Will a successful, large-scale cyberattack exploiting a known weakness in a post-quantum cryptography (PQC) algorithm be publicly reported before 2028?

PQC Security Breach: Post-Quantum Crypto Exploit by 2028

The global transition to Post-Quantum Cryptography (PQC)—algorithms designed to resist attacks from future, large-scale quantum computers—is already underway, driven by standardization efforts like those at NIST. This prediction is that a successful, large-scale cyberattack exploiting a known weakness (either in the algorithm itself or its implementation) of a PQC algorithm will be publicly reported before the end of 2028.

Implementation Failures and New Attack Vectors

This is not a prediction that a quantum computer will break PQC, but rather that flaws inherent to any new, complex cryptographic system will be discovered and exploited by classical computing methods. Potential vulnerabilities include:

• **Side-Channel Attacks:** Flaws in how the algorithm's implementation leaks information through power consumption or timing.
• **Protocol Failures:** Errors in integrating the PQC algorithm into existing internet protocols (TLS, SSH).
• **Algorithm Refinement:** Mathematical weaknesses discovered after the NIST selection but before wide-scale deployment is fully complete.

As the PQC algorithms move from academic theory to large-scale deployment, they become high-value targets. The 2028 deadline reflects the time it takes for security researchers and adversaries to reverse-engineer and find implementation bugs in newly standardized, complex codebases, leading to an inevitable, initial security failure.