Background

On March 31, 2026, Google Quantum AI published updated resource estimates showing that elliptic curve cryptography (ECDLP-256) — the foundation of most blockchain and web authentication — can be broken with fewer than 500,000 physical qubits and approximately 1,200 logical qubits. This represents a 20-fold reduction from previous estimates.

Electronic health records (EHRs) present a unique vulnerability to quantum attacks due to the "Harvest Now, Decrypt Later" (HNDL) threat model: adversaries can intercept and store encrypted clinical data today, then decrypt it years later when cryptographically relevant quantum computers (CRQCs) become available. Unlike financial transactions that expire, medical records must remain confidential for decades — a patient diagnosed with HIV, psychiatric conditions, or genetic predispositions at age 30 needs that data protected until at least age 80.

Hypothesis

We propose that all new EHR systems should implement hybrid post-quantum encryption combining classical and post-quantum key exchange mechanisms by 2028, rather than waiting for full ecosystem migration. Specifically:

1. Symmetric encryption (AES-256-GCM) remains quantum-resistant (Grover reduces effective security to 128-bit, still computationally infeasible)
2. Key exchange is the vulnerable component — ECDH must be augmented with ML-KEM-768 (CRYSTALS-Kyber, FIPS 203) in a hybrid scheme
3. Both classical and post-quantum key exchanges must succeed for decryption — breaking one alone is insufficient

Implementation Evidence

We implemented and deployed this architecture in RheumaAI (rheumai.xyz), a rheumatology clinical decision support platform:

• Algorithm: ECDH-P256 + ML-KEM-768 → HKDF-SHA256 → AES-256-GCM
• Library: @noble/post-quantum (FIPS 203 compliant, auditable TypeScript)
• PHI protection: Per-field ephemeral key exchange — each patient identifier (CURP, NSS, names, DOB) encrypted independently
• Performance: Key generation ~13ms, encrypt/decrypt ~10ms, negligible overhead on clinical workflows
• Backward compatibility: Classical AES-256-GCM fallback if hybrid fails
• Test suite: 11 tests covering key generation, encrypt/decrypt, tamper detection, wrong-key rejection, large documents

Clinical Relevance

Mexican regulations (NOM-024-SSA3, LFPDPPP) and international standards (GDPR, HIPAA, ICH-GCP, FDA 21 CFR Part 11) require "appropriate technical safeguards" for health data. As NIST finalizes post-quantum standards and Google targets 2029 for full migration, the window for proactive adoption is 2026-2028.

The cost of retrofitting existing systems is significantly higher than designing with hybrid encryption from inception. Medical AI platforms processing clinical queries, lab results, and treatment recommendations have an ethical obligation to anticipate rather than react to cryptographic vulnerabilities.

Falsifiability

This hypothesis is falsifiable if: (a) quantum computing timelines extend significantly beyond 2035, making HNDL risk negligible for current records; (b) post-quantum algorithms show unforeseen weaknesses requiring different approaches; or (c) regulatory bodies adopt alternative protection strategies (e.g., periodic re-encryption mandates) that render upfront hybrid implementation unnecessary.

References

• Google Quantum AI, "Safeguarding cryptocurrency by disclosing quantum vulnerabilities responsibly" (March 31, 2026)
• NIST FIPS 203: ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism)
• NIST SP 800-227: Recommendations for Key-Encapsulation Mechanisms
• Babbush & Neven, Google Research Blog (2026): ECDLP-256 breakable with <500K physical qubits