbitrary-they reflect expert assessments of when quantum computers may pose practical threats, combined with realistic estimates of how long large-scale cryptographic migrations require. Organizations should note that these dates represent completion targets, meaning migration efforts must begin significantly earlier to meet these deadlines.
The transition to post-quantum cryptography actually encompasses two distinct but related migrations, each with different urgency levels and implementation challenges. Understanding these differences is crucial for prioritizing migration efforts and allocating resources effectively.
The encryption migration focuses on protecting the confidentiality of data using quantum-resistant algorithms. This migration is more urgent due to the harvest-now/decrypt-later threat-adversaries can collect encrypted data today and decrypt it once quantum computers become available. For data that must remain confidential for extended periods, this threat is already active.
As of October 2025, significant progress has been made in implementing post-quantum encryption, particularly for HTTPS traffic. The milestone of majority human-initiated traffic with Cloudflare using post-quantum encryption demonstrates that large-scale deployment is not only possible but actively happening. Key factors enabling this progress include:
However, challenges remain in several areas. Legacy systems, specialized protocols, resource-constrained IoT devices, and embedded systems often cannot easily accommodate the larger key sizes and increased computational requirements of post-quantum algorithms. Organizations must carefully assess their entire infrastructure to identify systems requiring special attention or alternative approaches.
The digital signature migration focuses on ensuring data authenticity and integrity using quantum-resistant signature schemes. While this migration is less urgent than encryption migration-signatures only need to be secure at the time they’re verified, not decades into the future-it is often more complex to implement.
Digital signatures are deeply embedded in numerous systems and protocols, including certificate authorities, code signing, software updates, blockchain systems, and document authentication. Many of these systems have long-lived certificates and complex backward compatibility requirements. The signature migration is proceeding more slowly than encryption migration, with many organizations still in the planning or early implementation phases.
Drawing on our experience helping organizations optimize their network infrastructure at InterLIR, I can offer practical recommendations for approaching the post-quantum migration. This transition requires the same strategic planning and careful execution that we apply to IPv4 resource management-understanding current assets, assessing future needs, and implementing changes systematically.
Organizations should begin with these foundational steps:
Beyond immediate actions, organizations should adopt these strategic principles:
Implement crypto-agility – Design systems to accommodate algorithm changes easily, allowing rapid response to new threats or vulnerabilities. This principle will serve organizations well beyond the post-quantum transition, enabling adaptation to future cryptographic developments.
Adopt hybrid approaches where possible – Combining traditional and post-quantum algorithms provides security against both classical and quantum threats while the post-quantum standards mature and gain confidence through real-world deployment.
Monitor standards development actively – Stay informed about NIST standardization efforts, IETF protocol development, and industry-specific guidance. The post-quantum landscape continues evolving, and early awareness of changes enables proactive rather than reactive responses.
Engage with regulatory timelines – Align migration efforts with relevant compliance requirements, particularly if serving government clients or operating in regulated industries. Meeting these deadlines often requires beginning migration efforts years in advance.
Test thoroughly before production deployment – Post-quantum algorithms have different performance characteristics and resource requirements than traditional cryptography. Comprehensive testing in representative environments is essential before production deployment.
One of the most challenging aspects of post-quantum migration involves resource-constrained devices such as IoT sensors, embedded systems, and legacy hardware. Post-quantum algorithms generally require larger key sizes and more computational resources than traditional cryptography, creating difficulties for devices with limited memory, processing power, or energy budgets.
Organizations operating such devices should consider several approaches. Where possible, offload cryptographic operations to more capable gateway devices or edge computing infrastructure. For devices that must perform cryptography locally, evaluate optimized implementations specifically designed for resource-constrained environments. In some cases, hardware replacement may be necessary for devices that cannot support post-quantum algorithms through software updates alone.
In my role at InterLIR, I frequently discuss infrastructure investments with organizations evaluating whether to acquire additional IPv4 resources, upgrade network equipment, or expand their service capabilities. The post-quantum migration represents a similar infrastructure investment decision, and the business case deserves careful consideration.
The primary risk of delaying post-quantum migration is exposure to harvest-now/decrypt-later attacks. Organizations should assess this risk by considering:
For many organizations, particularly those in competitive industries, handling personal data, or managing intellectual property, the potential costs of data exposure far exceed the investment required for post-quantum migration. Additionally, regulatory penalties for failing to adequately protect sensitive data continue increasing, adding another dimension to the risk calculation.
