The security of digital information depends on cryptographic systems that protect the confidentiality, integrity, and authenticity of data. For decades, algorithms such as RSA and elliptic curve cryptography (ECC) have provided that protection. However, these schemes are vulnerable to a type of computing that does not yet exist in operational form but is advancing rapidly: cryptographically relevant quantum computing. The question is no longer whether that capability will arrive, but when it will do so and whether organizations will be ready. The answer, based on analysis of multiple technical, governmental, and academic sources, is that the transition to post-quantum cryptography (PQC) can no longer be postponed.
Three factors converge to make delay a high-risk decision: the active harvesting of encrypted data by adversaries, a shortened timeline for relevant quantum computation, and the magnitude of a migration that will take years. These are joined by a regulatory environment that is beginning to set concrete deadlines. The first factor is the threat known as 'harvest now, decrypt later.' A quantum computer is not required for a communication encrypted today to be compromised in the future. It is enough for an adversary to intercept and store the traffic. This method is not theoretical. Intelligence agencies and actors with advanced technical capabilities can record government communications, financial transactions, corporate intellectual property, medical data, and any other type of information traveling under RSA or elliptic curve protection. Once a quantum computer with sufficient resources is available, that stored data can be decrypted. The age of the material will not be an obstacle: a secret that was supposed to remain protected for twenty or thirty years would be exposed retroactively.
The second factor is that the timeline for the appearance of a cryptographically relevant quantum computer has been significantly compressed. Forecasts that placed that milestone in the second half of the century have been replaced by estimates that place it within the next ten years. Dr. Michele Mosca of the Institute for Quantum Computing estimated a probability of one in seven that a relevant quantum computer will appear in 2026 and 50 percent by 2031. Google has set an internal deadline to complete its migration by 2029. The U.S. National Institute of Standards and Technology (NIST) has published its post-quantum transition roadmap, which envisions the progressive withdrawal of RSA and elliptic curve cryptography by 2030 and their total prohibition by 2035.
New research has revealed that 76.82 billion XRP from 5.6 million accounts would be at risk of access by quantum computers. The report was published by an XRP Ledger default Unique Node List (dUNL) validator known as Vet, who scanned all the existing 7.8 million XRP accounts. He found that 5.6 million accounts are quantum exposed. In this case, quantum exposed refers to any account that has signed at least one transaction, which has exposed its public key. Quantum safe accounts have never submitted a signed transaction to the public ledger. The researcher found that of the 76.82 billion XRP that's exposed, 96% is held by active accounts, meaning they have signed a transaction in the past year or so. These accounts are expected to migrate to quantum-secure wallet addresses once the technology launches to the masses. However, 3.83% of the exposed XRP, or 2.94% of the total XRP supply, remains dormant and has not been used for at least five years. A smaller share (0.03% of exposed accounts) was used once back when XRP launched in 2013 and has yet to make any transaction since.
With quantum computers being imminent, Ripple says it's leading the industry in transitioning to quantum-secure infrastructure. In a blog post two weeks ago, the company said XRPL has some building blocks that gives it an advantage. One is key rotation at the account level, which allows users to move on from vulnerable keys without changing their accounts. In most mainstream networks, users would need to move their assets to entirely new accounts. XRPL also offers seed-based key generation which offers 'deterministic derivation of new keys,' the company added. This allows users to generate new keys and manage them easily, making upgrade and transitions easier and more secure.
