Quantum computers aren't going to nibble at email security. They're going to smash straight through the core systems that keep email trustworthy. Here's what falls apart first.
DKIM
DKIM is what tells your inbox, "This email really came from Google, Microsoft, or your bank."
The problem?
DKIM relies on RSA or ECC signatures, the exact algorithms quantum computers can tear apart. With a strong enough quantum machine, attackers can forge DKIM signatures and make a malicious email look 100% legitimate.
PGP
PGP is loved by privacy-focused users, security researchers, and anyone dealing with sensitive data.
But its strength depends entirely on one thing. Attackers cannot compute your private key.
Quantum computers change that. With Shor's algorithm, a quantum machine can derive PGP private keys almost instantly. It's like giving attackers a master skeleton key to your entire message history.
S/MIME
S/MIME is the corporate workhorse of email security. Enterprises, governments, and regulated industries rely on it for encryption, authentication, and compliance.
And it also relies on RSA and ECC. Quantum cracking makes S/MIME certificates worthless. The entire PKI chain collapses. Email confidentiality collapses with it.
How PQC Fits Into Email: The Real Upgrade Path
Now this question comes to everyone's mind. How do we actually move email from "quantum-vulnerable" to "quantum-safe"? The answer isn't ripping everything out and starting from scratch. It's transitioning carefully, step by step, using hybrid cryptography.
DKIM + PQC: Double Signatures, Double Safety
DKIM needs a quantum-safe upgrade, but we can't flip a switch overnight. That's where hybrid signatures come in.
Here's how it works:
- Your mail server signs outbound emails with RSA/ECC (current standard)
- And also signs them with PQC (Dilithium)
- Both signatures sit inside the same DKIM DNS record
That even with the arrival of quantum computers tomorrow, your email is safe. Such standards organisations as IETF LAMPS are already specifying the appearance of these hybrid DKIM signatures.
And the big mail companies, Google, Microsoft, and Fastmail, are conducting experimental background experiments.
PGP + PQC: Hybrid Keys for Real Privacy
PGP will also shift into hybrid mode. Instead of choosing between "old crypto" and "new crypto," you combine both.
- An ECC key for compatibility
- A PQC key (Kyber + Dilithium) for quantum safety
Think of it like having two locks on your safe. If one fails, the other still protects you. The OpenPGP working group is actively developing this hybrid PGP design using Kyber for encryption and Dilithium for signatures.
The good part is that it's Backward compatibility. Some older PGP clients will break. Some email tools won't understand the new hybrid keys. And that means adoption will be slower, and privacy tools take time to evolve. PGP won't survive without PQC.
S/MIME + PQC: The Enterprise Shake-Up
The real headache is S/MIME. Since S/MIME is based on certificates and complicated chains of PKI, this is not as simple as the addition of a new algorithm. PQC migration (of S/MIME) implies:
- New quantum-resistant certificates
- New PKI chains
- New trust anchors
- New certificate rotation policies.
Basically, every link in the chain must be upgraded before anything works. Enterprises also need to start rotating encryption keys early. If not, they risk storing years of emails that become instantly readable when quantum decryption becomes practical.
S/MIME adoption will move more slowly than DKIM or PGP simply because the certificate ecosystem is⦠complicated.
Think of it like replacing the foundation of a building instead of just swapping the front door. But the shift is already happening. The vendors and certificate authorities are testing PQC-enabled S/MIME certificates today.
What Businesses Can Do
Quantum risks feel like one of those things everyone agrees are "important," but no one wants to think about yet. The problem is that crypto transitions move more slowly than people expect.
By the time the danger feels real, it's already too late to adapt.
The companies that start early won't even notice the shift. The ones that don't will eventually scramble in a way that looks embarrassing in hindsight.
Figure Out Where You're Using RSA and ECC
Most teams don't actually know. They assume they know, which is worse. Look at the parts of your email system that depend on these algorithms:
- DKIM signatures
- PGP keys
- S/MIME certs
- Whatever TLS your mail servers negotiate
- Any glue code, cron jobs, or scripts still generating RSA/ECC keys
If you can't describe where your encryption lives, start writing it down. Even a messy inventory is better than guessing. Everything else in your PQC plan depends on this step.
Use PQC Libraries
You don't need to deploy anything for real yet. Just get your hands dirty. Make a small prototype. Even if it breaks, you'll understand the shape of the future a bit more clearly. Better to have things fall apart during a test project than during a real migration.
Push Your Vendors
You're not switching to PQC alone. Your stack is glued together with tools made by other people, and if they aren't moving, neither are you. Most vendors only move when customers start asking the same questions in unison. Put "PQC-ready" as a requirement in new contracts. Vendors notice those lines.
Use Hybrid Crypto where possible.
The good fact with hybrid cryptography is that there is no need to make a choice: it uses classical and post-quantum cryptography simultaneously. It interacts with the current systems but does not subject you to the problems that will arise tomorrow. Consider it as putting a seatbelt on a prehistoric motor vehicle, not ideal, but at least safer.
Revise Your Policies Before somebody pushes you to.
Finance, healthcare, and government industries have already begun developing quantum-readiness rules. You can do so without having to wait till you are mandated to.
Original Source
Post-Quantum Cryptography for DKIM, PGP, and S/MIME: Quantum Threat to Email Security
Top comments (0)