Quantum Computing’s Imminent Threat to Encryption: A Looming Crisis

A significant threat is poised to emerge in the near future absent a substantial shift in our current trajectory. Scientists possess a clear understanding of the impending cause and its approximate timing, alongside potential strategies for mitigation. However, the decisive actions required from policymakers may be insufficient to avert the crisis in a timely manner.

While this scenario might evoke parallels with climate change or the nascent stages of the COVID-19 pandemic, it now also pertains to a more specialized domain: quantum computing. Recent findings, detailed in two independent research papers, including one authored by Google, reveal that the threshold at which quantum computers can compromise the encryption systems safeguarding our data is considerably lower than previously estimated.

The understanding that quantum computers will eventually possess the capability to rapidly solve the complex mathematical problems forming the bedrock of our digital security is not novel. This prospect represents one of the few firmly established applications for these advanced machines. What is new, however, is the realization that this impending event, sometimes termed “Q-Day,” might arrive much sooner than anticipated. An unannounced arrival of Q-Day would have devastating consequences, leading to compromised emails, emptied bank accounts, and the exposure of sensitive information.

Fortunately, a solution already exists. For decades, researchers have been engaged in the development of “post-quantum” cryptography (PQC). This new form of cryptography relies on mathematical problems of such complexity that they remain intractable even for powerful quantum computers. In a move that may not be entirely coincidental, Google has announced its intention to transition its services to PQC by 2029, a timeline that has surprised some observers.

These recent developments underscore the urgent need for policymakers to act. Among the governments that have established deadlines for PQC implementation—including the United States, the United Kingdom, and the European Union—most are targeting 2035. This timeframe is beginning to appear remarkably late.

Ironically, many of these same governments have spent the past few decades actively challenging encryption, advocating for the implementation of “backdoors” purportedly to enhance law enforcement capabilities. Thankfully, such efforts have largely been resisted. A poorly managed Q-Day, however, could inadvertently fulfill these anti-encryption objectives and precipitate widespread disruption across the modern world. Preparations are essential before it is too late.