Quantum computing does not just threaten passwords and virtual private networks (VPNs). It goes straight for something legal systems rely on every day: whether digital evidence can be trusted.
Courts, investigators, and e-discovery teams lean heavily on cryptography to prove that a file is authentic, unchanged, and tied to the right person or system. Quantum machines, once they reach sufficient scale, attack those foundations directly.
Let us break it down.
How We Currently Trust Digital Evidence
Today’s evidentiary ecosystem is built on three main pieces of plumbing:
- Hashes: Functions like Secure Hash Algorithm (SHA)‑256 give files a unique fingerprint. Change one bit, change the hash. That is how tools show an image or log has not been altered.
- Digital signatures and certificates: Rivest–Shamir–Adleman (RSA) and elliptic‑curve schemes bind documents, emails, logs, and software to specific keys and identities. If the private key is safe, the signature is treated as strong proof.
- Encrypted storage and transport: Evidence is encrypted at rest and in transit, typically using RSA / Elliptic Curve Cryptography (ECC) for key exchange and authentication.
All three rely on problems that are hard for classical computers. But quantum algorithms like Shor’s and Grover’s change that hardness in ways that matter a lot for evidence.
What Quantum Actually Breaks
Here is the thing: Quantum does not magically erase all security overnight, but it does make certain attacks go from “theoretical” to “practical.”
Public‑Key Cryptography
Shor’s algorithm can efficiently factor large numbers and solve discrete logs, which is exactly what RSA and ECC depend on.
What this really means is:
- Signatures on documents, logs, and chain‑of‑custody records that use RSA/ECC become forgeable once an attacker has a big enough quantum computer.
- Certificates and timestamping services that rely on classical public keys can be impersonated or recreated after the fact.
The National Institute of Standards and Technology (NIST) has already standardized a first set of post‑quantum algorithms (Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) for key exchange and Module-Lattice-Based Digital Signature Algorithm (ML-DSA)/Stateless Hash-Based Digital Signature Algorithm (SLH-DSA) for signatures) and is adding more digital signature schemes in a second round to increase diversity.
Hashes
Grover’s algorithm speeds up generic search, effectively halving the security level of common hashes: A 256‑bit hash behaves more like a 128‑bit one against a powerful quantum adversary.
In practice, hashes still look viable, but for high‑value, long‑lifespan evidence, we will want stronger margins and maybe larger outputs.
Harvest Now, Decrypt Later
The most under‑appreciated piece is “harvest now, decrypt later.” Attackers can capture encrypted traffic, email archives, backups, and document repositories today, then store them until they can run quantum attacks on the keys.
For evidence, that means:
- Old privileged communications, regulatory archives, or mergers and acquisitions (M&A) data under legal hold may already be sitting in someone’s storage, waiting to be decrypted.
- Once decrypted, those records can be selectively leaked, edited, or repackaged as forged “evidence” that appears historically consistent.
How Could Quantum-Tampered Evidence Show Up?
Picture a capable adversary with access to quantum resources and time.
They might:
- Rewrite Chain‑of‑Custody Logs
Recover old signing keys using quantum attacks, regenerate signatures, and alter who appears to have handled which evidence and when. On paper, the chain still looks clean. - Back‑Date or Forward‑Date System Logs
Modify log contents and metadata while re‑signing them with keys they have extracted. The log aligns with earlier timestamps and signatures but now tells a different story. - Forge Document Provenance
Create or alter contracts, emails, or PDFs and attach signatures that verify against the victim’s historical public keys. To a classical verifier, they look authentic. - Exploit Decrypted Archives
After decrypting harvested repositories, fabricate narratives from partial truths: Mix genuine records with altered ones, all wrapped in signatures that are now under the attacker’s control.
The scary part is not “we lose encryption.” It is that the mathematical anchors we use to convince a court that digital evidence is genuine become questionable.
