France Plans to Retire ‘Pre-Quantum’ Encryption as Fears Over Bitcoin’s Long-Term Security Mount
France is moving to systematically abandon traditional encryption technologies that cannot withstand attacks from future quantum computers, signaling a decisive shift in how one of Europe’s leading states thinks about cybersecurity-and about the durability of systems like Bitcoin.
The country’s national cybersecurity agency, ANSSI, has announced that starting in 2027 it will no longer certify security products that do not implement quantum‑resistant (also called post‑quantum) cryptography. From that point on, developers and vendors seeking official approval for use in French government networks or critical infrastructure will be required to adopt new cryptographic standards designed to survive quantum-era attacks.
Because ANSSI certification is mandatory for many public-sector environments and for operators of essential services, the move effectively sets a countdown clock for the retirement of classic, non‑quantum‑safe encryption across large parts of the French digital ecosystem.
Speaking at the France Quantum conference, ANSSI Chief of Staff Samih Souissi emphasized that this decision extends well beyond a narrow technical adjustment. It is, in his words, a strategic and political issue as much as a scientific one, touching the security of state institutions, private industry, and global digital finance.
Souissi stressed that organizations must begin planning and migrating now rather than waiting for quantum computers to reach full offensive capability. The agency’s recommendation is clear: by 2030, companies should aim to procure only quantum‑safe products, even if some legacy systems are still technically functioning. Waiting too long, ANSSI warns, risks creating a huge backlog of vulnerable systems that cannot be upgraded quickly enough once a real quantum threat materializes.
This French timeline is aligned with a growing international consensus: the world may have less than a decade to complete a complex and costly transition to post‑quantum cryptography. Traditional public‑key algorithms like RSA and ECDSA, which underpin secure web connections, banking, VPNs, and most blockchain signatures, are theoretically vulnerable to sufficiently powerful quantum computers running algorithms such as Shor’s.
That vulnerability is not just a problem for the distant future. Security experts frequently point to a “harvest now, decrypt later” risk model: sensitive data-including encrypted communications, state secrets, financial records, and blockchain-related keys-might already be intercepted and stored today, with the expectation that it can be decrypted once practical quantum machines arrive. From a national-security perspective, this makes the migration to quantum‑resistant schemes a matter of urgency, not speculation.
This context is especially unsettling for holders and infrastructure providers in the Bitcoin ecosystem. While Bitcoin’s proof-of-work mining algorithm is less immediately threatened by quantum computing than its signature scheme, the elliptic-curve cryptography used to sign Bitcoin transactions is in the same broad category of algorithms that post‑quantum standards aim to replace.
In practice, Bitcoin addresses only become directly vulnerable once their public keys are revealed on-chain, which happens after funds are spent from that address. Yet large amounts of BTC sit in addresses whose public keys are already exposed-such as long‑inactive wallets and reused addresses-making them prime targets in any realistic quantum-attack scenario.
If a capable adversary gained access to a sufficiently powerful quantum computer, they could potentially derive private keys from exposed public keys and move Bitcoin without the consent of the legitimate owners. That possibility has driven renewed debate about whether Bitcoin should eventually support new, quantum‑resistant signature schemes, and how such a transition could be coordinated across a decentralized network without undermining trust.
France’s decision adds governmental pressure to these technical debates. By explicitly tying certification and procurement to quantum‑safe standards, ANSSI is signaling that it expects both public bodies and private-sector operators to treat quantum readiness as a foundational security requirement-on a par with encryption itself becoming standard practice in previous decades.
The move also illustrates a broader geopolitical competition around quantum technology. States are racing not only to build quantum computers for scientific and commercial uses, but also to ensure their own systems are protected against foreign quantum capabilities. In that race, being late to adopt post‑quantum cryptography could carry economic, intelligence, and strategic costs that are hard to reverse once adversaries have gained an edge.
For businesses operating in or with France, the implications are practical and immediate. They will need to map their current cryptographic footprint, identify which products and protocols are not quantum‑safe, and plan multi‑year migration paths. Vendors who rely on older algorithms will face rising pressure to integrate post‑quantum options or risk losing access to government and critical-infrastructure markets.
The complexity is significant. Post‑quantum algorithms can demand more bandwidth, processing power, or storage. Some are still being refined and standardized, and real‑world implementations must be tested against both classical and quantum‑themed attacks. Organizations that manage large fleets of devices or embedded systems-such as industrial controllers, IoT deployments, and telecommunications gear-may find upgrades particularly challenging, as not all hardware can be easily updated or replaced.
Despite those obstacles, ANSSI’s message is that the cost of inaction is higher. Once quantum computers reach a threshold where they can meaningfully attack widely used cryptographic schemes, the window to react will likely be too narrow for a careful, orderly transition. By locking in deadlines well in advance, France hopes to spread the cost and complexity of migration over several years rather than compressing it into a crisis response.
For the broader cryptocurrency sector, France’s stance is a reminder that the security assumptions underlying digital assets are not immutable. Many blockchains, not only Bitcoin, depend on classical cryptographic primitives that were designed in an era when quantum computing was purely theoretical. As that assumption changes, pressure will mount on protocol designers, core developers, and major custodians to articulate concrete roadmaps toward quantum‑resistant solutions.
This could eventually mean the introduction of new address formats, hybrid schemes combining classical and post‑quantum signatures, or even full protocol upgrades. Each of these options raises hard questions about compatibility, user experience, and governance. But doing nothing, in a world where major governments are actively phasing out non‑quantum‑safe crypto, is increasingly difficult to justify.
France’s planned phase‑out of non‑quantum encryption marks a turning point: quantum risk is no longer treated as a distant, hypothetical threat, but as a driver of present‑day policy and investment. For governments, enterprises, and cryptocurrency networks alike, the message is clear-any security model that assumes attackers will forever be limited to classical computing power is now officially out of date.