Imagine you lock a letter in a safe today. You will not open it for fifty years. Maybe longer. You hope that when the moment finally comes, the safe still holds, the lock still works, and only the right person can open it.

Now imagine someone tells you that in twenty years, a new kind of master key might be invented. A key that can open almost every safe ever built. Not your safe specifically, but the whole category of locks that yours belongs to.

What would you do? You would not wait for the master key to appear. You would start building a new kind of safe right now, one the master key cannot open, and you would move your letter into it long before the danger arrives.

This is the 50-year will problem, and the new master key has a name. It is the quantum computer. This is the story of why a will, more than almost any other document, has to be protected against a threat that does not fully exist yet, and how BlockWill is building for a future that is still decades away.

Why a Will Is the Hardest Thing to Protect

Most secrets have a short shelf life. A password you will change next month. A credit card number that expires in three years. A private message that stops mattering once the conversation ends. If the lock on those things weakens in twenty years, it barely matters, because the secret is long gone.

A will is the opposite. You might write it at forty and not need it until ninety. The instructions inside, who inherits what, where the assets are, the keys to your digital life, may need to stay both secret and trustworthy for half a century. The lock you choose today has to survive every advance in code-breaking that the next fifty years will throw at it.

That is a brutal requirement. Almost no software is built to last fifty years. The apps on your phone today did not exist fifteen years ago. But a will does not get to be modern and disposable. It has to be a vault that outlives the technology it was built with. And that means thinking seriously about a threat most companies happily ignore, because their products will be forgotten long before the threat arrives.

How Today's Locks Actually Work

To understand the danger, you need to know one thing about how almost all digital security works today. It rests on math problems that are easy to do in one direction and brutally hard to undo.

Think of mixing two paint colors. Combining blue and yellow into green is instant. But if I hand you a bucket of green and ask you to separate it back into the exact blue and yellow you started with, you are stuck. That one-way difficulty is the foundation of modern encryption.

The two giants of today's security are called RSA and elliptic curve cryptography. RSA leans on the difficulty of taking a huge number and finding the two prime numbers that were multiplied to make it. Multiplying them was easy. Factoring the result back apart is, for a big enough number, so hard that all the regular computers on Earth working together could not do it before the sun burns out. Elliptic curve cryptography relies on a different one-way problem, but the principle is the same: easy forward, impossibly hard backward.

These locks are not weak. Against every ordinary computer, today and forever, they are effectively unbreakable. The problem is that quantum computers are not ordinary computers, and they do not play by the same rules.

What a Quantum Computer Changes

A normal computer thinks in bits, each one either a zero or a one, marching through possibilities one at a time. A quantum computer uses qubits, which through the strange physics of the very small can explore enormous numbers of possibilities at once. For most everyday tasks this is useless. But for a handful of very specific math problems, it is revolutionary.

In 1994, a mathematician named Peter Shor discovered an algorithm that lets a sufficiently powerful quantum computer factor huge numbers quickly, and solve the elliptic curve problem too. In other words, Shor's algorithm is precisely the master key for the two locks that protect almost all of today's digital world. The one-way paint can be unmixed. The green can be separated back into blue and yellow.

Here is the crucial nuance, and it is the whole reason this matters now. A quantum computer powerful enough to break RSA does not exist yet. Today's quantum machines are small, noisy, and far from that capability. Many experts think a cryptographically dangerous quantum computer is still ten to twenty years away. Some think longer. A few think it never arrives.

But "twenty years away" is not comforting when your will needs to stay locked for fifty. The danger does not have to arrive today to threaten a document that has to survive until tomorrow.

"Harvest Now, Decrypt Later"

There is a darker reason a fifty-year secret is in danger today, even though the master key does not exist yet. It has a chilling name: harvest now, decrypt later.

An attacker does not need to break your encryption today. They can simply copy your locked data now, while it is safely scrambled, and store it. They wait. They are patient. They keep the encrypted bundle in a warehouse of stolen secrets, doing nothing with it, for ten or twenty years. Then, the day a working quantum computer arrives, they pull your old data off the shelf and unlock all of it at once.

This means a secret recorded today can be stolen today and read in 2045. For most data, that is no threat at all, because nobody cares what you said in a chat twenty years after the fact. For a will, it is a real and present danger. The names, the asset locations, the private keys, the instructions, may still be sensitive, may still be live, may still cause harm if exposed, decades from now.

So the clock is already ticking, even though the quantum computer has not arrived. Any will that wants to be safe for fifty years has to be locked, today, with a lock that a future quantum computer cannot open. Waiting until quantum computers exist is waiting until it is far too late.

The Good News: New Locks Already Exist

Here is the part that turns this from a horror story into an engineering plan. The world saw this coming, and the new locks are ready.

For nearly a decade, cryptographers around the world ran a public competition, organized by the United States standards body, to design and battle-test encryption that resists quantum computers. These are called post-quantum algorithms. They are built on completely different math problems, ones that neither ordinary computers nor quantum computers are known how to break.

In 2024, the first official standards were published. The headline names are worth knowing, because they are becoming the new foundation of digital security. ML-KEM, originally known as Kyber, is used for safely exchanging keys. ML-DSA, originally known as Dilithium, and SLH-DSA, based on a hash-based design, are used for digital signatures.

Most of these rely on a family of problems involving lattices, which you can loosely picture as a vast grid of points stretching in many dimensions, where finding the closest point to a target is fiendishly hard even for a quantum computer. Hash-based signatures take a different, even more conservative route, leaning on the same kind of one-way fingerprinting that has resisted attack for decades. The details differ, but the goal is one: locks that stay locked even when the quantum master key finally arrives.

How BlockWill Migrates to a Quantum-Safe Future

Knowing the new locks exist is not the same as using them well. Moving a system that has to last fifty years onto new cryptography is a careful, deliberate process, not a flip of a switch. Here is the practical plan that a serious estate platform follows.

The first principle is crypto-agility, which is a fancy way of saying the system is built so its locks can be swapped without tearing everything apart. The encryption is treated like a replaceable part, not like the foundation. When a new standard arrives, or an old one weakens, the lock can be changed while everything around it stays in place. A will built without crypto-agility would be trapped with whatever lock it was born with, which is exactly the trap we must avoid over fifty years.

The second principle is hybrid encryption during the transition. Rather than gambling everything on a brand-new algorithm, the safest approach combines a trusted classical lock with a new post-quantum one, so your data is protected by both at the same time. To break in, an attacker would have to defeat both the old lock and the new lock together. If the new post-quantum algorithm has a flaw we have not discovered yet, the proven classical lock still holds. If the classical lock falls to a quantum computer, the post-quantum lock still holds. You are safe unless both fail, which is far less likely than either failing alone.

The third principle is to prioritize the long-lived secrets. Not all data is equally urgent. A session that ends in an hour does not need quantum protection. A will that must stay secret for fifty years is exactly the kind of data that should be moved to post-quantum locks first, because it is the prime target for harvest-now-decrypt-later. BlockWill's most sensitive, longest-lived data is where the strongest, most future-proof protection is applied first.

And the fourth principle is to stay aligned with the official standards rather than inventing private cryptography. Homemade encryption is one of the most reliable ways to get security wrong. By following the algorithms that thousands of researchers have publicly attacked and standards bodies have blessed, a will inherits the strength of the entire global cryptographic community, not the guesswork of a single team.

Frequently Asked Questions

What is post-quantum cryptography?

Post-quantum cryptography is a family of encryption and signature methods designed to stay secure even against powerful quantum computers. Unlike today's most common locks, which are based on math that a quantum computer could eventually break, post-quantum algorithms are built on different math problems that neither ordinary nor quantum computers are known how to solve. In 2024, the first official post-quantum standards were published, including ML-KEM, ML-DSA, and SLH-DSA.

Why does a will need quantum-safe encryption when quantum computers do not exist yet?

Because a will may need to stay secret for fifty years or more, and the encryption protecting it has to survive every advance in code-breaking during that whole time. There is also the harvest-now-decrypt-later threat, where an attacker copies your encrypted data today and simply waits until a quantum computer exists to unlock it. A secret recorded today could be stolen today and read decades from now, so a fifty-year will needs quantum-safe protection right now.

What is "harvest now, decrypt later"?

It is an attack strategy where someone copies your encrypted data today, while they cannot read it, and stores it for years until a quantum computer becomes available to break the old encryption. For short-lived secrets this is no threat, because nobody cares about them years later. For a will, whose contents can stay sensitive for decades, it is a genuine danger, which is why the data should be locked with quantum-safe encryption before quantum computers ever arrive.

Will a quantum computer break the encryption protecting my will today?

A quantum computer powerful enough to break today's common encryption does not exist yet, and may be ten to twenty years away or more. The concern is not today but the long life of a will. By using post-quantum and hybrid encryption now, BlockWill aims to keep your will protected through whatever the coming decades bring, so that even a future quantum computer cannot unlock it.

What is hybrid encryption and why use it during the transition?

Hybrid encryption protects your data with both a trusted classical lock and a new post-quantum lock at the same time. An attacker would have to break both to get in. If the new post-quantum algorithm turns out to have a hidden flaw, the proven classical lock still protects you, and if a quantum computer defeats the classical lock, the post-quantum lock still holds. It is the safest path while the world transitions to new standards.

What is crypto-agility?

Crypto-agility means a system is built so that its encryption can be replaced without rebuilding everything else. The locks are treated like swappable parts rather than permanent foundations. This matters enormously for a will, because over fifty years standards will change, new threats will emerge, and old algorithms may weaken. A crypto-agile system can adopt better protection over time, while a rigid one would be stuck with whatever it was born with.

Which post-quantum algorithms are standardized?

The first official standards, published in 2024, include ML-KEM, originally called Kyber, for securely exchanging keys, and ML-DSA, originally called Dilithium, along with SLH-DSA, a hash-based design, for digital signatures. Most are based on lattice problems that are extremely hard even for quantum computers, while hash-based signatures rely on long-trusted one-way fingerprinting. Following these vetted standards is far safer than inventing private cryptography.

Does switching to post-quantum encryption change how I use BlockWill?

No. The change happens underneath, in the cryptography that protects your data, not in how you write, update, or store your will. The goal of a crypto-agile, hybrid approach is to upgrade the locks invisibly, so your experience stays the same while your protection quietly grows stronger and more future-proof over time.

Is post-quantum cryptography fully proven and final?

It is rigorously studied and officially standardized, but cryptography is always an ongoing effort, which is exactly why hybrid encryption and crypto-agility matter. By combining post-quantum locks with proven classical ones and keeping the ability to swap algorithms in the future, a will stays protected even if any single algorithm is later found to need replacing. The strategy is designed to be safe through change, not to bet everything on one fixed choice.

The Bottom Line

A will is a promise that has to keep itself across decades, often across half a century, through every change in technology that the future holds. That makes it one of the very few documents that genuinely has to be protected against quantum computers, even though those computers do not fully exist yet.

The danger is real and already here, not because the quantum master key has arrived, but because an attacker can copy your locked secret today and wait for the key to come. A will protected only by today's classical encryption is a will quietly exposed to the world of 2045.

The answer is not to panic and not to wait. It is to build deliberately: post-quantum algorithms blessed by the global cryptographic community, hybrid locks that combine old and new so you are safe unless both fail, crypto-agility so the locks can keep improving for fifty years, and the strongest protection applied first to the data that has to last the longest.

Your will is meant to outlive you. The encryption that guards it has to outlive the threats that have not even been built yet. That is the standard a last wish deserves, and it is the standard worth building toward today.