In Quantum Tech Pod Episode 26, Quantropi CTO Michael Redding argues that Y2Q is coming much sooner than many might think. Y2Q (also sometimes called Q-Day) is the date when quantum computers will defeat public-key cryptography.
Even NATO and the White House recently started preparing for Y2Q and NIST just announced its first four quantum-resistant cryptographic algorithms.
When will Y2Q arrive?
So when will quantum computers be able to break the cryptography we use today? The opinions of experts vary considerably.
According to the 2021 Quantum Threat Timeline Report (January 2022), cybersecurity experts appear to be more or less confident that quantum computers will be able to break RSA-2048 within 15 years. The Cloud Security Alliance (CSA) is more pessimistic – they estimate that Y2Q will arrive on April 14, 2030.
However, CSA’s estimates are nowhere as pessimistic as the results of a very recent global survey of security professionals carried out by Dimensional Research and sponsored by Cambridge Quantum. The survey results were published in February 2022. Of the surveyed 614 security professionals, 61% think that quantum attacks will neutralize current encryption tech within just 2 years. 28% think that current encryption technologies will be compromised within 3-5 years.
Truth be told – no one can tell when Y2Q will come. However, certain factors incline us to believe that the quantum threat will become a reality much sooner than many might be thinking.
Why Y2Q is coming sooner than you think
One of the difficulties of predicting the date of Y2Q is that technology often doesn’t develop linearly – it develops in “fits and starts” including sudden periods of exponential growth. Across many domains, the better a technology gets, the faster we see further improvements to it. As momentum and investment build, research breakthroughs can cause technology to shoot forward at much higher rates than we may otherwise predict.
This extends to quantum computing as well. While we can look back at how fast quantum computers have developed so far and extrapolate our observations into the future, we also need to factor in the unexpected (but highly anticipated) leaps in technology and innovative approaches that will exponentially accelerate progress in quantum computing achievements.
At the highest level, the global investment of billions of dollars annually in quantum research is why Y2Q will likely be here sooner than later. This leads us to go a little bit deeper and give more specific reasons as to why Y2Q is getting very close, very fast.
Quantum computing technology is becoming more efficient
The RSA (Rivest-Shamir-Adleman) public-key cryptosystem is widely used to protect cryptographic keys in transit today. RSA uses keys of varying lengths – from 100 to 4096 bits – with 2048 bits being the minimum key length recommended by NIST since 2015.
How many qubits are necessary to break RSA-2048?
For physical (noisy) qubits, estimates range from tens of millions to a billion, according to Michele Mosca – the father of quantum computing efforts at the University of Waterloo, Ontario. However, in May 2019, a pair of researchers from Google and the KTH Royal Institute of Technology (Stockholm, Sweden) described a method of factoring 2048-bit RSA integers in just 8 hours using only 20 million physical qubits.
Now, we are quite far from 20 million physical qubits. The likes of Google are planning to build a quantum computer with 1,000,000 physical qubits only by 2030.
However, in March 2022, Microsoft demonstrated the physical foundations of a topological qubit. Microsoft views topological qubits as the way to build a quantum machine that is more stable and more scalable than computers that rely on other types of qubits. Microsoft’s research into topological qubits may significantly accelerate the development of large-scale quantum machines that are powerful enough to break RSA.
The bottom line for all this is as follows – even though quantum computers aren’t yet large enough to break encryption algorithms like RSA, technological advancements might allow researchers to accelerate the development of quantum computers. With that in mind, expert opinions that quantum computers will neutralize classical cryptography within 2-5 years don’t sound that far-fetched.
Shor’s algorithm might not be the only way to break encryption
Currently, the ability of quantum computers to break public-key encryption is based on Shor’s algorithm. However, who said that Shor’s algorithm is the way to crack encryption algorithms?
In 2019, Chinese researchers turned the integer factorization problem into an optimization task. They used the D-Wave 2000Q quantum annealer – a quantum machine specialized in optimization problems – to factor the integer 376289 with just 94 qubits. Further optimizations allowed the researchers to factorize the much larger number 1005973 with only 89 qubits.
The researchers stated that factorizing 1005973 using Shor’s algorithm would require 41 universal qubits, which universal quantum computers weren’t able to achieve with acceptable accuracy back in 2019. The IBM Q System One (January 2019) could theoretically factor up to 10-bit integers, while the D-Wave at the time had a thousand-fold advantage in factorization problems.
This study shows that we can reframe the integer factorization problem to solve it more efficiently with a fewer number of qubits. Not only that, but it also demonstrates that quantum annealers are a potential tool for breaking public-key encryption.
2 More Reasons Why You Should Transition to Quantum-Safe Protection Now
The advancements we’ve just talked about might shorten the time left until Y2Q. However, tech developments aren’t the only reason to start thinking about upgrading to quantum-safe protection. Even if we completely disregard research into quantum computing, there are 2 more reasons why switching to quantum-secure data protection soon is a very good idea.
1. Hackers might be collecting your data now to crack it tomorrow
If you keep your data encrypted (as you should), data theft might not be a huge deal for you. Hackers are very unlikely to be able to brute-force your encryption defenses no matter how much computing power they throw at them.
Your encrypted data is safe – but only for now.
Hackers might not be able to crack classical encryption algorithms today, but what will happen when they get their hands on a powerful quantum computer? That’s right, they will be able to easily break through your data defenses.
Recall all the instances when your data has been leaked or stolen. All that data might be sitting in some hacker group’s data center right now, waiting to be cracked. Every piece of data that’s been stolen over the years is a ticking time bomb. When that bomb blows up – that is, when hackers get access to quantum computers – your business secrets will no longer be secret. Your proprietary source code, financial records, client information – hackers will be able to access it all.
Although we don’t know for sure if hackers are indeed following the “steal now, crack later” strategy, it would be safe to assume that they do. We have to think about the worst-case scenarios to be able to protect ourselves from future threats. So if you have data that needs to remain protected for 10 or 20 years, you should start thinking about quantum-secure protection right now.
It may take a very long time for you to switch to quantum-secure protection
How much time would it take for you to quantum-proof your IT infrastructure? The transition might take from months to years, depending on the scope of the changes.
The move to quantum-proof cryptography is a multi-step process. It incorporates understanding your current cryptographic tools, identifying your most vulnerable and valuable assets, and updating your cryptographic policies to include quantum-proof measures. You will also need to decide which enterprise quantum-safe solution to use, which may require months of consultations with different vendors.
After these steps are completed, you will need to start the actual deployment of quantum-secure cryptography. Although software-based platforms like QiSpace™ are easy to deploy via programming APIs and software updates, rolling out a new cryptography stack across an enterprise will take time. And then, you will need to introduce your staff to your updated cryptography tools and the new cybersecurity policies.
The scope of the transition can be enormous. In the worst-case scenario, it may take you years to transition your IT infrastructure to quantum-secure cryptography. The main issue and question here is as follows – do we have years until Y2Q? The answer is that we don’t know for sure.
Crypto Agility as the Answer to Long-Term Cybersecurity Challenges
Cryptographic agility is the way to address cybersecurity challenges in the long run. Although using cutting-edge technology to protect data today is a great start, you should also be proactive and plan your cybersecurity policies with the future in mind.