Quantum computing (QC) brings with it a mix of groundbreaking possibilities and significant risks. Major tech players like IBM, Google, Microsoft şi Amazon have already rolled out commercial QC cloud services, while specialized firms like Quantinuum and PsiQuantum have quickly achieved unicorn status. Experts predict that the global QC market could add more than $1 trillion to the world’s economy between 2025 and 2035. However, can we say with certainty that the benefits outweigh the risks?

On the one hand, these cutting-edge systems hold the promise of revolutionizing areas such as drug discovery, climate modeling, AI and maybe even artificial general intelligence (AGI) development. On the other hand, they also introduce serious cybersecurity challenges that should be addressed right now, even though fully functional quantum computers capable of breaking today’s encryption standards are still several years away.

Understanding the QC threat landscape

The main cybersecurity fear tied to QC is its potential to break encryption algorithms that have been deemed unbreakable. A studiu by KPMG revealed that around 78% of U.S. companies and 60% of Canadian companies anticipate that quantum computers will become mainstream by 2030. More alarmingly, 73% of U.S. respondents and 60% of Canadian respondents believe it’s just a matter of time before cybercriminals start using QC to undermine current security measures.

Modern encryption methods rely heavily on mathematical problems that are virtually unsolvable by classical computers, at least within a reasonable timeframe. For instance, factoring the large prime numbers used in RSA encryption would take such a computer around 300 trillion years. However, with Shor’s algorithm (developed in 1994 to help quantum computers factor large numbers quickly), a sufficiently powerful quantum computer could potentially solve this exponentially faster.

Grover’s algorithm, designed for unstructured search, is a real game-changer when it comes to symmetric encryption methods, as it effectively cuts their security strength in half. For instance, AES-128 encryption would only offer the same level of security as a 64-bit system, leaving it open to quantum attacks. This situation calls for a push towards more robust encryption standards, such as AES-256, which can stand firm against potential quantum threats in the near future.

Harvesting now, decrypting later

The most concerning is the “harvest now, decrypt later” (HNDL) attack strategy, which involves adversaries gathering encrypted data today, only to decrypt it once QC technology becomes sufficiently advanced. It poses a significant risk to data that holds long-term value, like health records, financial details, classified government documents and military intelligence.

Given the potentially dire consequences of HNDL attacks, many organizations responsible for vital systems around the world must adopt “crypto agility.” This means they should be ready to swiftly swap out cryptographic algorithms and implementations whenever new vulnerabilities come to light. This concern is also reflected in the U.S. National Security Memorandum on Promoting U.S. Leadership in Quantum Computing While Mitigating Risk to Vulnerable Cryptographic Systems, which specifically points out this threat and calls for proactive measures to counter it.

The threat timeline

When it comes to predicting the timeline for quantum threats, expert opinions are all over the map. A recent report from MITRE suggests that we probably won’t see a quantum computer powerful enough to crack RSA-2048 encryption until around 2055 to 2060, based on the current trends in quantum volume – a metric used to compare the quality of different quantum computers. 

At the same time, some experts are feeling more optimistic. They believe that recent breakthroughs in quantum error correction and algorithm design could speed things up, possibly allowing for quantum decryption capabilities as early as 2035. For instance, researchers Jaime Sevilla and Jess Riedel released a report in late 2020, expressing a 90% confidence that RSA-2048 could be factored before 2060. 

While the exact timeline is still up in the air, one thing is clear: Experts agree that organizations need to start preparing right away, no matter when the quantum threat actually arrives.

Quantum machine learning – the ultimate black box?

Apart from the questionable crypto agility of today’s organizations, security researchers and futurists have been also worrying about the seemingly inevitable future merging of AI and QS. Quantum technology has the potential to supercharge AI development because it can handle complex calculations at lightning speed. It can play a crucial role in reaching AGI, as today’s AI systems need trillions of parameters to become smarter, which leads to some serious computational hurdles. However, this synergy also opens up scenarios that might be beyond our ability to predict. 

You don’t need AGI to grasp the essence of the problem. Imagine if quantum computing were to be integrated into machine learning (ML). We could be looking at what experts call the ultimate black box problem. Deep neural networks (DNNs) are already known for being quite opaque, with hidden layers that even their creators struggle to interpret. While tools for understanding how classical neural networks make decisions already exist, quantum ML would lead to a more confusing situation.

The root of the issue lies in the very nature of QC, namely the fact that it uses superposition, entanglement and interference to process information in ways that don’t have any classical equivalents. When these quantum features are applied to ML algorithms, the models that emerge might involve processes that are tough to translate into reasoning that humans can grasp. This raises some rather obvious concerns for vital areas like healthcare, finance and autonomous systems, where understanding AI decisions is crucial for safety and compliance.

Will post-quantum cryptography be enough?

