Data security should be a top-of-mind priority for any business. An organization’s intellectual property is key to its profitability, and numerous data privacy laws mandate that companies implement strong protections for customer data.

Data breaches happen on a daily basis (3205 in 2023 alone), demonstrating that we’re already struggling with data protection. However, the problem is even bigger than that. Currently, the gold standard for data security is encryption. But, many of the encryption algorithms in common use today have an expiration date, and it’s no longer just a nebulous future threat.

The post-quantum era — when classical public key encryption algorithms will be broken — is likely only about a decade away. That means that data being encrypted today may become public knowledge in just a few years. The question is – are we ready?

The security threat of quantum computing

Cybersecurity is growing more difficult by the day. As large language models (LLMs) and AI grow more sophisticated, they offer numerous opportunities for attackers to refine their tools and techniques. Cyber defenders have access to similar tools — and some advantages — but it’s a technological arms race between the two.

Quantum computing poses a future threat to data security and cybersecurity that is at least as significant as AI does today. Cryptography can be broken into two main types of algorithms: symmetric and asymmetric/public key cryptography. In general, the threat of quantum computing to symmetric algorithms is relatively minor. Additional computing power and some quantum algorithms have their benefits, but security is mainly a matter of longer keys and hash values.

However, the same can’t be said of the “classical” public key algorithms in common use today. These are based on trapdoor functions, which are mathematical functions that are “easy” to perform (polynomial complexity) and “hard” to reverse (exponential complexity). The asymmetry here means that it’s possible to create cryptographic algorithms that are usable but secure against modern computers.

The problem here is that many of these “hard” problems are much easier for quantum computers to solve. For example, the factoring problems can be broken by Shor’s algorithm in polynomial time. If an algorithm takes polynomial time to perform and can be broken in polynomial time, it’s no longer both usable and secure. An attacker couldn’t care less if it takes 10x or 100x more time for them to crack a highly sensitive email than it took for you to send it.

How far away are quantum computers?

For a long time, quantum computing was a threat in the “near but not too near” future. Research on quantum computing has been going on for years, but no one had a functional quantum computer, let alone one capable of breaking modern cryptographic algorithms.

However, the threat of quantum computing has moved from a hazy threat to a near-reality. Quantum computers exist today, and they’re quickly getting bigger. For example, IBM has unveiled a 1,121 qubit Quantum Condor chip, and its System Two quantum computers are modular, enabling more qubits to be added over time.

However, size matters with quantum computers. To break a 2048 RSA algorithm, you probably need a quantum computer with at least 4,000 logical qubits. A logical qubit is one that is stable and keeps its value, and we need several physical qubits to create one logical one. However, this depends on a number of factors, and estimates continue to decrease over time. This number is pushed down by both improvements in physical qubits and error-correcting algorithms.

We don’t have quantum computers with 4,000 logical qubits yet. (At least not that are known to the public.). However, large-scale quantum computing may not be as far off as you might think. Most likely, we’ll hit that point sometime in the next ten years. At that point, data security with classical algorithms becomes a race between key lengths and quantum computing. Transitioning to RSA 4096 would mean that even larger quantum computers are needed to break the encryption. However, this is only buying time as quantum computing continues to improve.

Is it already too late?

Call “Day 0” the day that the first 4,000 logical qubit quantum computer begins operation. We likely won’t know when this is until years later since it’ll probably be highly classified. Once the science gets to the point that these computers are possible, governments with sufficient resources will definitely be building them.

It’s entirely possible that “Day 0” has already happened. The NSA, GCHQ, etc. have a history of being years ahead of the public sector in terms of cryptographic research. An algorithm equivalent to RSA was invented by Clifford Cocks of GCHQ about four years before Rivest, Shamir, and Adleman had the idea. In the 1970s, the NSA insisted on changes to the Data Encryption Standard (DES) — the predecessor of AES — for reasons that were only determined in the 1990s when differential cryptanalysis was invented in the public sector. RSA (or any other cryptographic algorithm in common use today) could already be broken — using classical or quantum computing — and that fact would be classified at the highest level.

But let’s assume that RSA remains unbroken and quantum computers capable of breaking it won’t be available to anyone for ten more years. Even so, we’re easily at the point where the quantum threat is very real.

The reason for this is that governments, companies, or anyone else who will eventually be able to afford a quantum computer can collect and store encrypted data to be broken at their leisure when the tech becomes available. In fact, there have been multiple instances of Internet traffic being rerouted in what may be a “harvest now, decrypt later” attack.

The main limitation of this is that it only works for data that will still be sensitive on “Day 0”. Even with an optimistic “ten years out” estimate, this includes:

• Government and military secrets.
• Personally identifiable information (government ID numbers, addresses, etc.)
• Corporate intellectual property.

At this point, you might even have a credit card that won’t expire until large-scale quantum computers are available. The potential for “harvest now, decrypt layer” approaches to breaking encryption is significant because current web traffic encrypted with TLS likely still uses classical asymmetric cryptography for key exchange. This means that many of the types of sensitive data listed above are likely being transmitted over the public Internet protected by algorithms that will be broken within a decade.

Are we ready?

The core threat of quantum computing is our reliance on classical asymmetric encryption algorithms – and quantum computers can definitely break these algorithms as soon as they grow large enough.

This problem can be solved by moving to post-quantum encryption algorithms. These are equivalent to the asymmetric algorithms in common use today but are reliant on mathematical problems that are believed to be “hard” for quantum computers as well.

In 2023, NIST published drafts standards for post-quantum encryption algorithms, hash functions, and digital signature algorithms. These algorithms are an active area of research and development as companies design solutions to build them into TLS and other encryption and digital signature solutions.

However, it’s important to note that many of these algorithms are believed to be quantum-resistant and believed to be secure. Quantum physics is hard and quantum computing is a field in its infancy. It’s entirely possible that some of these “hard” problems won’t be as hard for quantum computers as we would like. There’s also the fact that — with the growth of AI — our ability to design and implement algorithms could grow by leaps and bounds in the next few years, with positive or negative implications for post-quantum computing and data security.

Advances in quantum computing aside, designing secure cryptographic algorithms is hard enough. SIKE, one of the finalists in the NIST contest for key exchange algorithms, was found to be breakable in about an hour on a legacy computer. On the other hand, the “340 cipher” created by the Zodiac Killer took over 51 years to break, and we’re still trying to read documents written in dead languages centuries ago. We can’t predict if or when a cryptographic algorithm will be broken.

Preparing for the post-quantum era

Quantum computing is already a threat to data security despite the fact that we currently lack quantum computers capable of breaking the algorithms we use today. An attacker with the resources (and storage space) to collect and store data encrypted today could decrypt it at their leisure once quantum computers are available.

The “best practice” approach to managing the quantum threat to data security is transitioning to post-quantum algorithms as soon as possible, especially for data that will be worth decrypting in ten years. If we’re honest, the cost of running a quantum computer to crack encryption and steal a credit card number is probably higher than the credit limit on the card. (Besides, there are faster and cheaper ways to do it.) However, some data encrypted today will be worth the effort and cost in the future.

An even better method of managing the quantum threat is data minimization. If you don’t need the data, don’t collect it, store it, transmit it, etc. An attacker can’t crack the code and steal data that you never had in the first place.