Post-quantum cryptography (PQC), also known as quantum-safe cryptography’ or ‘quantum-resistant cryptography’, may sound like something out of a science fiction movie, but its implications are quickly becoming a real-world concern. As quantum computing advances, it introduces a new class of risk to the cryptographic systems that underpin today’s digital economy.

Quantum computers—computers that ‘ use properties of quantum mechanics to compute in a fundamentally different way ’ than today’s ‘classical’ computers —have the potential to perform certain calculations far beyond the reach of existing technology. While still emerging, their ability to break widely used, conventional cryptographic algorithms poses a significant challenge to how data, identities, and digital agreements will be secured in the future.

For businesses, this shift goes well beyond theoretical security threats. Changes to today’s cryptographic foundations could have long-term implications for data confidentiality and integrity, regulatory compliance, and the durability of trust in digital transactions. For example, within the context of Docusign, as digital agreements continue to serve as the backbone of modern business operations, the rise of quantum computing represents not just a technical hurdle, but a strategic inflection point.

Whilst it’s difficult to predict exactly when cryptographically relevant quantum computers will become a reality, regulators such as the European Commission and the National Institute of Standards and Technology (NIST) have identified 2030 as a pivotal milestone for organisations to keep in mind. How are they starting to prepare for a post-quantum future? Doing so requires rethinking how trust is established and maintained over time, which is precisely the area where Docusign is focusing its attention.

This blog explores what quantum computing means for digital agreements, why post-quantum cryptography matters, and how Docusign is laying the groundwork to protect agreements today and well into the quantum era.

What is quantum computing?

Quantum computing is an emerging computing paradigm that leverages principles of quantum physics to process information. Unlike classical computers which use 'bits' (short for 'binary digits') represented as either 0 or 1, quantum computers use 'qubits' which can exist in multiple states simultaneously.

In other words, quantum computers are able to solve certain complex mathematical problems far more efficiently than traditional systems. While this advancement offers significant benefits, it also poses a challenge for the cryptographic methods that protect contemporary digital communications and interactions. Much like a master key that can open locks previously thought secure, a sufficiently powerful quantum computer could solve the mathematical problems underlying today’s encryption standards, rendering them ineffective.

What is post-quantum cryptography (PQC)?

Understanding the emergence of this technological challenge helps frame why new cryptographic approaches are gaining attention, notably post-quantum cryptography (PQC).

PQC is the name for quantum resistant encryption technologies designed to proactively address this risk. Post quantum encryption relies on new cryptographic algorithms specifically engineered to remain secure against quantum-enabled attacks.

It is often described as “quantum resistant” cryptography because it is built to withstand both classical and quantum threats. As a result, organisations are beginning to plan migrations to these more secure algorithms to ensure long-term data protection.

The role of Quantum Encryption in protecting Digital Agreements

Digital agreements rely on a technology standard called Public Key Cryptography (PKC). When you sign a document electronically, cryptographic algorithms ensure the signature is authentic, the document hasn’t been tampered with, and all parties can trust the agreement.

Today, these guarantees are secured by PKC standards like Rivest-Shamir-Adleman (RSA) and Elliptic Curve Digital Signature Algorithm (ECDSA). While robust against today’s computing capabilities, these algorithms were not designed to withstand the emerging threat of quantum computing, which operate on fundamentally different principles.

This means the quantum threat is no longer theoretical. It’s an emerging challenge that governments, organisations, and standards bodies worldwide are actively planning for. For instance, the European Union has outlined requirements for migrating high-risk systems away from vulnerable cryptography by 2030, while in the U.S, NIST anticipates a full transition to post-quantum cryptography by approximately 2035.

Despite the different timelines, the takeaway is clear: for any long-lived data within digital agreements - contracts, legal records, financial agreements- ensuring their integrity and trustworthiness in a post-quantum world is critical. Implementing quantum-resistant encryption today is essential to safeguard digital agreements and create a new foundation for trust.

Creating a new foundation for trust through post-quantum cryptography

The most immediate risk is known as “Harvest Now, Decrypt Later” (HNDL). This refers to attackers collecting encrypted data today and storing it until quantum computers become accessible and powerful enough to decrypt it in the future. Although practical cryptographically relevant quantum computers don't currently exist, attackers and fraudsters are already amassing large pools of sensitive data, targeting information with a long ‘shelf-life’ such as personal data, intellectual property, and long-term contracts or agreements.

