Introduction

The answer to the questions in the subtitle of the article is easy to say, watch the video, it’s worth a thousand words.

I do not want to go back to what has already been indicated in I have nothing to hide nor to the encryption issues discussed in From occult steganography to C2PA . If the arguments about quantum computers represent philistine things with respect to everyday reality and if you believe that these arguments are just background noise, useless trifles, if you aren’t indignant at the foolishness of the advertising sponsored by EDENRED1 with Mago Forest and Gialappa’s Band, then you haven’t read The meal voucher scam and App Update Privacy Awareness Edenred Case Study this article is really not for you!

Don’t worry, I will do my best to make the topic more accessible, explaining it in a simple and conversational way despite its complexity.

Let’s start with a bang, yes

Quantum vulnerability does not represent a simple isolated technical problem, but rather a concrete threat to the entire global digital infrastructure. Classical algorithms, such as Diffie-Hellman2, RSA3, ECC4 that currently protect every aspect of our digital life, will become instantly obsolete as quantum computers reach technological maturity.

These algorithms constitute the backbone of digital security: they guarantee, for example, secure access to computer systems SSH, VPN, end-to-end encryption, TLS/SSL digital certificates for the transport of information over the Internet, electronic signatures, encrypted emails and the same encryption used with the very popular PGP/GPG keys, smart cards and hardware tokens.

Their influence also extends to the entire cryptocurrency ecosystem, where Bitcoin and Ethereum rely on the ECDSA (Elliptic Curve Digital Signature Algorithm) algorithm to generate addresses and validate transactions. Mobile devices, the Internet of Things IoT, and long-range communications networks such as LoRa, used by projects such as Meshtastic and MeshCore, are also entirely dependent on these technologies to operate securely.

The HNDL Threat - Harvest Now, Decrypt Later

The danger is present and immediate: malicious actors are already collecting and storing sensitive encrypted data today, waiting to be able to decipher it in the future with the advent of quantum computing.

The collect now, decipher later strategy is used not only by cybercriminals but also in the forensic field for a possible review of incomplete judicial decisions compared to the sources available at the time of their assessment.

Let’s summarize the scope of the problem:

  1. Government and military communications
  2. Healthcare and generic data.
  3. Financial records and long-term contacts.
  4. Intellectual property and trade secrets.
  5. Legal communications.
  6. Personal data.
  7. Cloud storage and backup.
  8. App and IoT messaging.

Roadmap for transacting cryptographic algorithms

The NIST5 IR 8547 Transition to Post-Quantum Cryptography Standards document is of fundamental relevance in the modern cybersecurity landscape. This report highlights a clear roadmap towards post-quantum cryptographic (PQC) solutions.

Quantum-vulnerable key-establishment schemes

Key Establishment SchemeParametersTransition
Finite Field DH and MQV112 bits of security strengthDeprecated after 2030
Disallowed after 2035
Finite Field DH and MQV≥ 128 bits of security strengthDisallowed after 2035
Elliptic Curve DH and MQC112 bits of security strengthDeprecated after 2030
Disallowed after 2035
Elliptic Curve DH and MQC≥ 128 bits of security strengthDisallowed after 2035
RSA112 bits of security strengthDeprecated after 2030
Disallowed after 2035
RSA≥ 128 bits of security strengthDisallowed after 2035

We are ready: we migrate to PQC encryption

What you need to do:

  1. Move to PQC encryption through planning to replace weak algorithms.
  2. Delete all old backups, eliminating any possible attack surface.
  3. Only use computers with the Linux operating system, throwing Windows and Mac out of business.
  4. Use only free software.

The software is within everyone’s reach and age I talked about it in the article It’s spelled age and pronounced aghe from version v1.3.0 it has been updated to the generation of post quantum keys.

The GO programming language used for age development, from version 1.24 introduced the possibility of adopting the Post-Quantum Cryptography package NIST FIPS 203 .

StandardNIST FIPSDescription
ML-KEM-768FIPS 203Key encapsulation mechanism
ML-KEM-1024FIPS 203Variant with increased security

Let’s create a private key pq

The in age -pq directive allows you to generate post-quantum hybrid ML-KEM-768 + X25519 key pairs. Note that the length of the public key is approximately 2000 characters is shown in the terminal, the key.txt file saved in the filesystem also contains the private key in clear text.

# create and save the key pair
age-keygen -pq -o key.txt

Let’s project ourselves into the future and create the lorem ipsum pq

We have the file called lorem_ipsum.txt we have the key pair (public+private) in the key.txt file let’s see step by step how to encrypt our text in post-quantum mode.

# we save the private key by extracting it from key.txt
echo "# key - post-quantum public key" > recipient.txt
age-keygen -y key.txt >> recipient.txt

# we encrypt the text contained in lorem_ipsum.txt
age -e -R recipient.txt -a lorem_ipsum.txt > lorem_ipsum.age

age-inspect

Keys cannot be used together, and rightly so, when recipients have mixed keys, such as post-quantum and traditional ones. Therefore, if you use multiple recipients, it may not be clear with which private key the message can be decrypted. At this point age-inspect intervenes, providing more information on the type of encryption adopted.

# age file analysis
age-inspect lorem_ipsum.age

Let’s decipher pq

# to decrypt the example file
age -d -i key.txt lorem_ipsum.age > decrypt.txt

# to decrypt the sample file by viewing in the terminal
age -d -i key.txt lorem_ipsum.age

  1. EDENRED (until 2010 Accor Services), is a multinational company operating in the sector of services for businesses, the public sector and private individuals source . News ANSA of 03/26/2026, Antitrust begins investigation into Edenred meal vouchers. News ANSA of 02/21/2024, Fraud in meal vouchers, the leaders of Endered Italia under investigation↩︎

  2. Diffie-Hellman , the original idea dates back to Ralph Merkle, in 1976. From this assumption, Whitfield Diffie and Martin Hellman (DH) developed both a theoretical and practical analysis to allow two parties to exchange a secret key through an insecure communication channel. The problem initially appears paradoxical: how is it possible to establish a shared secret without a protected channel? Despite this apparent contradiction, Diffie and Hellman demonstrated the feasibility of the approach. In addition to formalizing the theoretical foundations of asymmetric key cryptographic systems, I will propose a concrete algorithm to implement them. However, a structural limit remained: the problem of exchanging secret keys is not eliminated in asymmetric systems, but rather transformed and replaced with the need to certify public keys. ↩︎

  3. RSA , about a year after the publication of Diffie and Hellman’s pioneering work, three MIT researchers, Ron Rivest, Adi Shamir and Leonard Adleman, proposed a new public key algorithm that would take their name: RSA. The fundamental difference compared to the DH protocol lies in the operational functionality. While the DH algorithm was designed exclusively for the secure exchange of a secret key (a key agreement mechanism), the RSA algorithm introduces the ability to directly encrypt the message (or generate digital companies). In other words, with DH the two parties agree on a secret which then must be used by a symmetric algorithm to protect the data. ↩︎

  4. ECC Elliptic Curve Cryptography, was proposed in 1985 by Neal Koblitz and Victor Miller, who exploited the discrete logarithm problem on elliptic curves. ECC exploits the difficulty of the discrete logarithm problem on the points of an elliptic curve. This allows you to obtain the same level of security with much shorter keys offering comparable security to an RSA key, thus reducing computational consumption and the necessary bandwidth. ↩︎

  5. NIST, National Institute of Standards and Technology is an American physical scientific laboratory founded in 1901, part of the United States Department of Commerce. It is one of the oldest scientific research institutions in the country, establishing measurement standards that support industry and technological innovation in the United States. ↩︎