While threats from phishing emails and other kinds of cyberattacks are more of a nuisance with each passing year, there’s a greater worry ahead: quantum computing is universally expected to render our most common data security methods obsolete. The only question is how soon.
“As of right now, every piece of information that we have is already lost,” says Shohini Ghose, a quantum physicist and professor of physics and computer science at Wilfrid Laurier University in Waterloo, Ontario. “The day the quantum computer was proposed was the day that we’'ve all become vulnerable. And I don’'t think we realize that, as yet — and if it sounds like panic and alarm, actually we are not panicking and being alarmist enough.”
This raises a couple of pressing questions: How should we respond? And how will that response shape a potentially transformative technology at a pivotal stage of development?
Recently, Ghose and a handful of other experts from around the world gathered near the Eiffel Tower at the headquarters of the United Nations Educational, Scientific and Cultural Organization to tackle these questions. Other international organizations are also searching for answers.
Quantum computers harness the properties of subatomic particles to process information. The first such machine of its kind is generally considered to have been built in 1998. It consisted of two quantum bits, or “qubits,” the fundamental units of information with which these machines encode data. IBM’s Quantum System One, which was inaugurated near Bromont, Quebec in 2023, (and which looks vaguely like a streamlined floating garbage can), has a 127-qubit processor. Early in 2024, a California-based start-up announced it had developed a machine with more than 1,100 qubits.
Challenges abound. For one thing, qubits are notoriously sensitive to their environment and generally need to be kept at temperatures colder than that of outer space. But the progress so far has been enough to capture the attention of political leaders.
In 2016, when Prime Minister Justin Trudeau was jokingly asked jby a reporter to explain how the technology worked, he made international headlines by delivering a convincing answer to a room crammed with physicists. “A regular computer bit is either a one or a zero, either on or off. A quantum state can be much more complex than that, because as we know, things can be both particle and wave at the same time, and the uncertainty around quantum states allows us to encode more information into a much smaller computer. So that’s what’s exciting about quantum computing,” Trudeau said, to applause. “Don’t get me going on this, or we’ll be here all day.”
Governments around the world have invested more than US$40 billion in quantum research and development to date, according to consulting firm McKinsey and Company. The consultancy estimates the overall market for the technology could hit US$173 billion by 2040.
Rebecca Krauthamer, co-founder and chief product and technology officer at QuSecure, a post-quantum cybersecurity company, says the goal is to produce machines that are more than just bigger, faster classical computers. Comparing the former to the latter is “like comparing a microwave to a candle,” she says. “They’re just totally different worlds.”
Quantum computers will eventually be able to tackle those problems exponentially faster than can conventional computers. Digital signatures and blockchain could also be compromised.
This new world is being touted as a way to deal with pressing global challenges such as food security and climate change, among other problems. But as development accelerates, risks also come into view. “For all the amazing things they’ll do, one of the things they will also do is break many of the mechanisms we use for e-commerce and data protection presently. So we need to come up with new mechanisms which would protect us against such an event,” says Vikram Sharma, CEO and founder of Canberra, Australia-based QuintessenceLabs and a member of the World Economic Forum’s Global Future Council on the Future of Cybersecurity. “If we don’t, it would potentially impact the correct functioning of our society.”
Some of the most commonly used encryption methods, known by the abbreviations RSA and ECC, hinge on the difficulty of completing mathematical tasks such as factoring large numbers. Quantum computers will eventually be able to tackle those problems exponentially faster than can conventional computers. Digital signatures and blockchain could also be compromised by the technology.
A recent KPMG survey of 250 major corporations found that 60 percent of those in Canada and 73 percent in the United States believe “it’s only a matter of time” until the technology is applied to disrupt current cybersecurity protocols. One result, a 2022 report from the World Economic Forum noted, may be that “all regulations and laws regarding privacy, data management etc. would be impossible to uphold[3] .” A likely erosion of public trust in digital technology could compound these problems.
Companies such as Sharma’s and Krauthamer’s are developing tools to protect digital information from “Q Day” — when a quantum computer powerful enough to compromise the encryption systems that secure our digital world emerges.
When that will happen is hotly debated. An annual survey of several dozen leading quantum experts in 2023 put the time frame at between five and 30 years, with an estimated chance of 31 percent, on average, that a machine capable of cracking conventional cryptographic schemes will be built within a decade. “The technology is clearly maturing, and there is no known fundamental barrier to realizing large-scale quantum computing,” the survey’s authors wrote. “Cyber-risk managers should consider it more a matter of ‘when’ than of ‘if.’”