Beyond risk mitigation, early post-quantum adoption can provide competitive advantages. Organizations that complete their migration ahead of competitors can market their quantum-resistant security as a differentiator, particularly when serving security-conscious clients or regulated industries. Early adoption also allows organizations to gain experience with post-quantum technologies before they become mandatory, reducing the risk of rushed implementations under regulatory pressure.
Furthermore, organizations that develop internal expertise in post-quantum cryptography position themselves to assist clients, partners, and customers with their own migrations, creating potential new service offerings and revenue streams.
As we look beyond 2025, several factors will shape the continued evolution of post-quantum internet security. Understanding these trends helps organizations plan not just for immediate migration needs but for the longer-term security landscape.
Both quantum algorithms and post-quantum cryptography will continue evolving. We should expect further optimizations in quantum algorithms that could accelerate Q-day timelines, similar to Craig Gidney’s 2025 breakthrough. Simultaneously, post-quantum algorithms will be refined for better performance, smaller key sizes, and reduced computational requirements, making them more practical for resource-constrained environments.
The cryptographic community will also continue developing and standardizing additional post-quantum schemes, particularly for specialized applications that current standards don’t optimally address. Organizations should maintain awareness of these developments and be prepared to adopt improved algorithms as they mature.
The post-quantum ecosystem will continue maturing through 2025 and beyond. We can expect:
As regulatory migration deadlines approach, we should expect increasing enforcement activity and more detailed compliance requirements. Organizations that delay migration may face penalties, loss of government contracts, or exclusion from regulated markets. The regulatory landscape will likely expand beyond current mandates to encompass additional sectors and jurisdictions as the quantum threat becomes more widely understood.
Post-quantum cryptography will increasingly integrate with broader security strategies including zero-trust architectures, defense-in-depth approaches, and comprehensive risk management frameworks. Organizations will recognize that post-quantum migration is not an isolated project but part of ongoing security evolution requiring continuous attention and adaptation.
The achievement of majority post-quantum traffic on major platforms like Cloudflare represents a significant milestone, but it marks the beginning rather than the end of the post-quantum transition. From our perspective at InterLIR, where we help organizations make strategic decisions about network infrastructure that will serve them for years to come, the parallels are clear: just as organizations must carefully plan their IP resource strategies to support future growth, they must now plan their cryptographic strategies to protect against future quantum threats.
The advances in quantum computing hardware and algorithms, particularly Craig Gidney’s optimizations demonstrating that breaking RSA-2048 may require far fewer qubits than previously thought, reinforce the urgency of post-quantum migration efforts. Whether Q-day arrives in 2034 or 2050, the harvest-now/decrypt-later threat is already active. Any sensitive data transmitted today using conventional encryption could potentially be decrypted in the future, making immediate action essential for information requiring long-term confidentiality.
Organizations should view post-quantum migration as an ongoing process rather than a one-time project. The cryptographic landscape will continue evolving, requiring sustained attention, regular reassessment, and adaptation to new developments. By beginning migration efforts now, implementing crypto-agility principles, and maintaining awareness of emerging threats and solutions, organizations can protect their network infrastructure investments and ensure their communications remain secure in the quantum era.
At InterLIR, we’ve built our business on helping organizations make infrastructure decisions that provide lasting value. The post-quantum migration represents exactly this type of decision-an investment in foundational security that will protect organizations for decades to come. The time to act is now, before quantum computers render current protections obsolete and expose sensitive information that may have been harvested years earlier. Organizations that approach this transition strategically, beginning with comprehensive assessment and proceeding through systematic implementation, will be well-positioned to maintain security and competitive advantage in the post-quantum internet of tomorrow.
Alexei Krylov
Head of Sales
A Beginner’s Guide to Subnetting IPv4 and IPv6 Addresses Subnetting is a critical
Why IPv4 Leasing Is Becoming the Smart Choice for Businesses in 2025 1. Introduction
As CEO of InterLIR, I’ve witnessed firsthand how network isolation strategies
What is an ASN? ASN stands for Autonomous System Number. It is a unique identifier
Anycast DNS: A Leader’s Guide to Protecting Your Digital Infrastructure Executive
RPKI Certification: A Leader’s Guide to Internet Routing Security Executive
Executive Summary: What You Need to Know 🎯 Strategic Importance – Internet
When AWS DynamoDB failed in October 2025, thousands of businesses discovered that
Executive Summary: What You Need to Know 🎯 IP reputation directly impacts your
Mastering Subnetting and Routing for Modern Networks Why Subnetting Matters in Today’s
