Future Tech/security
Post-Quantum Cryptography Hits Consumer Devices by 2030
NIST finalized post-quantum standards in 2024. By 2030 every consumer cryptographic operation is post-quantum. The most consequential cryptography migration in computing history is silently underway.
// By 2030 · high confidence · disruption 7/10
Prediction
// 2030
By 2030, post-quantum cryptographic algorithms will be the default for new TLS handshakes, messaging encryption, and authentication credentials across major consumer platforms.
What dies
- → cable tv set top boxes
Who wins
- → NIST
- → IETF
- → Apple
The hook
NIST finalized post-quantum cryptography standards in August 2024 (ML-KEM, ML-DSA, SLH-DSA). Apple shipped iMessage PQ3 in February 2024. Signal shipped PQXDH. Chrome enabled hybrid post-quantum TLS by default.
Thesis. Post-quantum cryptography is not a future concern. It is a 2024 to 2030 migration already in progress. 'Harvest now, decrypt later' makes the migration urgent before practical quantum computers exist.
The story
The current state
NIST PQC standards finalized in August 2024 (ML-KEM/Kyber, ML-DSA/Dilithium, SLH-DSA/SPHINCS+). Apple iMessage PQ3 launched February 2024. Signal PQXDH shipped 2023. Cloudflare and Chrome ship hybrid PQ TLS by default. The migration is live.
The inflection point
NIST's six-year competition concluded with three production algorithms. Major consumer platforms shipped first-wave deployments before the standards even finalized. The cryptographic community has not seen a coordinated migration of this scale before.
The prediction
By 2030, new TLS handshakes default to PQ algorithms. Messaging encryption is PQ-protected. Authentication credentials (passkeys) start moving to PQ signature schemes. Legacy RSA and ECC persist for backward compatibility but are no longer default.
Who wins, who loses
Winners: NIST and IETF (the spec authors), Apple, Google, Microsoft, and Signal (the early implementers), and the HSM vendors that ship PQ-ready hardware. Losers: legacy embedded systems with no upgrade path, cable-TV-era closed protocol stacks, and any infrastructure that assumed RSA forever.
Timeline and risks
Consumer platforms lead. Enterprise lags by 18 to 36 months. Critical infrastructure (banking, healthcare) follows federal mandates (NSM-10, OMB M-23-02) on a longer timeline. The migration is hardest in long-lived embedded systems with no firmware update path.
First signals (verify today)
NIST finalized PQC standards August 2024. Apple iMessage PQ3 launched February 2024. Signal PQXDH shipping. Chrome shipping ML-KEM hybrid TLS.
Key data points
- NIST PQC standards finalized: August 2024 (ML-KEM, ML-DSA, SLH-DSA)
- Apple iMessage PQ3 launch: February 2024
- Signal PQXDH launch: 2023
- Cloudflare hybrid PQ TLS: 2022 to 2024 rollout
- US National Security Memorandum 10: May 2022
Contrarian angle
Most coverage of post-quantum cryptography frames it as protecting against future quantum computers. The harder truth is that 'harvest now, decrypt later' makes today's encrypted communications vulnerable to tomorrow's quantum computers. Every TLS handshake captured today by a nation-state could be decrypted in 2035. This is why the migration is happening before practical quantum computers exist.
The flip side
What this kills
The paired obituary in Tech Graveyard.
Read the obituaryFAQ
When will practical quantum computers exist?
Cryptographically-relevant quantum computers (CRQCs) capable of breaking RSA-2048 are estimated 10 to 30 years away. The uncertainty is large; the migration cost of waiting until the answer is clear is larger.
What is harvest-now-decrypt-later?
An adversary records encrypted traffic today, stores it, and decrypts it when CRQCs become available. This is plausibly already happening at nation-state scale.
Will old encrypted data become readable?
Anything encrypted with classical algorithms (RSA, ECC) and captured before PQ migration is at risk. PQ migration protects future traffic; it cannot retroactively secure past traffic.
Are post-quantum algorithms slower than RSA?
Mixed. ML-KEM is competitive with ECDH for key exchange. ML-DSA signatures are larger than ECDSA, which affects bandwidth-constrained environments. Hybrid modes use both classical and PQ in parallel during transition.
More from guptadeepak.com
Want the technical deep-dive behind this prediction?
Read the companion articleRelated predictions
More from the security desk.
// By 2027
medium confidenceBehavioral Biometrics Replace CAPTCHAs Everywhere
By 2027, the visible CAPTCHA is gone from the top 10,000 sites. Invisible behavioral signals running continuously replace it. Bot defense becomes invisible.
First signals: Cloudflare Turnstile on 2M+ sites. Apple Private Access Tokens in Safari. reCAPTCHA market share declining.
security · Disruption 6/10
// By 2027
medium confidenceThe Autonomous SOC Becomes Mainstream
The autonomous SOC is not replacing your security team. It is replacing the Tier-1 alert queue that nobody wanted to staff anyway.
First signals: Prophet Security and Dropzone AI in Fortune 500 production. CrowdStrike Charlotte AI shipping. SOC budget reallocation accelerating.
security · Disruption 8/10
// By 2027
high confidenceEvery Security Practitioner Has an AI Copilot by 2027
By 2027, security practitioners without AI copilots are the exception. The shift happens faster than SIEMs spread, faster than EDR, faster than SOAR. The economics force it.
First signals: Microsoft Security Copilot GA. CrowdStrike Charlotte AI in production. SentinelOne Purple AI shipping. Every major SIEM vendor announced AI features.
security · Disruption 8/10