• Data currently considered secure could be stolen – and accessed via quantum methods later.

• Quantum algorithms such as Shor's can break classical cryptographic problems.

• Governments, academia and industry must collaborate on the quantum transition.

When will quantum computing break cryptography? This is a question often asked but unfortunately a specious one, because it frames the threat to be in the future. For data that will require protecting for decades, the threat is today. The impact is in the future. Data considered securely protected today is already lost to a prospective quantum adversary if stolen or harvested now.

All data – past, present and future – that is not protected using quantum-safe security will be at risk. It threatens the digital infrastructure on which modern societies rely. All critical infrastructure, transactions and processes relying on cryptography that are not quantum-safe could be compromised, causing widespread disruption. As the quantum threat exists today, governments and business shouldn’t delay action.

Quantum computers manipulate delicate quantum mechanical states to solve classically difficult problems. By encoding problems in quantum mechanical states and running the correct circuits to pinpoint a few outcomes containing the solution, quantum computers can perform feats out of reach for the most powerful classical computers. This unprecedented computational power holds tremendous growth opportunities for economies and society, but also challenges security applications that rely on the lack of easy solutions to current cryptography methods to protect data.

How do quantum algorithms work?

Some quantum algorithms are capable of efficiently solving some of the core cryptographic problems used to secure systems and protect data today. The most powerful is Shor’s algorithm. It provides an exponentially faster method to factor large integers, the hard-mathematical problem underpinning much of our public key cryptography. Running the type of algorithms that break encryption requires a quantum computer that can execute hundreds of millions of quantum operations with less than an error in a billion operations.

When will such a machine exist? It depends on the security level of the cryptography used and the rate of innovation in quantum computing.

The largest RSA (a common public-key cryptosystem) integer solved classically is 768 bits. The best estimate for a quantum computer to break that requires 2,400 qubits (the quantum mechanical version of classical bits, representing a unit of information) capable of executing 153 million operations. These operations must have no errors, because errors cause the computation to fail and lead to incorrect results. That means less than 0.000000006 errors per operation. Breaking RSA 2048 cryptography would require 6,200 qubits and 2.7 billion operations, demanding an error rate below 0.0000000003 to complete the task in about eight hours.

The likelihood of quantum algorithms posing a threat to cybersecurity is growing
The likelihood of quantum algorithms posing a threat to cybersecurity is growing
Image: Global Risk Institute

The best machines today achieve error rates per two-qubit gate of about 1%, and our achievable error rate is limited to between 0.0001 and 0.00001 unless we use quantum error correcting codes to encode information in logical qubits, which today are technically challenging. Not a single logical qubit has been demonstrated yet. The advent of a machine able to break encryption in less than a decade is thus highly unlikely.

The last decade has seen a significant migration from RSA 2048 to a scheme called Elliptic Curve Cryptography (ECC). Quantum computers are also capable of breaking it, but the cost of the quantum computation for ECC has been less studied than for RSA. Therefore, we cannot conclude that this problem is less or more difficult than RSA factoring in quantum computers without further studies. But both are breakable by quantum algorithms. Governments and enterprises need to prepare themselves by understanding the risk of quantum computing to their infrastructures.

Why act now?

The longer we postpone the migration to quantum-safe standards, the more data will be at risk. We use cryptography to protect infrastructures, provide trust in electronic transactions and secure digital evidence. New cars, airplanes, and critical infrastructures are designed today to be highly connected within digital ecosystems and have expected lifetimes of decades. As our world becomes increasingly more connected and automated, we are becoming more fragile from a cybersecurity perspective.

A future vulnerability in a legacy component that is not quantum-safe could result in widespread disruption if compromised. Moreover, today’s systems use cryptography to authenticate the origin and check the integrity of critical updates and patches, but we do not design them such that cryptography can be easily updated. Many reports detail how much of the critical infrastructure worldwide is controlled by operating systems that are no longer supported. The World Economic Forum estimates that over 20 billion digital devices will need to be upgraded or replaced globally in the next 10-20 years to use quantum-safe cryptography. For most devices, this will not be possible remotely because the cryptography for checking updates is not always part of the update. Organizations need to plan and act now for this transition to occur as soon as possible.

How can we secure our quantum future?

Quantum computing’s revolutionary potential for scientific, social and economic impact has prompted heavy investment and ambitious initiatives worldwide. Maintaining the lead in quantum technologies requires focused investments and development acceleration through early adoption, testing and feedback. Fundamental research in quantum theory, hardware and software is needed, including the development of novel qubits, methods to improve qubit quality and their performance in quantum circuits, techniques to mitigate and correct errors, development of optimized quantum circuits and compilation schemes, and components to enable the development of advanced scaling technologies.

Individual teams lack the wherewithal to build a quantum computer exceeding thousands of qubits capable of executing quantum circuits with less than an error in a billion operations. Government, academia and industry must work together to advance the fundamental science and execute on an efficient and aggressive development roadmap with meaningful, well-defined metrics.

Governments and enterprises must also mitigate the cybersecurity risks. The United States sponsored the selection and standardization of quantum-safe cryptography through a multi-year process at the National Institute of Standards and Technology. Other countries have initiated similar efforts. Government and industry must usher in the era of quantum-safe cryptography and infrastructure with activities to develop risk and mitigation frameworks, and new standards for consuming cryptography.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum's Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.

Our community has three key priorities:

Strengthening Global Cooperation - to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience - to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

Quantum-safe algorithms are only the start. Industry security standards and protocols need to be updated for these new algorithms. This can take many years in some standards organizations. And despite cryptography’s role in protecting data and systems, there is little or no governance or guidance for its management, hindering the migration of organizations to new cryptographic standards. Assistance in the development of cryptography governance guidance is urgently needed.

The time to prepare for a safe quantum computing future is now.