US Government Mandates Transition to Post-Quantum Cryptography by 2035
Why is this Security meme funny?
Level 1: Changing the Locks
Imagine you have a secret message that you locked with a special lock, and only you have the key. Right now, almost everyone in the world uses these kinds of locks (in computers we call them encryption algorithms like RSA) to keep things like passwords, credit card info, and private chats safe. Now, picture hearing that in the future, a clever inventor might build a magic key that could open any of those locks really quickly – a bit like a master key that can open every door in the neighborhood. 😯 That “magic key” is like a super-powerful quantum computer that could break our current secret codes.
The writing on the image is basically the grown-up way of saying: “We need to change all our locks to new super-strong ones before that magic key is ready, and we should finish by the year 2035.” It’s coming from the government, telling all its departments to start this big lock-changing project so that our secrets stay safe. Why 2035? Well, that gives everyone time to make the switch (there are a LOT of locks to change!). It sounds a bit funny because 2035 is far in the future – like, you might be a full-grown adult by then! – so it feels both really serious and really far away.
Think of it like your teacher announcing, “In 10 years, a super genius kid will join the school who can crack every secret note. So by then, all of you should have invented a new secret language that the super genius can’t understand.” You’d probably giggle because, hey, ten years is a long time (and secret languages are hard!). But you also know it’s important to do it before that kid arrives. Chances are, some kids might procrastinate (imagine everyone scrambling the night before the new kid comes, trying to change all the diary locks 😜).
So, the emotional mix here is: it’s a bit scary (nobody wants their secrets exposed by a quantum super-key), a bit funny (such a huge task with a deadline that feels like “the future”), and oddly familiar if you’ve ever been told to do a big project way ahead of time. We laugh a little because we know human nature — people might delay until it’s almost too late — but we also understand why the change is needed. Just like you’d eventually get around to changing your locks if you heard a master key was coming to town, the tech world is gearing up (with some nervous laughter and determination) to change all the “locks” in our digital world before the quantum burglar shows up at the door.
Level 2: Time to Upgrade Crypto
Let’s break down what all this means in plainer terms, and why developers are buzzing about it. The key issue here is encryption – the tools and algorithms we use to keep data secret and secure. Right now, most secure systems (websites, banking apps, government databases, etc.) use standard public-key cryptography like RSA or Elliptic Curve Cryptography (ECC). For example, when you connect to a website over HTTPS, your browser might be using RSA or an ECC-based protocol to exchange keys securely. These methods are considered extremely secure against normal computers. Even the fastest classical computer would need billions of years to break a strong RSA encryption by brute force. That’s why, up until now, we’ve all felt safe using them to protect sensitive data privacy and communications.
However, along comes quantum computing – a new kind of computing that isn’t limited to the usual binary bits (0 or 1) but uses qubits that can be in superpositions (kind of like 0 and 1 at the same time, until observed). Quantum computers can process certain kinds of problems much more efficiently by leveraging phenomena like superposition and entanglement. They’re not magic; they won’t make all computations faster. But here’s the kicker: one of the problems they can speed up drastically is the math behind RSA and ECC. Specifically, a famous quantum algorithm (Shor’s algorithm) can factor large numbers really fast if you have a powerful enough quantum computer. Factoring large numbers is essentially how you break RSA encryption. So something that was unbreakable becomes breakable. Similarly, ECC’s underlying problem (discrete logarithms) can also be cracked by a similar quantum approach.
The term CRQC stands for Cryptographically Relevant Quantum Computer, which just means “a quantum computer that’s strong enough to actually threaten our cryptography.” Current quantum prototypes (like those 50-qubit or 100-qubit machines you hear about from IBM or Google) aren’t at that level yet — they’re far too small and error-prone to break RSA. But the government is looking ahead to the day when bigger, stabler quantum computers do exist. They don’t want to be caught off-guard when that day comes. That’s why they’re pushing something called Post-Quantum Cryptography (PQC). PQC, also known as quantum-resistant cryptography, refers to new encryption algorithms that are designed in such a way that even a quantum computer wouldn’t have an easy time cracking them.
