In early June, quantum consulting company Interference Advisors shared their new report on the quantum threat and Y2Q. Titled “Y2Q – the quantum threat to our data & communications”, the report covers recent cybersecurity trends through the prism of quantum computing and the quantum threat.
The quantum threat to cryptography as a concept is not new. It has been a major concern in expert circles ever since American mathematician Peter Shor introduced his quantum computing algorithm for efficiently finding the prime factors of an integer in 1994.
Why is Shor’s algorithm a huge deal? Well, modern public-key cryptosystems use prime numbers to generate cryptographic keys. These keys are secure against brute-force attacks because it would take millions of years for a classical computer to compute their prime factors. For quantum computers though, this problem will be far from difficult.
Operations in quantum computers are represented in qubits. Unlike classical bits that can encode information as either 0 or 1, qubits can encode a combination of 0 and 1 – a phenomenon called quantum superposition. Thanks to quantum superposition, quantum computers can perform computations much faster than classical computers.
In theory, a sufficiently large and powerful quantum computer can break 2048-bit RSA in just minutes, versus millions of years for a classical computer. Luckily for us now, quantum computers don’t yet have the power to crack public-key encryption.
But make no mistake – it’s just a matter of time until malicious groups get their hands on a quantum computer that’s powerful enough to defeat public-key encryption. And here’s where the concept of Y2Q comes into play.
What is Y2Q?
Y2Q is the date when quantum computers will become large and powerful enough to defeat classical public-key encryption systems. On this date, classical public-key encryption will become powerless against real-world threats.
The term Y2Q is a reference to Y2K, also known as the Year 2000 Problem. Before 2000, many programs represented the current year only with the last two digits. The issue with this approach was that such programs would treat the year 2000 as the year 1900.
While very simple at first glance, this software bug had the potential to disrupt global IT infrastructures and entire industries. It could disrupt aircraft scheduling, affect the readings of radiation levels at nuclear power plants, and cause mistakes in interest rate calculations.
Luckily, the Y2K bug was successfully solved with preemptive software updates. IT infrastructures across the world stayed intact, and we were able to continue to enjoy the conveniences of the digital era.
The year 2038 problem, or Y2K38, is a similar issue that we have yet to tackle. This problem will affect systems that use Unix time to measure time. Unix time measures the number of seconds elapsed since 00:00:00 UTC of January 1st, 1970 and stores the number as a signed 32-bit integer.
Because 32-bit integers can only encode integers between –(231) and 231 – 1, the latest time that Unix time can properly represent is 03:14:07 UTC on January 19th, 2038. After this date, programs using Unix time will not be able to correctly track time.
Why Y2Q is Much More Dangerous Than Y2K
What unites problems like Y2K, Y2K38, and Y2Q is that they have the potential to bring down entire IT infrastructures. Y2Q is very different and relates to our cryptographic systems, but at a high level, the effect of the three problems is similar.
However, what makes Y2Q much more dangerous than Y2K and Y2K38 is that we don’t know when it will happen.
Y2K and Y2K38 are fairly straightforward issues that are well understood. We’ve successfully dealt with Y2K, and Y2K38 likely won’t cause much trouble either. We have plenty of time until 2038, and we know precisely when Y2K38 will happen and can plan around that.
Y2Q doesn’t have a set date, and hackers aren’t going to be courteous enough to give us a warning before their first quantum attack. Security experts have tried to give estimates as to when Y2Q will be here, but their estimates vary so much that we can’t use them to plan ahead. What’s more, with time, expert estimates seem to have become more and more pessimistic.
Back in 2016, Professor Michele Mosca from the Institute for Quantum Computing at the University of Waterloo wrote that quantum attacks would break public-key cryptography by 2026 with a 1 in 7 chance and by 2031 with a 50% chance. Similarly, the Cloud Security Alliance estimates that Y2Q will arrive on April 14th, 2030.
In stark contrast with these estimates, a February 2022 survey by Dimensional Research and Cambridge Quantum shows a much gloomier picture. 61% of the 614 security professionals surveyed think that quantum attacks will defeat classical encryption methods within only 2 years. Another 28% think that it will take 3-5 years for classical public-key cryptography to be cracked.
While 2-5 years might sound ridiculous, these estimates are not without reason. Quantum technology is becoming better by the day. IBM, for example, managed to grow its quantum computers from 65 qubits in November 2020 to 127 qubits in November 2021 and plans to unveil a 1,121-qubit machine in 2023. However, qubit counts are just part of the equation.
Quantum Technology Improves Exponentially Quickly
Researchers keep finding more and more efficient ways of solving problems on quantum computers. This applies to breaking public-key encryption as well.
A few years back, researchers believed that hackers would need between ten million and one billion physical qubits to break 2048-bit RSA. But in 2019, a pair of researchers from Google and the KTH Royal Institute of Technology of Sweden described a way to break 2048-bit RSA in 8 hours with just 20 million physical qubits.
In the same year, Chinese researchers reformatted the integer factorization problem into an optimization task and used the D-Wave 2000Q quantum annealer to efficiently factorize large integers. The researchers stated that they wouldn’t have been able to do the same with Shor’s algorithm and the universal quantum computers available at the time.
In March 2022, Microsoft’s Azure Quantum program demonstrated the physics needed to build scalable topological qubits. Microsoft expects that topological qubits will allow it to more easily build stable and scalable quantum machines.
