Quantum computing will break the cryptographic signatures underpinning every Verifiable Credential issued today. ⚠️ Not might. Will.
Every VC issued today is signed using one of the classical cryptography algorithms such as Ed25519, RSA, or ECDSA. Quantum computers, running Shor’s algorithm, will render these signatures untrustworthy. 🧠⚡ When that day arrives, it affects every credential ever signed – the National ID issued three years ago, the Health ID a patient presents at a hospital today 🏥, the Farmer ID verified at a field terminal next week 🌾.
Every single one.
The real problem is not the cryptography.
It is the re-issuance. 🔄
Switching to post-quantum algorithms is the straightforward part. NIST has already standardised several algorithms such as CRYSTALS-Dilithium, FALCON, SPHINCS+. The hard part is what follows.
Millions of credentials are sitting in holder wallets carried by farmers, refugees, health workers, and citizens across multiple countries 🌍. Re-signing them requires reaching every holder and asking them to re-enroll. For a refugee in a camp, that may be impossible. For a farmer in a remote district, it may mean a day’s travel. At the population scale, re-enrollment is not a technical step. It is a logistical and humanitarian operation 🚧 that can take years, leaving a gap during which credentials cannot be trusted.
This is the crypto-agility problem. 🔐
Crypto-agility means designing the VC architecture so that the signing algorithm is decoupled from the credential, so that rotating to a new algorithm happens at the infrastructure layer, without invalidating credentials already in the field.
Most platforms deployed today have not solved this. The credential schema, signing key, and verification method are tightly coupled.
Rotating the algorithm means re-issuing. Re-issuing means reaching the holder.
The right question to ask any VC vendor is not “which algorithm do you use?”
It is: “If we need to change the algorithm five years from now, what happens to every credential already in the field?” ❓
If the answer is re-enrollment, that is a design decision worth making consciously rather than discovering in a crisis.
For ecosystems issuing National IDs, Health IDs, Refugee IDs, and Social Protection credentials to millions of people, quantum-readiness is not a feature to add later. 🚨 It is a foundational requirement.
The time to make this architectural choice is before you scale. Not after.
Visit us at the ID4Africa Conference — Stall No. L05 to see it in action. 📍