So when the memo says “timely and equitable transition of cryptographic systems to quantum-resistant cryptography”, it means they want all federal agencies to switch out their current encryption algorithms (like RSA/ECC) for these new quantum-proof algorithms, and do it in time (timely) and everywhere (equitable across all systems). They’ve set 2035 as the goal. That might seem far off — over a decade away — but consider that the U.S. federal government is huge, with countless systems, some very old, spread across many agencies. Changing something as fundamental as encryption is a bit like changing the foundation of a skyscraper while people are still working inside. It needs careful planning, new tools, a lot of testing, and training people to use the new tech. Ten-ish years is actually a tight timeframe for such a massive overhaul.
To put it concretely, let’s say you’re a junior developer at a company that contracts with the government, and your application uses a library like OpenSSL for secure communications. Right now, you might call functions like RSA_encrypt() or use TLS and not worry about the details. In the coming years, you’ll start seeing new functions or algorithms pop up in those libraries, with names you might not recognize, like EVP_PKEY_kyber or Dilithium_sign() (these refer to some of the new PQC algorithms that have been proposed). Developers will have to learn how to use these, and understand their properties (for instance, a CRYSTALS-Kyber public key is about a kilobyte in size, which is much larger than an RSA key, so that can affect performance and network usage). It’s a learning curve — essentially a whole new generation of cryptographic tools to master.
Now, what exactly are these new algorithms? Without going too deep into the math, most of them are based on problems that even quantum computers probably can’t solve quickly. A big category is lattice-based cryptography. Imagine a multi-dimensional grid of points (that’s the lattice) and a problem of finding a very short vector in that lattice – it’s like finding a tiny needle in a huge haystack of points. We don’t know any quick way for quantum computers to solve that. Other approaches include things like code-based cryptography (using error-correcting codes in clever ways), hash-based signatures (using hash functions for making signatures), and more. These have weird-sounding names like Falcon, Rainbow, or SPHINCS+, but they all share the goal of being quantum-resistant. In 2022, NIST ran a big process and actually selected a first batch of algorithms to standardize for public use (Kyber, Dilithium, etc. that we mentioned). So the community has a roadmap — now it’s about implementation.
For a junior developer, a lot of these terms might be new. Here’s a quick glossary of the buzzwords in that image and context:
- PQC (Post-Quantum Cryptography): Encryption and security algorithms that are designed to be safe from attacks by quantum computers. Think of it as the next-gen crypto toolkit.
- CRQC (Cryptographically Relevant Quantum Computer): A quantum computer that’s powerful enough to actually break current cryptography. It’s the hypothetical super-hacker machine we worry about.
- NSM-10: Stands for National Security Memorandum 10. It’s basically a directive from high up (the White House/National Security Council) telling federal agencies what to do about a national security issue. In this case, NSM-10 is instructing them on dealing with quantum threats to cybersecurity.
- Public-key cryptography: A type of encryption that uses a pair of keys – one public (everyone can know it) and one private (keep secret). It’s used for things like sending secret messages (encryption) and digital signatures. RSA and ECC are examples. These are the ones at risk from quantum attacks.
- Symmetric cryptography: Another type of encryption using the same key for encryption and decryption (like a password). Algorithms like AES (Advanced Encryption Standard) fall here. The good news is, AES and similar symmetric ciphers aren’t busted by quantum computers in one shot like RSA; quantum techniques (like Grover’s algorithm) can speed up cracking symmetric keys some, but not completely break them — the rule of thumb is you might need to double the key length to stay safe (e.g., AES-256 instead of AES-128). So symmetric crypto is less of a worry; the memo is really about the asymmetric/public-key stuff.
- 2035 deadline: This is the target year by which the government wants the transition completed. It’s a policy goal, not a magically hard cutoff where things explode, but it signals urgency. If agencies drag their feet, they’ll be going against official orders and also leaving themselves (and citizens’ data) vulnerable.
