Guest Post
By Dr. Sharmila S, Principal Scientist, Liminal Custody
Quantum computing is no longer just a far-off idea, it’s becoming a real strategic concern. While we don’t yet have those large-scale, fault-tolerant quantum machines, their future impact on cryptography is already compelling institutions to reconsider how they approach security, governance, and infrastructure resilience.
Consider digital asset custody. The question isn’t if quantum will matter. It already does. The real challenge is how institutions get ready—deliberately, pragmatically, and without disrupting their operations.
Quantum readiness is about looking ahead
It’s an opportunity for meaningful research and innovation. When institutions invest now in crypto-agile protocols, adaptable authorization models, and modular security frameworks, they’re not just preparing for quantum attacks; they’re creating systems that address current threats, fix implementation gaps, and keep pace with evolving regulations.
This isn’t just swapping out one cryptographic algorithm for another. It means rethinking how security evolves, making it more robust, more flexible, and better prepared for what’s next.
Transforming custody infrastructure isn’t something you do overnight. Major shifts in financial security happen gradually, over years. Think about the rollout of chip cards, hardware security modules, or multi-factor authentication; each took time, layering improvements and building a foundation. Quantum-ready custody will develop in the same way. The catch now? Waiting too long means taking on much greater risk.
Debunking the Myth
Let’s dispel a persistent myth: quantum computers won’t suddenly appear and instantly break all cryptographic security. It doesn’t happen in a single event.
Instead, it’s a gradual process. As computational power increases and attack techniques advance, even “provably secure” systems begin to weaken. Security doesn’t disappear overnight just because someone invents a new algorithm.
Think about RSA. As factoring algorithms improved and hardware got faster, we didn’t toss out RSA; we increased key sizes from 512 bits to 2048, then to 4096. The transition was managed incrementally, not catastrophically.
Just because Shor’s algorithm exists doesn’t mean attackers can crack production systems tomorrow. Like early factoring algorithms, it requires resources that aren’t available yet. The real threat to elliptic-curve cryptography (ECC) will appear as a gradual narrowing of security margins. As quantum technology progresses, attacks become more feasible, but it’s a continuum, not a sudden drop-off.
One key difference: you can’t just make ECC safer by increasing key sizes. At some point, everyone must move to new algorithms. That doesn’t mean it’s time to panic. The right strategy is an early, phased transition. Use hybrid models. Run pilot projects. Prepare your infrastructure so that as quantum computing advances, your systems remain secure and resilient.
The Post-Quantum Cryptography Landscape
Post-quantum cryptography is no longer just a distant concept. NIST is already advancing the field, moving several new algorithms toward official industry standards.
Certain names keep surfacing.
- CRYSTALS-Kyber leads as the primary post-quantum key exchange protocol, already appearing in secure messaging and TLS implementations.
- For digital signatures, CRYSTALS-Dilithium stands out, trusted for its strong security proofs and widespread institutional confidence.
- SPHINCS+ is the conservative pick, less dependent on untested assumptions and favored when long-term reliability is crucial, even if it’s somewhat slower.
- Falcon takes the opposite approach, prioritizing speed and compactness, though it introduces more complex implementation challenges.
- Then there are the hash-based signatures—XMSS and LMS—used in high-assurance environments where stateful signing is manageable and maximum caution is required.
Early pilots and research make it clear that quantum-safe cryptography is more than just hype. It works. But deploying it across real organizations isn’t a one-time upgrade. It’s a gradual process, involving long-term testing, standards development, and phased integration, starting now.
Why Custody Matters
Custodians are central to cryptographic security, compliance, and governance. They do more than safeguard assets; they define how institutions adjust to new risks. Unlike public blockchains, custody platforms can layer on additional defenses. You’ll see multi-party computation, hardware security modules, strict approval processes, granular permissions, and off-chain controls working together.
These measures aren’t just for current threats. They also build resilience against whatever quantum computing might bring in the future.
In this way, custodians act as shock absorbers. They absorb the impact of cryptographic changes and protect institutional users from disruption. Their ability to maintain stable operations, regardless of how quickly cryptography evolves, will determine the level of trust institutions place in digital assets in the years ahead.
Auditability and Privacy After Quantum
As cryptography evolves, two priorities rise above all: auditability and privacy. Auditability is foundational, especially during algorithm transitions. Regulators and institutions need to verify past transactions, governance actions, and authorization records, even as the cryptographic landscape changes.
At the same time, privacy cannot be neglected. Data encrypted today must remain secure, not just for a few years, but for decades, even as quantum computers advance.
Both auditability and privacy must be future-proofed, able to withstand changes in cryptographic algorithms. This requires durable records, encryption that endures future threats, and governance frameworks that stay transparent and verifiable as technology progresses.
What Institutions Should Do Now
You don’t have to replace all your cryptography overnight to prepare for quantum threats. What matters is forward-thinking.
Begin with crypto-agility. Build your systems so you can replace cryptographic components without a major overhaul. Experiment with hybrid setups, combining classical and post-quantum algorithms in less critical areas to understand their interaction. Take key management seriously: prioritize regular rotation, robust randomness, and strict lifecycle control. Invest in research and pilot programs. Participate in standards discussions. And stay close to your custody partners, ensure they have a concrete strategy for staying current with cryptographic changes.
These actions give you flexibility and time. When the environment shifts, you won’t be trapped; you can adapt.
This Is a Marathon
Quantum computing will alter the landscape, but not instantly. The real threat isn’t a sudden quantum breakthrough. It’s failing to get ready. History makes this clear. In finance, those who prepare ahead always fare better than those who delay. The same will apply here.
For digital asset custodians, readiness isn’t about predicting when quantum computers will arrive. It’s about ensuring your systems can change, without risking trust, compliance, or operational continuity.
Quantum readiness is a sign of maturity. It reveals whether an institution treats security as a mere requirement or as a living system, built to withstand whatever the future brings.
Author Bio:
Dr. Sharmila S is Principal Scientist at Liminal Custody, specialising in cryptography, custody architecture, and long-term security resilience for institutional digital assets. With deep experience in applied security research and secure systems engineering, she works at the intersection of academic rigor and real-world financial infrastructure. Her current work focuses on cryptographic agility, quantum readiness, and governance frameworks that enable secure, compliant digital asset custody at scale.
