One of the most fundamental pillars of cybersecurity is cryptography, and most of the cryptography tools used today rely on computational assumptions, such as the difficulty of factoring 2048 bit numbers.
Two decades ago, we learned that the quantum paradigm implies that essentially all of the deployed public key cryptography will be completely broken by a quantum computer, and brute force attacks of symmetric ciphers can also be sped up significantly. Fortunately, quantum computers did not exist at the time.
Today, the wait-and-see approach is no longer a responsible option. Protecting against quantum risk takes many years of planning and deployment. The realistic timelines for evolving to a quantum-safe infrastructure are comparable to the timelines for the quantum risk to become a reality. If one is responsible for providing medium- or long-term confidentiality, the risk of waiting is even more acute.
Research advances in the past decade have brought security experts close to having a blueprint of a robust scalable quantum computing system, which will be followed by a focused engineering effort to build large-scale quantum computers. While it is hard to predict how long these final stages will take, there is no reason for people to be confident that it will take much more than a decade or so.
At present, I estimate a 1 in 7 chance of breaking RSA 2048 by 2026 and a 1 in 2 chance of breaking it by 2031. Recently, the US National Security Agency (NSA) announced preliminary plans for transitioning to quantum-resistant algorithms.
In my recent Journal article, “Cybersecurity in the Quantum World,” I explain quantum technologies and how they threaten cybersecurity. The article also discusses timelines for managing this quantum risk and the kinds of approaches an organization can take.
Read Michele Mosca’s recent Journal article:
“Cybersecurity in the Quantum World,” ISACA Journal, volume 5, 2015.