28.11.2025 Technology Insights

Quantum Computers: Taurus is Ready

By Jean-Philippe Aumasson, Chief Security Officer, Taurus

When clients ask if Taurus is prepared for the quantum computing risk, I start with two points:

  1. I’ve been studying quantum computing and post-quantum cryptography long before it became a headline topic, and since 2016 I’ve been giving talks about it. I eventually co-authored SLH-DSA (FIPS 2025), now part of NIST’s post-quantum signature standards. 
  2. Are Bitcoin and Ethereum quantum-safe? Not yet.

Let me briefly elaborate.

What is quantum computing

Quantum computing was imagined by Richard Feynman and other physicists around 1981. It’s not faster computing, it’s different computing. It could solve certain math problems that classical computers can’t—again, not by doing the same thing faster, but by exploiting quantum mechanical phenomena.

Two such problems are factoring and discrete logarithms. Because these are practically impossible to solve with classical computers, the public-key cryptography behind TLS, ECDSA, and most VPNs is secure. A quantum computer large enough to break those problems doesn’t exist. As of 2025 there are only miniature, useless quantum computers (don’t believe press releases saying the contrary). Research may or may not deliver a large quantum computer, but if it does it will be a disaster. 

Enters post-quantum cryptography (PQC), designed to resist any quantum algorithms. Think of PQC as an insurance against a risk. That's why NIST issued standards.

You likely have many questions. You may find answers in my recent publications:

What Taurus did 

We started our quantum-readiness work in 2021. Not because regulators asked but because we can’t ignore the risk—just like any high-impact scenario in our BCP. I’ve been advocating for PQC transition for years and advised various private and public organizations, so of course Taurus is ready.

Concretely:

  • Crypto inventory and priorization: In 2022 we reviewed all the places where Taurus uses cryptography and identified which ones must migrate first.
  • Post-quantum VPN connectivity: Our infrastructure runs post-quantum hybrid key exchange, protecting confidentiality even against “store-now, decrypt-later” attacks.
  • Quantum-immune backups: Our long-term backups, including databases and digital asset keys, rely only on quantum-safe cryptography. 
  • PQC in our policies: The standards ML-DSA, SLH-DSA, ML-KEM as well as hybrid modes and key lifecycle requirements are already defined in our key management and cryptography policy .
  • Taurus-PROTECT designed for PQ integration: the API, key-derivation logic, and signing modules can accommodate PQC signatures and PQC/hybrid KEMs the moment blockchains support them. This is sometimes called “crypto agility.”
  • Outreach and awareness: in 2023 we published articles on quantum risk assessment and the post-quantum tech landscape, and presented at the BlackAlps conference on proactive mitigation measures.  

This isn’t just a roadmap, it’s deployed, audited infrastructure. We’re not full post-quantum yet—no company is—because:

  1. Blockchains are not, so custodians can’t unilaterally switch.
  2. Standards across TLS, SSH, JWT, KMS, and SDKs haven’t converged, making compatibility the real bottleneck.
  3. Compatibility and interoperability is limited by hardware vendors, partners, and clients.

Recap and references

The quantum timeline is uncertain, but we’re ready whatever happens. Be wary of exaggerated claims from vendors and quantum computing companies. 

To understand and address the risk, see:



28.11.2025 Technology Insights

Quantum Computers: Taurus is Ready

By Jean-Philippe Aumasson, Chief Security Officer, Taurus

When clients ask if Taurus is prepared for the quantum computing risk, I start with two points:

  1. I’ve been studying quantum computing and post-quantum cryptography long before it became a headline topic, and since 2016 I’ve been giving talks about it. I eventually co-authored SLH-DSA (FIPS 2025), now part of NIST’s post-quantum signature standards. 
  2. Are Bitcoin and Ethereum quantum-safe? Not yet.

Let me briefly elaborate.

What is quantum computing

Quantum computing was imagined by Richard Feynman and other physicists around 1981. It’s not faster computing, it’s different computing. It could solve certain math problems that classical computers can’t—again, not by doing the same thing faster, but by exploiting quantum mechanical phenomena.

Two such problems are factoring and discrete logarithms. Because these are practically impossible to solve with classical computers, the public-key cryptography behind TLS, ECDSA, and most VPNs is secure. A quantum computer large enough to break those problems doesn’t exist. As of 2025 there are only miniature, useless quantum computers (don’t believe press releases saying the contrary). Research may or may not deliver a large quantum computer, but if it does it will be a disaster. 

