Cryptographers are engaged in a race against a computer that doesn't fully exist yet. Quantum computers will, when sufficiently large and reliable, break the public-key cryptography that secures most internet communications today — HTTPS, SSH, PGP, Signal, and more. NIST finalized post-quantum replacement standards in August 2024. The migration has started. Here's what's actually at stake and where things stand. The security of RSA and elliptic-curve cryptography (ECC) rests on mathematical problems that are computationally hard on classical computers. RSA relies on the difficulty of factoring large integers. ECC relies on the hardness of the elliptic-curve discrete logarithm problem. Both problems are efficiently solvable by a quantum computer running Shor's algorithm — a quantum algorithm published by Peter Shor in 1994. "Efficiently solvable" means polynomial time rather than exponential time.…