The likes of Google and IBM plan to build quantum machines with a million qubits by only 2030, so we are still far from the tens of millions of qubits necessary to break public-key encryption. However, algorithmic optimizations and leaps in quantum research might significantly shrink the compute requirements of this task.
Progress in quantum research is certainly exciting because it brings us that much closer to the practical applications of quantum computing. But similarly, it also dramatically shrinks the amount of time we have until Y2Q.
What You Can Do to Prepare for Y2Q
We cannot prevent Y2Q, but we can for sure prepare for it. The two keys to future-proofing your IT infrastructure are as follows:
- Deploying quantum-secure encryption solutions
- Preventing data breaches and minimizing data leaks
Let’s take a look at these two steps more in-depth below:
Deploying Quantum-Secure Encryption Solutions
Deploying quantum-safe security solutions is the first step to quantum-proofing your IT infrastructure. Upgrading to completely new cryptographic techniques requires risk assessment, extensive planning, updating cybersecurity policies, and retraining staff.
This process can take years, so starting early is key. If you delay the transition to quantum-safe protection, you might not be able to finalize its adoption before Y2Q.
There are currently two major approaches to quantum security – post-quantum cryptography (PQC) and quantum cryptography. Post-quantum cryptography relies on complex mathematical algorithms that are thought to be resistant to quantum attacks, while quantum cryptography exploits the properties of quantum mechanics. The most famous quantum cryptography technique is quantum key distribution, or QKD.
Because PQC is based on math, it can be easily implemented in computer code and delivered to end devices through software updates. However, PQC has a noticeable performance cost due to its large key sizes, and it won’t be resistant to increasing quantum computing power.
In contrast, quantum cryptography and QKD in particular theoretically provide 100% protection against quantum threats for indefinite time frames. This is because they rely on quantum mechanics rather than mathematical complexity. The main downside of QKD is that it’s expensive to implement because it requires dedicated optical fiber connections and photon emitters to securely transmit data. At this point, QKD is still a lab experiment.
While PQC seems more promising, a combination of PQC and QKD would probably deliver the best all-around protection. As a matter of fact, Quantropi’s unique QiSpace™ SaaS quantum security platform offers digital QKD and a novel PQC algorithms that solve the issues of their “vanilla” counterparts while keeping their strengths.
Preventing Data Breaches and Minimizing Data Leaks
Data harvesting is a major concern for cybersecurity experts. While we don’t know this for sure, hacker groups might be employing the so-called “Steal now, decrypt later” tactic. This tactic boils down to the following – hackers might be holding on to data they cannot crack today in the hopes of being able to crack it at a later time.
Y2Q might be this “later time.”
Current public-key encryption algorithms are resistant to brute-force attacks. Unless the attackers have your cryptographic keys, they will not be able to decrypt your data. Until they get their hands on a powerful quantum computer, that is.
This implies that any piece of your data that has been recently leaked or stolen is a likely threat to your long-term security. Forms of data that need to stay confidential for a very long time – like personally identifiable information – are especially vulnerable. Recent trends in cyberattacks amplify the danger of data harvesting even further.
2021 became a record-breaking year for data breaches. Already by September 30, 2021, 1,291 data breaches had been recorded – 17% more than in the entirety of 2020. Hundreds of millions of user records were leaked through incidents at Cognyte, LinkedIn, and Facebook.
2022 might be yet another record-breaking year as Q1 2022 has already marked the third consecutive year when data breaches increased compared to Q1 of the previous year. The Russian invasion of Ukraine has raised the stakes further as it increased the geopolitical tension between NATO countries, Russia, and possibly China.
After Russia invaded Ukraine, attacks on NATO countries from Chinese IPs surged by 116%. Additionally, in March 2022, it was discovered that Russian internet company Yandex embedded tracking code into mobile apps through its platform that allows developers to create applications for Android and iOS devices. The data of millions of users might have ended up in the hands of the Kremlin.
All this leads to one thing – you should start strengthening your data protection measures as soon as you can to prevent or minimize data harvesting. To do this, you could upgrade your cybersecurity tech stack or use approaches like zero trust, and you could also use quantum-proof cryptography to make your data resistant to future quantum attacks today.
The Time to Act is Now
As Professor Mosca points out, fixing vulnerabilities and defeating individual hacks is nothing to write home about. Vulnerabilities in software can be easily patched, while malicious insiders can be quickly detected and removed from your company. Although the consequences of hacker attacks can be devastating, identifying and fixing vulnerabilities in software or hardware isn’t that challenging per se.
It’s an entirely different deal when we consider cryptography as a whole. Because public-key cryptography is the foundation of modern data protection, there are no fixes that we can deploy overnight if it breaks. It takes years and years to research, plan, and deploy cryptographic systems.
We managed to solve Y2K by proactively changing the way our software represented dates. Because we took action early, we were able to avoid major IT incidents.
We must act the same way for Y2Q, though this is easier said than done. While the clock is ticking, many businesses still don’t realize the seriousness of the quantum threat. It doesn’t help that NATO and the White House started preparing for Y2Q only recently and that NIST is to release standards for PQC only by 2024.
We must act now – or it will be too late.
Read the full report on Y2Q with all the data and analysis here.