Adding to these fears is the belief that we won’t know when Q-Day has arrived. During the Second World War, when a team of codebreakers at an estate home in southeast England managed to crack Nazi Germany’s Enigma cypher machine, “they didn’t blast that out as an announcement to the world. They kept that secret, right?” Krauthamer says. “And so we are also unlikely to know when a... ‘cryptographically relevant quantum computer,’ comes online because it’s a very powerful tool and those that have that tool first will likely want to keep it secret as long as possible.”
Governments have been pouring significant amounts of money into research and development inhopes of gaining a strategic advantage. China is believed to have invested by far the most, at US$15 billion, according to McKinsey. The Chinese government built a sprawling 37-hectare national laboratory devoted to quantum computing near Shanghai in 2017. Earlier this year, researchers published a paper in the Chinese Journal of Computers that described the technology as “an exciting yet formidable challenge to cryptographic security” and claimed they had found a new approach that “has shown better realistic attack capabilities” against widely used RSA encryption.
And while Q-Day could still be years out, some governments are believed to be using "harvest now, decrypt later” attacks that involve acquiring and storing huge amounts of encrypted data so they can later access it.
And while Q-Day could still be years out, some governments are believed to be using "harvest now, decrypt later” attacks that involve acquiring and storing huge amounts of encrypted data so they can later access it once a “cryptographically relevant” quantum computer exists. In one such suspected attack, internet traffic from Toronto to South Korean government websites was diverted by China Telecom en route to its final destination for six months in 2016. “It is absolutely happening now,” Krauthamer says. “I can’t get into the political side. But it is a sure thing.”
What’s more, the analytical power of a machine that can break current encryption protocols is also likely to be far greater than with conventional computers, she says, meaning the insights that can be gleaned from online data leaks will be “much more impressive.” That could also put anonymized data sets at risk of being decoded.
So a rush to protect sensitive data is unfolding. Google says that in 2022 it put in place post-quantum cryptography — which relies on algorithms based on different math that are believed to be able to withstand quantum attacks — for all of its internal communications. The White House has been urging federal agencies in the US to begin migrating to this new type of cryptography and in July, its Office of Management and Budget said the cost of doing so will top US$7.1 billion between 2025 and 2035.
In August of 2024, one US agency published a trio of algorithms it hopes system administrators will adopt “as soon as possible.” The National Institute of Standards and Technology (NIST), which promotes innovation and competitiveness in American industry, said these new post-quantum standards will “secure a wide range of electronic information, from confidential email messages to e-commerce transactions that propel the modern economy.” The algorithms were eight years in the making. Two were co-produced by researchers at IBM. The third was co-produced by an expert who has since joined that company. (A fourth algorithm that the agency is expected to publish is also being built in collaboration with IBM.)
Other countries are introducing requirements for sensitive sectors of their economies to begin the shift to post-quantum cryptography, Sharma says. Governments can also play an advisory role by putting out guidance and standards on how organizations can protect themselves from quantum attacks, he says, as NIST is doing. They can become early adopters too, and “showcase how large organizations can transition into this new security regime. And then the follow on to that could be that they say, ‘all right, if you want to do business with us, then we need you to equally conform to a certain level of security maturity.’”
In Canada, a national quantum strategy launched in 2023 pledges in part to identify what information held by the federal government “is at greatest risk” and to develop a plan to protect it. But Ghose says a much broader effort is needed. “We have to really mobilize to shift to much better encryption systems,” she says. “We have to mobilize all of our different sectors, and both the small businesses as well as the large industry players, to really think about this and rapidly translate to these newer standards that are not as vulnerable.”
On an international level, there are also concerns about the extent to which different countries will be able to protect themselves, and what exactly the gap between the haves and have-nots will mean.
“The big risk is a huge quantum divide between countries with quantum technologies, with huge national programs about quantum technologies, and countries that don’t have programs or don’t have quantum technologies,” says Luca Possati, an assistant professor at the University of Twente in the Netherlands who studies human-technology interaction. “The risk of divide and the consequences of a possible divide can be very dangerous ,” he adds. “But of course, it’s quite difficult to say what is going to happen because there are so many variables, we still don’t know actually all the potentialities of this technology.”