Enters post-quantum cryptography (PQC), designed to resist any quantum algorithms. Think of PQC as an insurance against a risk. That's why NIST issued standards.

You likely have many questions. You may find answers in my recent publications:

What Taurus did 

We started our quantum-readiness work in 2021. Not because regulators asked but because we can’t ignore the risk—just like any high-impact scenario in our BCP. I’ve been advocating for PQC transition for years and advised various private and public organizations, so of course Taurus is ready.

Concretely:

  • Crypto inventory and priorization: In 2022 we reviewed all the places where Taurus uses cryptography and identified which ones must migrate first.
  • Post-quantum VPN connectivity: Our infrastructure runs post-quantum hybrid key exchange, protecting confidentiality even against “store-now, decrypt-later” attacks.
  • Quantum-immune backups: Our long-term backups, including databases and digital asset keys, rely only on quantum-safe cryptography. 
  • PQC in our policies: The standards ML-DSA, SLH-DSA, ML-KEM as well as hybrid modes and key lifecycle requirements are already defined in our key management and cryptography policy .
  • Taurus-PROTECT designed for PQ integration: the API, key-derivation logic, and signing modules can accommodate PQC signatures and PQC/hybrid KEMs the moment blockchains support them. This is sometimes called “crypto agility.”
  • Outreach and awareness: in 2023 we published articles on quantum risk assessment and the post-quantum tech landscape, and presented at the BlackAlps conference on proactive mitigation measures.  

This isn’t just a roadmap, it’s deployed, audited infrastructure. We’re not full post-quantum yet—no company is—because:

  1. Blockchains are not, so custodians can’t unilaterally switch.
  2. Standards across TLS, SSH, JWT, KMS, and SDKs haven’t converged, making compatibility the real bottleneck.
  3. Compatibility and interoperability is limited by hardware vendors, partners, and clients.

Recap and references

The quantum timeline is uncertain, but we’re ready whatever happens. Be wary of exaggerated claims from vendors and quantum computing companies. 

To understand and address the risk, see:



Brand

28.11.2025 Technology Insights

Quantum Computers: Taurus is Ready

By Jean-Philippe Aumasson, Chief Security Officer, Taurus

When clients ask if Taurus is prepared for the quantum computing risk, I start with two points:

  1. I’ve been studying quantum computing and post-quantum cryptography long before it became a headline topic, and since 2016 I’ve been giving talks about it. I eventually co-authored SLH-DSA (FIPS 2025), now part of NIST’s post-quantum signature standards. 
  2. Are Bitcoin and Ethereum quantum-safe? Not yet.

Let me briefly elaborate.

What is quantum computing

Quantum computing was imagined by Richard Feynman and other physicists around 1981. It’s not faster computing, it’s different computing. It could solve certain math problems that classical computers can’t—again, not by doing the same thing faster, but by exploiting quantum mechanical phenomena.

Two such problems are factoring and discrete logarithms. Because these are practically impossible to solve with classical computers, the public-key cryptography behind TLS, ECDSA, and most VPNs is secure. A quantum computer large enough to break those problems doesn’t exist. As of 2025 there are only miniature, useless quantum computers (don’t believe press releases saying the contrary). Research may or may not deliver a large quantum computer, but if it does it will be a disaster. 

Enters post-quantum cryptography (PQC), designed to resist any quantum algorithms. Think of PQC as an insurance against a risk. That's why NIST issued standards.

You likely have many questions. You may find answers in my recent publications:

What Taurus did 

We started our quantum-readiness work in 2021. Not because regulators asked but because we can’t ignore the risk—just like any high-impact scenario in our BCP. I’ve been advocating for PQC transition for years and advised various private and public organizations, so of course Taurus is ready.

