There may come a day known as Q-Day that will destroy global security as we know it.
That could be in a few years, but also in ten years or more. But scientists, mathematicians and governments are not waiting idly for the quantum threat to become a reality.
Q-Day will see the construction of a quantum computer so powerful that it could break the public encryption systems that protect our online conversations, bank accounts and most vital infrastructure, wreaking havoc on governments and businesses.
How this digital doomsday would happen comes down to simple math.
How it started
Since the dawn of the Internet, cryptography has protected our online data and conversations by hiding or encrypting information that only the person receiving the message can read on traditional computers.
In the 1970s, mathematicians developed encryption methods that consisted of numbers hundreds of digits long. The difficulty of mathematical problems was so great that they could take hundreds of years to solve if the correct parameter size and numbers were used.
Breaking the encryption requires breaking down the ciphers into their key factors, but with traditional computers this can take hundreds, if not thousands, of years.
The threat of codes being cracked was therefore not a major concern.
That was until 1994 when American mathematician Peter Shor showed how this could be done with an algorithm using a then hypothetical quantum computer that could factor large numbers much faster than a traditional computer.
The rise of quantum
The quantum threat wasn’t a big problem at the time, but four years later it started to become a problem when the first quantum computer was built.
While those quantum computers – and the ones currently being built – are still not powerful enough to use Shor’s algorithm to decrypt the ciphers, intelligence agencies determined in 2015 that progress in quantum computers is happening so quickly that it is a poses a threat to cybercrime. security.
Currently, qubits, the processing units of quantum computers, are not stable long enough to decrypt large amounts of data.
But tech companies like IBM and Google have slowly but surely started making progress in building machines strong enough to deliver the benefits of quantum, including pharmaceutical research, subatomic physics and logistics.
“It’s a matter of time and it’s a matter of how long it takes before we have a large quantum computer,” says Dr. Jan Goetz, CEO and co-founder of IQM Quantum Computers, a startup building quantum computers. told Euronews Next.
If it takes thirty years to build a strong enough computer, there would be less reason to panic, as most of the encrypted data may no longer be relevant.
But “if someone comes up with a really smart idea and can crack the code within three to five years, the whole situation looks different,” Goetz said.
Who should worry?
Individuals need not worry about Q-Day as few people are likely to have data that is highly sensitive and will still be relevant in the years to come.
Goetz said that once the new technology comes, the encryption codes on all computers and phones will be updated and “you don’t have to worry too much about this because the industry will take care of this.”
But governments, organizations and companies should be concerned about the quantum threat.
There’s a concept called “store now, decode later.” It means someone could store the data and wait for a quantum computer strong enough to come along and decrypt it.
“Governments in particular are collecting data from the internet,” says Dr. Ali El Kaafarani, founder and CEO of quantum-safe cryptography company PQShield.
“They store data that they don’t currently have access to or read, but they can keep it there until the cryptography layer gets weaker until they figure out a way to attack it, and then they break it and read they that communication,” he told Euronews Next.
A post-quantum cryptographic world
Governments are not opposed to that and the cryptographic community is building encryption methods that can withstand the quantum threat, known as post-quantum cryptography (PQC).
This year, sometime between May and June, the final standardization of PQC will be released by the US National Institute of Standards and Technology.
This will be a game changer as it will be in the market for all sectors.
US legislation has set the timeline for moving to PQC from 2025 to 2033, by which time the cyber-secure supply chain will need to have transitioned to using PQC as standard.
By 2025, web browsers and software updates will have to become post-quantum secure by default if they are sold to the US, El Kaafarani says.
This is why some companies, such as Google Chrome and Cloudflare, have already started using PQC.
The American PQC standards are international standards, but each country has its own guidelines that governments work with.
The US, UK, French, German and Dutch governments, among others, have weighed in and issued white papers and guidelines for the industry to encourage them to start the transition phase to post-quantum cryptography, as they understand that it is a process that will take time.
“Governments standardize the algorithms so that we all speak the same language,” says El Kaafarani, but it is the cryptographic community that comes up with the new encryption methods that are not vulnerable to quantum computers.
Most cryptographic standards are developed in Europe by European cryptographers, he added, whose British company had selected four encryption methods to meet U.S. PQC standards.
Once developed, the encryption methods are mercilessly scrutinized by the broader cryptographic community, governments, and anyone interested in cracking the encryption methods.
“Some get broken along the way. And that is the whole point of the process, to root out the weak and preserve the strong,” El Kaafarani said.
But there is no perfect encryption or security method that can keep everything safe forever.
“That’s why cryptography is obviously an evolving field and that’s why we have to stay ahead of the curve and keep an eye on how things are evolving,” he said.