Below is a quick comparison for clarity on what needs changing and what might not:
| Encryption Method | Used For | Vulnerable to Quantum? | Plan by 2035 |
|---|---|---|---|
| RSA (e.g. 2048-bit) | Secure websites, VPNs, etc (public-key encryption, digital signatures) | Yes ❌ (Shor’s algorithm can break it) | Replace with PQC (e.g. lattice-based schemes like Kyber for encryption or Dilithium for signatures) |
| Elliptic Curve (ECC) | Modern secure protocols (smaller key public-key crypto) | Yes ❌ (Also broken by a quantum computer with Shor’s) | Replace with PQC (e.g. alternatives from NIST PQC standards) |
| AES-256 (symmetric) | Data encryption (files, VPN tunnels, etc) | Mostly No ✔️ (Grover’s algorithm gives only a quadratic speedup, so doubling key size helps) | Continue using, maybe prefer AES-256 over AES-128 for extra safety |
| SHA-256/SHA-3 (hashing) | Data integrity, signatures (part of many schemes) | No ✔️ (Quantum makes finding collisions slightly easier but not catastrophic) | Continue using, possibly larger hashes if needed (SHA-256 is okay, SHA-512 even safer) |
| New PQC algorithms (Kyber, etc.) | Secure communication and signatures in a post-quantum world | No ✔️ (Designed to withstand quantum attacks) | Adopt and implement (testing now, deploy gradually so fully in place by 2035) |
As you can see, the big red flags are RSA and ECC — those are everywhere, from how your browser establishes a secure connection, to how software updates are verified, to how emails are encrypted. PQC migration means swapping those out for the algorithms in that last row. That’s a big change. It’s like if everyone in the world who uses locks suddenly had to switch to a new kind of lock because someone is about to invent a master key. In fact, that lock analogy is exactly how you might think of it: today’s encryption algorithms are our locks on information, and quantum computing threatens to create a skeleton key that opens them. So we need new locks that that key can’t open.
For junior devs and anyone new to this topic, the meme might seem dry at first (just text from a policy memo). But the reason tech folks share it with a wry smile is because it represents a huge upcoming challenge in cybersecurity. If you’re early in your career, this is actually an opportunity: learning about quantum computing concepts and new cryptography algorithms now will put you ahead of the curve. It’s not often that we get a heads-up years in advance about a seismic shift in our field. There’s already work to do – companies and agencies are starting to inventory where they use crypto, testing out PQC libraries (some are available experimentally), and keeping an eye on standards from bodies like NIST.
Also, don’t be surprised if you start hearing your senior colleagues joke about “quantum-proofing” or the "2035 crypto deadline." It’s half-joking, half-serious. They joke because it feels far away and a bit overwhelming; it’s serious because ignoring it could mean big trouble later on. It’s similar to how people might have joked in 2010 about the year 2038 problem (when 32-bit Unix time overflows) – “ha ha, that’s so far off” – and now it’s only 14 years away and very real. Tech has these cycles of complacency and scramble. The government is trying to avoid a last-minute scramble by pushing everyone to start now on quantum-safe cryptography. And by “everyone,” that includes companies that do business with the government, and likely eventually the broader internet standards too. So yes, even as a junior dev outside of government, this will probably affect you down the line (through updates to libraries, protocols like TLS 1.4 perhaps including PQC, new versions of programming languages supporting PQC primitives, etc.).
In short, the meme’s text might look formal, but it’s basically saying: “Heads up, tech world: our current security locks (RSA/ECC) have an expiration date thanks to quantum computers, and that date is sooner than you think. Let’s get moving on the next-gen locks (PQC) so we’re safe by the time the quantum master key arrives.” It’s a mix of exciting (quantum tech and new crypto! cool science!) and daunting (so much code and hardware to change! oh no!). The developer community finds humor in the situation because we recognize the pattern: big technological shifts always come with a bit of chaos and last-minute heroics, even if we have a decade of warning.
