What risks they pose and what will change

One risk is "capture now, read later": an attacker stores today’s encrypted communication and, in the future, once the algorithms are broken, decrypts it. Another is forging digital signatures, for example in firmware updates, which can enable malicious software. The transition to post-quantum algorithms will increase demands mainly on the amount of data when establishing a connection, while the processors and memory of ordinary devices can handle it. That means more "paperwork" for fast key exchange, but not a fundamental hardware revolution.

Plans, open source, and what to do today

In the US there is a plan to completely replace classical cryptography in the public sector by 2033, and it is so far on schedule. Red Hat Enterprise Linux already supports quantum-resistant communication out of the box. The European Union is proceeding more cautiously and with later targets, but with a broader scope – besides public administration it also aims at critical infrastructure. Several European projects are also underway, in which the team from Brno is actively involved.

Since this is open source, improvements created in one part of the world will in time reach everyone and post-quantum tools will spread naturally. The Brno engineering branch devotes a lot of effort to interoperability testing so that systems work together reliably. The recommendation is: start migrating as soon as possible so that today’s sensitive data will be worthless in the future to a would-be attacker. A surprise may also come on its own – for example, your SSH client may refuse to connect to a server that does not support post-quantum algorithms.