Therefore, for digitally signed agreements that need to stand the test of time and remain valid and defensible for many years, mitigating this risk is an imperative. As businesses complete their digital agreements today, the risk that the sensitive, encrypted data contained within them could be stolen and stored by attackers until more powerful quantum computers become available is real . Fraudsters are already collecting long-lived data in anticipation of future quantum computing capabilities that could break legacy encryption standards and expose this information.

Therefore, cryptographers have been developing new PQC algorithms, specifically designed to resist attacks from both classical and quantum computers. Within the context of digital agreements, one of the most important developments is the introduction of the Module Lattice-Digital Signature Algorithm (ML-DSA), a quantum-resistant encryption algorithm that is expected to become a cornerstone of post-quantum security. In simple terms, ML-DSA provides a new way to prove that a digital document is authentic and hasn’t been altered, even in a future where quantum computers are available.

Standardised by NIST, these new algorithms ‘ provide an acceptable level of security for personal, enterprise and official-tier government information ’.

However, it’s worth noting that PQC is not a single switch that can be flipped overnight. Transitioning global systems, ecosystems, and trust models is a gradual process that takes time. Whilst investigating PQC, organisations should also start logging HNDL as a high-impact, long-term threat in their risk registers because any data with a long shelf-life is at risk. Put simply, preparation and thoughtful migration are essential.

How Docusign is preparing for the post-quantum Era

To support our customers’ gradual transition and ensure the long-term integrity of their digital agreements, Docusign is preparing for the post-quantum era by investing heavily into research and development (R&D) to progressively introduce emerging technologies into its technology stack.

Given our belief that trust is the foundation of every agreement, ensuring that agreements signed today remain secure, verifiable, and enforceable far into the future is essential. Docusign is taking proactive steps to ensure that agreements signed on our platform today remain secure and trustworthy well into the ‘quantum future’.

The way in which we intend to achieve this is by following three key principles:

1. Planning early

Waiting until quantum computers are fully mature is not an option. The long-term risk to both existing and future agreements exists today. The threat of HNDL is very real, raising questions about the long-term integrity of digital agreements. As the number one most trustworthy software and telecommunications company , Docusign has a vested interest in protecting its customers' data. Therefore, we are actively tracking emerging standards, participating in the broader ecosystem, and beginning to design systems with post-quantum security in mind to ensure that customers on our platform are leveraging technology that protects their agreements both today and well into the future.

2. Facilitating a gradual transition

Docusign’s strategy supports hybrid cryptography, allowing both traditional algorithms (such as RSA) and quantum-resistant algorithms (such as ML-DSA) to coexist. As a result, our customers can migrate at their own pace, while maintaining compatibility with existing systems, workflows and tolerance levels.

3. Protecting agreements across time

To address the “harvest now, decrypt later” threat, Docusign is developing new security capabilities built on quantum-resistant cryptography and trusted time-stamping. These measures are designed to protect agreements throughout their entire lifecycle, including documents that were originally signed using older cryptographic methods. As a result, agreements completed using today’s security standards can continue to benefit from future advancements, ensuring long-term protection as cryptographic technology evolves and preserving the integrity and trustworthiness of signed agreements.

How do you implement post-quantum cryptography?

As mentioned earlier, implementing post-quantum cryptography isn’t an overnight process. It involves continuously evaluating existing systems, working closely with your technology partners, regularly monitoring guidance and updates from government bodies such as NIST, identifying at-risk cryptography, and gradually adopting quantum-resistant algorithms.

As a Docusign customer, you benefit from a platform that is actively preparing for the transition to a post-quantum world. We are already evaluating quantum-resistant cryptographic approaches and emerging standards such as ML-DSA, with a focus on protecting the integrity of digital agreements throughout their entire lifecycle.

By working with Docusign and beginning this journey today, you can take a proactive approach to maintaining trust in your agreements, supporting long-term regulatory and compliance objectives, and helping ensure business continuity as cryptographic standards and computing capabilities continue to evolve.

To learn more, contact our sales team.