= Post-quantum cryptography
{tag=Cryptography}
{title2=PQC}
{wiki}
<Encryption algorithms> that run on <classical computers> that are expected to be resistant to <quantum computers>.
This is notably not the case of the dominant 2020 algorithms, <RSA (cryptosystem)> and <elliptic curve cryptography>, which are provably broken by <Grover's algorithm>.
However, as of 2020, we <provably quantum secure encryption algorithm>[don't have any proof that any symmetric or public key algorithm is quantum resistant].
Post-quantum cryptography is the very first quantum computing thing at which people have to put money into.
The reason is that attackers would be able to store captured <ciphertext>, and then retroactively break them once and if <quantum computing> power becomes available in the future.
There isn't a shade of a doubt that <intelligence agencies> are actively doing this as of 2020. They must have a database of how interesting a given source is, and then store as much as they can given some ammount of storage budget they have available.
A good way to explain this to <quantum computing skeptics> is to ask them:
\Q[If I told you there is a 5% chance that I will be able to decrypt everything you write online starting today in 10 years. Would you give me a dollar to reduce that chance to 0.5%?]
Post-quantum cryptography is simply not a choice. It must be done now. Even if the risk is low, the cost would be way too great.