Concretely:

  • Crypto inventory and priorization: In 2022 we reviewed all the places where Taurus uses cryptography and identified which ones must migrate first.
  • Post-quantum VPN connectivity: Our infrastructure runs post-quantum hybrid key exchange, protecting confidentiality even against “store-now, decrypt-later” attacks.
  • Quantum-immune backups: Our long-term backups, including databases and digital asset keys, rely only on quantum-safe cryptography. 
  • PQC in our policies: The standards ML-DSA, SLH-DSA, ML-KEM as well as hybrid modes and key lifecycle requirements are already defined in our key management and cryptography policy .
  • Taurus-PROTECT designed for PQ integration: the API, key-derivation logic, and signing modules can accommodate PQC signatures and PQC/hybrid KEMs the moment blockchains support them. This is sometimes called “crypto agility.”
  • Outreach and awareness: in 2023 we published articles on quantum risk assessment and the post-quantum tech landscape, and presented at the BlackAlps conference on proactive mitigation measures.  

This isn’t just a roadmap, it’s deployed, audited infrastructure. We’re not full post-quantum yet—no company is—because:

  1. Blockchains are not, so custodians can’t unilaterally switch.
  2. Standards across TLS, SSH, JWT, KMS, and SDKs haven’t converged, making compatibility the real bottleneck.
  3. Compatibility and interoperability is limited by hardware vendors, partners, and clients.

Recap and references

The quantum timeline is uncertain, but we’re ready whatever happens. Be wary of exaggerated claims from vendors and quantum computing companies. 

To understand and address the risk, see:



Brand

28.11.2025 Technology Insights

Quantum Computers: Taurus is Ready

By Jean-Philippe Aumasson, Chief Security Officer, Taurus

When clients ask if Taurus is prepared for the quantum computing risk, I start with two points:

  1. I’ve been studying quantum computing and post-quantum cryptography long before it became a headline topic, and since 2016 I’ve been giving talks about it. I eventually co-authored SLH-DSA (FIPS 2025), now part of NIST’s post-quantum signature standards. 
  2. Are Bitcoin and Ethereum quantum-safe? Not yet.

Let me briefly elaborate.

What is quantum computing

Quantum computing was imagined by Richard Feynman and other physicists around 1981. It’s not faster computing, it’s different computing. It could solve certain math problems that classical computers can’t—again, not by doing the same thing faster, but by exploiting quantum mechanical phenomena.

Two such problems are factoring and discrete logarithms. Because these are practically impossible to solve with classical computers, the public-key cryptography behind TLS, ECDSA, and most VPNs is secure. A quantum computer large enough to break those problems doesn’t exist. As of 2025 there are only miniature, useless quantum computers (don’t believe press releases saying the contrary). Research may or may not deliver a large quantum computer, but if it does it will be a disaster. 

Enters post-quantum cryptography (PQC), designed to resist any quantum algorithms. Think of PQC as an insurance against a risk. That's why NIST issued standards.

You likely have many questions. You may find answers in my recent publications:

What Taurus did 

We started our quantum-readiness work in 2021. Not because regulators asked but because we can’t ignore the risk—just like any high-impact scenario in our BCP. I’ve been advocating for PQC transition for years and advised various private and public organizations, so of course Taurus is ready.

Concretely:

  • Crypto inventory and priorization: In 2022 we reviewed all the places where Taurus uses cryptography and identified which ones must migrate first.
  • Post-quantum VPN connectivity: Our infrastructure runs post-quantum hybrid key exchange, protecting confidentiality even against “store-now, decrypt-later” attacks.
  • Quantum-immune backups: Our long-term backups, including databases and digital asset keys, rely only on quantum-safe cryptography. 
  • PQC in our policies: The standards ML-DSA, SLH-DSA, ML-KEM as well as hybrid modes and key lifecycle requirements are already defined in our key management and cryptography policy .
  • Taurus-PROTECT designed for PQ integration: the API, key-derivation logic, and signing modules can accommodate PQC signatures and PQC/hybrid KEMs the moment blockchains support them. This is sometimes called “crypto agility.”
  • Outreach and awareness: in 2023 we published articles on quantum risk assessment and the post-quantum tech landscape, and presented at the BlackAlps conference on proactive mitigation measures.  

This isn’t just a roadmap, it’s deployed, audited infrastructure. We’re not full post-quantum yet—no company is—because:

  1. Blockchains are not, so custodians can’t unilaterally switch.
  2. Standards across TLS, SSH, JWT, KMS, and SDKs haven’t converged, making compatibility the real bottleneck.
  3. Compatibility and interoperability is limited by hardware vendors, partners, and clients.

Recap and references

The quantum timeline is uncertain, but we’re ready whatever happens. Be wary of exaggerated claims from vendors and quantum computing companies. 

To understand and address the risk, see: