> We should start moving toward quantum-resistant cryptography now so that by the time these machines become practical, sensitive information will have fallen out of most archives.
I think we actually are. NIST already gathered submissions for post quantum crypto[0] last year.
And people like djb are also clearly interested in it[1][2].
I know very little about the topic. Will post-quantum crypto require new hardware? The few techniques I have heard about rely on special networks capable of transmitting quantum particles, not just bits.
If new network infrastructure is required, I can't imagine how we would ever get quantum computer resistant cryptography before it's way too late.
No. We just need to switch from existing public-key cryptographic algorithms to quantum-resistant public-key cryptographic algorithms. There are already a variety of such algorithms developed (see https://en.wikipedia.org/wiki/Post-quantum_cryptography). All that remains is to study them further and agree on a standard.
Symmetric ciphers such as AES are already quantum-resistant for 256-bit keys. (Grover's algorithm is the best known quantum attack for such algorithms. Cracking an N-bit key classically is approximately as hard as cracking an (N/2)-bit key on a quantum computer with Grover's algorithm.)
I think we actually are. NIST already gathered submissions for post quantum crypto[0] last year.
And people like djb are also clearly interested in it[1][2].
[0] https://csrc.nist.gov/projects/post-quantum-cryptography/rou...
[1] https://blog.cr.yp.to/20170719-pqbench.html
[2] https://sphincs.org/