Is your cybersecurity ready to take the quantum leap?
A man takes a photo of the IBM Q System One quantum computer. Image: Reuters/Steve Marcus
Listen to the article
• Data currently considered secure could be stolen – and accessed via quantum methods later.
• Quantum algorithms such as Shor's can break classical cryptographic problems.
• Governments, academia and industry must collaborate on the quantum transition.
When will quantum computing break cryptography? This is a question often asked but unfortunately a specious one, because it frames the threat to be in the future. For data that will require protecting for decades, the threat is today. The impact is in the future. Data considered securely protected today is already lost to a prospective quantum adversary if stolen or harvested now.
All data – past, present and future – that is not protected using quantum-safe security will be at risk. It threatens the digital infrastructure on which modern societies rely. All critical infrastructure, transactions and processes relying on cryptography that are not quantum-safe could be compromised, causing widespread disruption. As the quantum threat exists today, governments and business shouldn’t delay action.
Quantum computers manipulate delicate quantum mechanical states to solve classically difficult problems. By encoding problems in quantum mechanical states and running the correct circuits to pinpoint a few outcomes containing the solution, quantum computers can perform feats out of reach for the most powerful classical computers. This unprecedented computational power holds tremendous growth opportunities for economies and society, but also challenges security applications that rely on the lack of easy solutions to current cryptography methods to protect data.
How do quantum algorithms work?
Some quantum algorithms are capable of efficiently solving some of the core cryptographic problems used to secure systems and protect data today. The most powerful is Shor’s algorithm. It provides an exponentially faster method to factor large integers, the hard-mathematical problem underpinning much of our public key cryptography. Running the type of algorithms that break encryption requires a quantum computer that can execute hundreds of millions of quantum operations with less than an error in a billion operations.
When will such a machine exist? It depends on the security level of the cryptography used and the rate of innovation in quantum computing.
The largest RSA (a common public-key cryptosystem) integer solved classically is 768 bits. The best estimate for a quantum computer to break that requires 2,400 qubits (the quantum mechanical version of classical bits, representing a unit of information) capable of executing 153 million operations. These operations must have no errors, because errors cause the computation to fail and lead to incorrect results. That means less than 0.000000006 errors per operation. Breaking RSA 2048 cryptography would require 6,200 qubits and 2.7 billion operations, demanding an error rate below 0.0000000003 to complete the task in about eight hours.
The best machines today achieve error rates per two-qubit gate of about 1%, and our achievable error rate is limited to between 0.0001 and 0.00001 unless we use quantum error correcting codes to encode information in logical qubits, which today are technically challenging. Not a single logical qubit has been demonstrated yet. The advent of a machine able to break encryption in less than a decade is thus highly unlikely.
The last decade has seen a significant migration from RSA 2048 to a scheme called Elliptic Curve Cryptography (ECC). Quantum computers are also capable of breaking it, but the cost of the quantum computation for ECC has been less studied than for RSA. Therefore, we cannot conclude that this problem is less or more difficult than RSA factoring in quantum computers without further studies. But both are breakable by quantum algorithms. Governments and enterprises need to prepare themselves by understanding the risk of quantum computing to their infrastructures.
Why act now?
The longer we postpone the migration to quantum-safe standards, the more data will be at risk. We use cryptography to protect infrastructures, provide trust in electronic transactions and secure digital evidence. New cars, airplanes, and critical infrastructures are designed today to be highly connected within digital ecosystems and have expected lifetimes of decades. As our world becomes increasingly more connected and automated, we are becoming more fragile from a cybersecurity perspective.
A future vulnerability in a legacy component that is not quantum-safe could result in widespread disruption if compromised. Moreover, today’s systems use cryptography to authenticate the origin and check the integrity of critical updates and patches, but we do not design them such that cryptography can be easily updated. Many reports detail how much of the critical infrastructure worldwide is controlled by operating systems that are no longer supported. The World Economic Forum estimates that over 20 billion digital devices will need to be upgraded or replaced globally in the next 10-20 years to use quantum-safe cryptography. For most devices, this will not be possible remotely because the cryptography for checking updates is not always part of the update. Organizations need to plan and act now for this transition to occur as soon as possible.
How can we secure our quantum future?
Quantum computing’s revolutionary potential for scientific, social and economic impact has prompted heavy investment and ambitious initiatives worldwide. Maintaining the lead in quantum technologies requires focused investments and development acceleration through early adoption, testing and feedback. Fundamental research in quantum theory, hardware and software is needed, including the development of novel qubits, methods to improve qubit quality and their performance in quantum circuits, techniques to mitigate and correct errors, development of optimized quantum circuits and compilation schemes, and components to enable the development of advanced scaling technologies.
Individual teams lack the wherewithal to build a quantum computer exceeding thousands of qubits capable of executing quantum circuits with less than an error in a billion operations. Government, academia and industry must work together to advance the fundamental science and execute on an efficient and aggressive development roadmap with meaningful, well-defined metrics.
Governments and enterprises must also mitigate the cybersecurity risks. The United States sponsored the selection and standardization of quantum-safe cryptography through a multi-year process at the National Institute of Standards and Technology. Other countries have initiated similar efforts. Government and industry must usher in the era of quantum-safe cryptography and infrastructure with activities to develop risk and mitigation frameworks, and new standards for consuming cryptography.
How is the Forum tackling global cybersecurity challenges?
Quantum-safe algorithms are only the start. Industry security standards and protocols need to be updated for these new algorithms. This can take many years in some standards organizations. And despite cryptography’s role in protecting data and systems, there is little or no governance or guidance for its management, hindering the migration of organizations to new cryptographic standards. Assistance in the development of cryptography governance guidance is urgently needed.
The time to prepare for a safe quantum computing future is now.
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
Stay up to date:
Quantum Computing
Related topics:
The Agenda Weekly
A weekly update of the most important issues driving the global agenda
You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.
More on CybersecuritySee all
Filipe Beato and Jamie Saunders
November 21, 2024