To tackle the rising threats posed by QC, the U.S. National Institute of Standards and Technology (NIST) kicked off its Post-Quantum Cryptography Standardization project back in 2016. This involved conducting a thorough review of 69 candidate algorithms from cryptographers around the globe. Upon completing the review, NIST chose several promising methods that rely on structured lattices and hash functions. These are mathematical challenges thought capable of withstanding attacks from both classical and quantum computers. 

In 2024, NIST rolled out detailed post-quantum cryptographic standards, and major tech companies have been taking steps to implement early protections ever since. For instance, Apple unveiled PQ3 — a post-quantum protocol — for its iMessage platform, aimed at safeguarding against advanced quantum attacks. On a similar note, Google has been experimenting with post-quantum algorithms in Chrome since 2016 and is steadily integrating them into its various services. 

Meanwhile, Microsoft is making strides in enhancing qubit error correction without disturbing the quantum environment, marking a significant leap forward in the reliability of QC. For instance, earlier this year, the company announced that it has created a “new state of matter” (one in addition to solid, liquid and gas) dubbed “topological qubit,” which could lead to fully realized QCs in years, rather than decades.

Key transition challenges 

Still, the shift to post-quantum cryptography comes with a host of challenges that must be tackled head-on:

• The implementation timeframe: U.S. officials are predicting it could take anywhere from 10 to 15 years to roll out new cryptographic standards across all systems. This is especially tricky for hardware that’s located in hard-to-reach places like satellites, vehicles and ATMs. 
• The performance impact: Post-quantum encryption usually demands larger key sizes and more complex mathematical operations, which could slow down both encryption and decryption processes. 
• O shortage of technical expertise. To successfully integrate quantum-resistant cryptography into existing systems, organizations need highly skilled IT professionals who are well-versed in both classical and quantum concepts. 
• Vulnerability discovery: Even the most promising post-quantum algorithms might have hidden weaknesses, as we’ve seen with the NIST-selected CRYSTALS-Kyber algorithm. 
• Supply chain concerns: Essential quantum components, like cryocoolers and specialized lasers, could be affected by geopolitical tensions and supply disruptions.

Last but certainly not least, being tech-savvy is going to be crucial in the quantum era. As companies rush to adopt post-quantum cryptography, it’s important to remember that encryption alone won’t shield them from employees who click on harmful links, open dubious email attachments or misuse their access to data. 

A recent example is when Microsoft found two applications that unintentionally revealed their private encryption keys — while the underlying math was solid, human error made that protection ineffective. Mistakes in implementation often compromise systems that are theoretically secure. 

Preparing for the quantum future

Organizations need to take a few important steps to get ready for the challenges posed by quantum security threats. Here’s what they should do, in very broad terms: 

• Conduct a cryptographic inventory — take stock of all systems that use encryption and might be at risk from quantum attacks. 
• Assess the lifetime value of data — figure out which pieces of information need long-term protection, and prioritize upgrading those systems. 
• Develop migration timelines — set up realistic schedules for moving to post-quantum cryptography across all systems. 
• Allocate appropriate resources — make sure to budget for the significant costs that come with implementing quantum-resistant security measures. 
• Enhance monitoring capabilities – put systems in place to spot potential HNDL attacks. 

Michele Mosca has come up with a theorem to help organizations plan for quantum security: If X (the time data needs to stay secure) plus Y (the time it takes to upgrade cryptographic systems) is greater than Z (the time until quantum computers can crack current encryption), organizations must take action right away.

Conclusion

We’re stepping into an era of quantum computing that brings with it some serious cybersecurity challenges, and we all need to act fast, even if we’re not entirely sure when these challenges will fully materialize. It might be decades before we see quantum computers that can break current encryption, but the risks of inaction are simply too great. 

Vivek Wadhwa of Foreign Policy magazine puts it bluntly: “The world’s failure to rein in AI — or rather, the crude technologies masquerading as such — should serve to be a profound warning. There is an even more powerful emerging technology with the potential to wreak havoc, especially if it is combined with AI: Quantum computing.” 

To get ahead of this technological wave, organizations should start implementing post-quantum cryptography, keep an eye on adversarial quantum programs and secure quantum supply chain. It’s crucial to prepare now — before quantum computers suddenly make our current security measures entirely obsolete.

Julius Černiauskas is CEO at Oxylabs.

Informații zilnice despre cazurile de utilizare în afaceri cu VB Daily

Dacă vrei să-ți impresionezi șeful, VB Daily te ajută. Îți oferim informații privilegiate despre ce fac companiile cu inteligența artificială generativă, de la schimbările de reglementare la implementările practice, astfel încât să poți împărtăși informații pentru un ROI maxim.

Citiți-ne Politica de confidențialitate

Mulțumesc pentru abonare. Află mai multe Buletine informative VB aici.

A apărut o eroare.