Level 3: Cryptopocalypse 2035
For seasoned developers and security engineers, this “meme” hits close to home because it combines a serious mandate with a far-off deadline in a way that’s ironically familiar. The government has essentially declared 2035 as the “drop-dead” date for upgrading to quantum-safe cryptography across all federal systems. On the surface, 2035 feels like ages away (who knows what programming language or JavaScript framework we’ll be using by then, right? 😅), but in enterprise and government terms, it’s alarmingly soon. Large organizations — especially federal agencies with heaps of legacy systems — move slowly. Think of some federal database running code from the 90s or a Cobol service still humming along; now imagine telling them, “Oh by the way, you need to replace all your encryption under the hood.” It’s the kind of herculean task that makes even senior engineers break a sweat.
This creates a sort of dark comedic effect. It’s reminiscent of the Y2K scramble or the ongoing saga of IPv6 adoption. Remember Y2K? Everyone in the late ‘90s was rushing to fix date formats because the year 2000 was a hard deadline — literally a clock change that could break systems. Here we have another ticking clock, but driven by quantum computing advancements rather than calendar arithmetic. Some security folks have nicknamed this countdown “Y2Q” (Year to Quantum), marking the moment our current encryption fails. Getting a memo like NSM-10 is like déjà vu: it formalizes what’s been an abstract threat into a project with a due date. 2035 might as well be tomorrow in terms of budgeting, staffing, and executing a full PQC migration. Seasoned engineers know how these things go: you’ll likely see years of committees, working groups, and “crypto inventory” spreadsheets before a single line of code gets changed. There’s humor in imagining the frantic all-hands meetings in, say, 2033, when suddenly everyone realizes the deadline is around the corner—classic procrastination on a bureaucratic scale. As one might joke, “We have plenty of time, let’s schedule the big migration for Q4 2034 after the holiday code freeze!” — a tongue-in-cheek reference to how teams sometimes push off upgrades until it’s almost too late.
From a senior perspective, the quote in the image is chock-full of keywords that trigger memories (and mild PTSD). “Existing public standards for public-key cryptography” – that means RSA, Diffie-Hellman, ECDSA, all the stuff we’ve built our secure internet on. The memo is basically saying: every system using RSA or ECC is a ticking time bomb once quantum hits. If you’ve been in security, you’ve probably followed this topic for a while: it’s not the first time you’ve heard “quantum-resistant cryptography”. But seeing an official policy with a hard date – that’s new. It validates the concern (no more debating with upper management whether quantum risk is real or just academic; the White House literally put out a mandate). Yet it also dumps a mountain of work on architects and developers: inventory every algorithm, update libraries, ensure compatibility, retrain teams, possibly even replace hardware (older smart cards, TPMs, or encrypted radios might not be firmware-upgradable to new algorithms). It’s a classic case of “easier said than done.”
Let’s talk about why this is a big deal in practice. Migrating cryptographic systems is often compared to changing the engine of a jet while it’s flying. You can’t just pause all federal systems and overhaul their encryption algorithms overnight. There are layers of dependencies: protocols like TLS, secure email (S/MIME), VPNs, database encryption, code signing, you name it. All of them rely on underlying crypto libraries (OpenSSL, BoringSSL, hardware HSMs, JCE in Java, etc.). Those libraries in turn rely on standards (like RSA, AES, etc.). Swapping out RSA for a lattice-based algorithm, for example, might mean the new keys are larger, the computations are slower or use more memory, and some protocols might not initially support that size or format. If you’re a senior dev, you’ve lived through similar transitions on a smaller scale — say, migrating from SHA-1 to SHA-256 for certificates when SHA-1 was deprecated, or upgrading from TLS 1.1 to TLS 1.2/1.3. Those were painful enough, and those were incremental changes! Moving to entirely new math is a whole other level. There will be compatibility issues where old clients can’t talk to new servers if they don’t agree on a common algorithm. There will be vendors that no longer exist to update their products, meaning agencies might have to replace entire systems because some firewall or VPN appliance from 2010 can’t get a firmware patch for PQC. It’s the technical debt of cryptography come due. And senior folks know how technical debt payments tend to go: often last-minute and over-budget.
