Identical wording placing limits on the export of quantum computers has appeared in regulations across the globe. There doesn't seem to be any scientific reason for the controls, and all can be traced to secret international discussions
The good news is, a lot of old secrets won’t really matter anymore by the time we have quantum computers that can break the encryption. There will obviously be a big impact on information that was encrypted just before we get a working quantum computer that can crack modern crypto.
In cryptography discussions, I feel like we’re usually implying (or even saying out loud) that the encryption is secure for a sufficient amount of time and computer power. Perhaps people outside of cryptography don’t know it, but I think there is a reasonable expectation that encrypted communications could be decrypted at some point in the future. We just hope it’s sufficiently far enough away (or difficult enough) to not be a problem.
Honestly as soon as we get some good post-quantum crypto, we’ll probably want to switch over to it asap, even if good quantum computers are still far out, just to help alleviate some of this problem. Of course, I imagine we’re still going to be finding new things once the technology is real and being used. Let’s hope the post-quantum cryptography algorithms we come up with actually are strong against a sufficiently large quantum computer.
The good news is, a lot of old secrets won’t really matter anymore by the time we have quantum computers that can break the encryption. There will obviously be a big impact on information that was encrypted just before we get a working quantum computer that can crack modern crypto.
In cryptography discussions, I feel like we’re usually implying (or even saying out loud) that the encryption is secure for a sufficient amount of time and computer power. Perhaps people outside of cryptography don’t know it, but I think there is a reasonable expectation that encrypted communications could be decrypted at some point in the future. We just hope it’s sufficiently far enough away (or difficult enough) to not be a problem.
Honestly as soon as we get some good post-quantum crypto, we’ll probably want to switch over to it asap, even if good quantum computers are still far out, just to help alleviate some of this problem. Of course, I imagine we’re still going to be finding new things once the technology is real and being used. Let’s hope the post-quantum cryptography algorithms we come up with actually are strong against a sufficiently large quantum computer.
TLS already has quantum-hardened algorithms in it.