Where Forensics and E-Discovery Are Exposed
Several parts of the current workflow are vulnerable:
- Imaging and Verification: Acquisition tools rely on hashes and sometimes signed manifests. If those signatures are purely classical and expected to last decades, their evidential value declines as quantum timelines shrink.
- Cloud and SaaS Exports: Providers often supply data with signed attestations or via channels authenticated by classical public keys. A future challenge could be: How do you know that export really matched the provider’s state on that date?
- Encrypted Corpus Review: Platforms handling encrypted mail, messaging, and backups often sit on keys or protocols vulnerable to quantum attack, especially for long‑term retention.
- Long‑Term Legal Holds: The exact archives that must survive years of litigation and appeals are the prime targets for harvest‑now‑decrypt‑later strategies.
Meanwhile, most forensic and e-discovery tools are only starting to talk about quantum readiness. Post-Quantum Cryptography (PQC) standards exist, but adoption is uneven.
PQC as the New Baseline
The path forward runs through post‑quantum cryptography, not wishful thinking.
NIST’s standardization effort gives concrete options: quantum‑resistant key exchange and digital signatures designed to hold up even in the presence of large quantum machines.
For digital evidence, that suggests three immediate moves:
- Use PQC signatures (ML‑DSA, SLH‑DSA, and successors) for chain‑of‑custody logs, evidence manifests, exports, and timestamps, so their validity does not evaporate when quantum attacks arrive.
- Shift key exchange and at‑rest encryption for long‑lived sensitive archives to PQC schemes like ML‑KEM, instead of relying solely on RSA/ECC.
- Strengthen hash policies for high‑value, long‑term evidence so security margins remain comfortable even under theoretical quantum speed‑ups.
What Should Organizations Start Doing Now?
If you are serious about digital evidence, here’s how to prepare without spinning into panic.
1. Classify by Quantum Exposure
Identify which evidence:
- Must remain confidential and trustworthy for 10-20 years or more.
- Relies on RSA/ECC for signing, key exchange, or timestamping.
- Forms the backbone of chain‑of‑custody or audit trails.
Those are your first candidates for PQC protection.
2. Demand PQC Roadmaps From Vendors
Ask your forensic and e-discovery providers:
- What crypto do you use today for hashes, signatures, and key management?
- When will you support NIST PQC standards like ML‑DSA, SLH‑DSA, and ML‑KEM?
- How will you represent and verify evidence across the transition from classical to PQC?
You do not need perfection now, but you do need a believable plan.
3. Build Crypto‑Agility Into Evidence Workflows
Design your evidence lifecycle so algorithms can change:
- Store algorithm identifiers and parameters alongside hashes and signatures.
- Layer PQC signatures on top of existing classical ones instead of ripping and replacing. A future judge should be able to see when and how you upgraded.
4. Write It Down
Document:
- How long you consider specific classical algorithms acceptable for different evidence classes.
- How you account for harvest‑now‑decrypt‑later in your risk assessments.
- Your intended path and triggers for adopting PQC, ideally aligned with public NIST guidance.
Policies and process notes become part of your defense when handling is challenged.
5. Train the People Who Testify
Expert witnesses and internal investigators need to explain, in plain language:
- Why some older signatures no longer carry the same weight.
- How PQC‑backed chains of custody remain trustworthy even in a quantum era.
- What harvest‑now‑decrypt‑later means for long‑term archives.
If they cannot tell that story clearly, technology alone will not save you.
Are We Ready?
Not yet. Technically, we have the tools: standardized PQC algorithms, a growing understanding of quantum risks, and clear warnings about harvest‑now‑decrypt‑later from major security bodies.
Culturally and procedurally, we are behind. Many workflows still assume today’s cryptography will stay trustworthy throughout the lifespan of the evidence they produce.
The real question is not “Will quantum break things?” It is “When someone challenges your digital evidence in a quantum‑aware court, will you have a calm, documented, technically sound answer?”
If you can map your critical evidence, your current crypto, and your transition plan, you are on the right side of that question.
© Copyright 2026. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC, its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.