The humor here isn’t belly-laugh humor; it’s a knowing smirk. It’s the kind of inside joke that combines a bit of fear, a bit of exasperation, and a touch of “here we go again.” We’re essentially laughing at our own tendency to procrastinate giant fixes and the inevitability of the scramble. The quote even uses bureaucratic language like “timely and equitable transition” — which in real life translates to “we need to hustle, and we can’t leave anyone behind, even the small agencies with ancient systems.” A senior dev or architect can practically hear the future conference calls and see the PowerPoint slides titled “PQC Migration Strategy Q1 2030 Update”. 😄
Also, notice the memo’s authoritative tone: “the United States must prioritize...” This is high-level policy speaking, but down in the engineering trenches, we know who actually has to “prioritize” it — the sysadmins, the infosec teams, the software developers. They’ll be the ones patching libraries, testing new algorithms, and fielding bug reports when something doesn’t work after an upgrade. Ever dealt with a minor version bump that broke half your integration tests? Now imagine swapping out the fundamental crypto primitives – that’s bound to produce some hair-pulling moments. The security community has been urging action on quantum threats for years, but broad awareness among general developers is low. This meme’s underlying joke is partly, “Hey devs, guess what? Another massive refactor is on the horizon, and this one has a deadline set by the President.”
In summary, for those of us with experience, this image evokes a mix of “finally, they’re taking it seriously” and “oh boy, time to buckle up for a decade of crypto migrations.” We find it slightly funny because of the surreal scale of the task (like being told to replace every lock in every building you manage, by a certain date, because a master key is coming). It’s an absurdly big ask that we know will involve countless meetings, memos, and late-night deployments. The year 2035 will likely become a running joke (“Only 10 more years to procrastinate that PQC update!”). But it’s also a real concern. In true gallows-humor fashion, we chuckle because it’s daunting — sometimes the best way to deal with an impossibly huge project is to make memes about it, then get to work… slowly, and all at once.
Level 4: Quantum Crunch Time
At the cutting edge of cryptography and quantum computing, this excerpt highlights a looming collision between classical security and quantum capability. It’s essentially describing the countdown to the so-called cryptopocalypse – the day a powerful quantum computer can easily break our current encryption. Technically, what's going on here is all about Public-Key Cryptography (like RSA and ECC) versus Shor’s algorithm running on a future CRQC (Cryptographically Relevant Quantum Computer).
In classical terms, RSA’s security comes from the prime factoring problem being astronomically hard for normal computers (it might take longer than the age of the universe to factor a 2048-bit number by brute force). Similarly, ECC (elliptic curve cryptography) relies on the difficulty of the discrete logarithm problem. These are examples of one-way functions: easy to do (multiply two primes, compute a point on a curve) but extremely hard to undo without the secret key. However, a sufficiently advanced quantum computer changes the equation. Shor’s algorithm, discovered in 1994, showed that a quantum machine with enough stable qubits can factor large numbers and solve discrete logs in polynomial time. In other words, a CRQC could, in theory, crack RSA-2048 or break elliptic-curve encryption exponentially faster than any classical computer, rendering our current public-key standards like RSA/AES combos or ECC-based protocols vulnerable.
The memorandum’s warning uses the term CRQC very deliberately: it means a quantum computer that has enough qubits and low error rates to actually attack real world cryptography. We’re not talking about the small 100-qubit experimental devices we have today, but a future machine with perhaps millions of physical qubits (~ thousands of error-corrected logical qubits) capable of running complex algorithms reliably. The year 2035 is essentially a policy guess at when such quantum supremacy might become a practical threat. There’s an implicit strategy here: “harvest now, decrypt later.” Adversaries could be intercepting encrypted data today and storing it, betting that by 2035 (or whenever a CRQC is available) they can decrypt it. This especially endangers long-term secrets (think state secrets, long-lived personal data, or anything meant to stay confidential for decades). That’s why the memo insists on a proactive migration: it’s not enough to worry once quantum computers exist; we must future-proof our cryptography now so that even data being encrypted today won’t be readable by quantum attacks tomorrow.
