Post-quantum cryptography (PQC) refers to encryption algorithms designed to resist attacks from both classical and quantum computers. NIST finalized the first four PQC standards in 2024: CRYSTALS-Kyber for key encapsulation, CRYSTALS-Dilithium and FALCON for digital signatures, and SPHINCS+ as a hash-based backup. SandboxAQ (Google spin-off, $5.75 billion valuation) is leading enterprise PQC migration services.
The urgency comes from 'harvest now, decrypt later' attacks — adversaries are already collecting encrypted data that will become readable once large-scale quantum computers exist. Critical infrastructure, financial systems, government communications, and military secrets all rely on cryptographic algorithms that quantum computers could break. The migration timeline is measured in years, but the threat timeline is shrinking.
The US pioneered PQC standardization through NIST's multi-year competition and now mandates quantum-resistant cryptography for federal systems. This creates a first-mover advantage: US companies developing PQC solutions are setting global standards, and the transition will generate tens of billions in cybersecurity spending. IonQ projects cryptographically relevant quantum computers by 2028, making this migration genuinely urgent.