Enter Post-Quantum Cryptography (PQC) – the star of this show. PQC refers to new cryptographic algorithms designed to be resistant to quantum attacks, relying on mathematical problems that even quantum computers (as far as we know) can’t easily solve. For example, some of the leading PQC candidates are based on lattice problems (like the Learning With Errors problem underlying algorithms such as CRYSTALS-Kyber for encryption, and CRYSTALS-Dilithium for digital signatures), as well as hash-based, code-based, or multivariate polynomial problems. These don’t have known efficient quantum-solving algorithms like Shor’s. In 2022, after years of competitions and research, NIST (the National Institute of Standards and Technology) actually selected a first batch of such quantum-resistant algorithms to standardize. But migrating to them is non-trivial: they often have larger key sizes or signature sizes, different performance profiles, and require updating protocols and software libraries that have been built around RSA/ECC for decades.
From a theoretical perspective, this is a fascinating convergence of computer science and physics. The memo essentially acknowledges a fundamental limit: our current cryptosystems hinge on problems believed to be hard in classical complexity classes (like NP or sub-exponential time problems), yet those problems fall into BQP (bounded-error quantum polynomial time) for quantum machines. The very mathematical one-way functions we trusted (factoring, discrete log) are not one-way in a quantum world. So we’re witnessing a paradigm shift in security akin to a new scientific revolution – cryptography must be re-grounded on problems outside the reach of quantum algorithms. Researchers have been exploring these since the mid-2000s, but now this National Security Memorandum 10 (NSM-10) is putting real weight behind them, effectively saying: “By 2035, the U.S. wants all its Federal systems using cryptography that won’t be broken by quantum computers.” It’s both a technical moonshot and a massive coordination challenge. The humor (for those of us deep in the field) comes from the sheer gravity and inevitability of it: we knew this was theoretically coming ever since quantum algorithms were discovered, but seeing a formal deadline in print makes it all the more real (and yes, a bit surreal) – like reading a memo that says “Dear team, please finish solving a sci-fi level problem within the next decade!”.
Description
This image displays a block of text from a formal document. The text is black on a plain white background. It begins by stating, 'National Security Memorandum 10 (NSM-10) establishes the year 2035 as the primary target for completing the migration to PQC across Federal systems [NSM10]:'. This is followed by a direct quote, which reads: 'Any digital system that uses existing public standards for public-key cryptography, or that is planning to transition to such cryptography, could be vulnerable to an attack by a Cryptographically Relevant Quantum Computer (CRQC). To mitigate this risk, the United States must prioritize the timely and equitable transition of cryptographic systems to quantum-resistant cryptography, with the goal of mitigating as much of the quantum risk as is feasible by 2035.' The content is not a meme but a serious directive. It addresses the future threat posed by quantum computers to current encryption standards. For senior software engineers, this is highly relevant as it signals a major, inevitable, and complex migration of fundamental security infrastructure that will unfold over the next decade, eventually impacting all secure digital systems
Comments
7Comment deleted
2035 gives us just enough time to form a committee to decide on a standard, argue about it for ten years, and then give engineers a frantic 18-month deadline to migrate every system ever written
NSM-10 says “quantum-safe by 2035,” which is just enough runway to debate if Kyber keys fit in our 80-byte COBOL records, request an MTU increase, and draft the waiver for when the mainframe still refuses to link lattice math
"2035 is the new Y2K, except this time the consultants actually know what they're talking about and the threat is real... which somehow makes the budget meetings even more painful."
Nothing says 'we're taking this seriously' quite like a government setting a deadline 11 years out for a cryptographic migration - just enough time for three complete rewrites of the migration tooling, two vendor lock-in cycles, and one 'emergency' six-month extension when everyone realizes in 2034 that COBOL mainframes don't have a quantum-resistant mode
2035 PQC deadline: Because even national security treats crypto tech debt like a 10-year refactor epic
2035 sounds generous until you remember harvest-now-decrypt-later already started - and those Kyber/Dilithium cert chains will teach your MTU-tuned TLS middleboxes some humility
Nothing ages a platform roadmap faster than NSM‑10: we now have until 2035 to redo PKI with hybrid KEMs, upgrade HSM firmware, rotate every cert, and convince procurement that this isn’t the blockchain kind of crypto