With major tech names like IBM, Microsoft, Amazon and Google already rolling out quantum computing (QC) cloud services, it’s evident that the era of QC is upon us. Specialised firms like Quantinuum and PsiQuantum have achieved unicorn status, and experts predict that the global QC market could add as much as $1 trillion to the world’s economy by 2035. Despite this huge, predicted success, can we say with confidence that the benefits outweigh the risks? 

While these cutting-edge systems do hold the promise of revolutionising areas such as drug discovery, climate modelling and AI development, they also introduce serious cybersecurity challenges that need to be addressed. Fully functional quantum computers capable of breaking today’s encryption standards may still be several years away but these cybersecurity concerns are closer to home than we may realise. 

Facing the QC Threat Landscape 

QC has the potential to break encryption algorithms that have been previously considered ‘unbreakable’, posing a huge threat to modern-day cybersecurity. According to a survey by KPMG, around 78% of U.S. companies anticipate that quantum computers will become mainstream by 2030. More shockingly, 73% of U.S respondents believe it’s just a matter of time before cybercriminals start using QC to undermine current security measures. 

Modern encryption methods rely heavily on mathematical problems that classical computers cannot solve within a reasonable timeframe. For instance, factoring the large prime numbers used in RSA encryption would take a classical computer around 300 trillion years. However, with the help of Shor’s algorithm, developed in 1994 to help quantum computers factor large numbers quickly, a powerful quantum computer could solve this encryption exponentially faster. 

Meanwhile, Grover’s algorithm, which was designed for unstructured search, is a game-changer when it comes to symmetric encryption methods, as it cuts their security strength in half. For instance, AES-128 encryption would only offer the same level of security as a 64-bit system, leaving it vulnerable to quantum attacks. This requires a push towards more robust encryption standards, such as AES-256, which could hold against quantum threats in the near future. 

Understanding the Threat of “Harvest Now, Decrypt Later” 

One of the most concerning attack strategies is “harvest now, decrypt later” (HNDL). This method involves adversaries gathering encrypted data today, ready to decrypt it once QC technology is advanced enough. This strategy poses a significant risk to data that holds long-term value, like health records, financial details, classified government documents or military intelligence. 

Because of the potentially devastating consequences of HNDL attacks, many companies responsible for vital systems around the world must adopt “crypto agility” with urgency. This means that they should be ready to swap out cryptographic algorithms and implementations the moment that new vulnerabilities come to light. 

Taking a Look at the Threat Timeline 

Experts cannot decide on the timeline for quantum threats. A recent report from MITRE suggests that it’s not likely that we’ll see a quantum computer powerful enough to crack RSA-2048 encryption until around 2055 to 2060, based on the current trends in quantum volume, a metric used to compare the quality of different quantum computers. 

However, some experts feel more optimistic about the technology’s fast advancement. They believe that recent breakthroughs in quantum error correction and algorithm design could speed things up and allow for quantum decryption capabilities as early as 2035. 

While the exact timeline remains undecided, one thing is clear: experts agree that businesses need to start preparing now and not wait until the quantum threat arrives. 

Is Quantum Machine Learning the Ultimate Black Box? 

Security researchers and futurists have also been worrying about the seemingly inevitable future merging of AI and QC. By handling complex calculations at lightning speed, quantum technology has the potential to supercharge AI development. It can also play a key role in reaching artificial general intelligence (AGI) – the pinnacle of AI research. 

Even if we put this aside, you don’t need AGI to grasp the threat this could pose. Imagine if QC were to be integrated into machine learning (ML). We could be looking at “the ultimate black box problem”. Deep neural networks (DNNs) are already known for having hidden layers that even their creators struggle to understand. While tools for interpreting how classical neural networks make decisions already exist, quantum ML would confuse the situation even further. 

The root of the issue lies in the very nature of QC, more specifically, the fact that it uses superposition, entanglement and interference to process information without classical equivalents. Therefore, when these quantum features are applied to ML algorithms, the models that emerge could involve processes that are hard to translate into reasoning that humans can interpret. In vital areas where it’s essential to understand AI decisions, such as healthcare, finance and autonomous systems, there are concerns for regulating safety and compliance. 

Will the Post-Quantum Cryptography Standardisation Project Protect Us? 

To address the increasing threats posed by QC, the U.S. National Institute of Standards and Technology (NIST) started a Post-Quantum Cryptography Standardisation project in 2016. They conducted a thorough review of 69 candidate algorithms from cryptographers around the globe. Once this was completed, NIST chose several promising methods that rely on structured lattices and hash functions. These are mathematical challenges considered capable of withstanding attacks from both classical and quantum computers. 

In 2024, NIST rolled out detailed post-quantum cryptographic standards, and major tech companies have been taking steps to implement early protections ever since. For example, Apple unveiled PQ3 for iMessage, a post-quantum protocol aimed at safeguarding users against advanced quantum attacks. 

In the meantime, Microsoft is making strides in enhancing qubit error correction without disturbing the quantum environment, taking a significant step forward in the reliability of QC. Earlier this year, Microsoft announced that it had created a “new state of matter” dubbed “topological qubit,” which could lead to fully realised QCs in years, rather than decades. 

Key Post-Quantum Cryptography Challenges 

Despite these efforts, the shift to post-quantum cryptography comes with a host of challenges that need to be addressed: 

• Implementation timeframe: In the US, they are predicting that rolling out new cryptographic standards could take anywhere from 10 to 15 years. This is especially tricky for hardware that’s located in situ, such as satellites, vehicles and ATMs. 

• Performance impact: Post-quantum encryption usually requires larger key sizes and more complex mathematical operations, which could impact the pace of both encryption and decryption processes. 

• Shortage of technical expertise: To successfully integrate quantum-resistant cryptography into existing systems, highly skilled IT professionals are needed who are well-versed in both classical and quantum concepts. 

• Discovery of vulnerabilities: Even the most promising post-quantum algorithms could have hidden weaknesses, as we’ve seen with the NIST-selected CRYSTALS-Kyber algorithm. 

Alongside this, we cannot ignore supply chain concerns. Essential quantum components, like cryocoolers and specialised lasers, could be affected by geopolitical tensions or supply disruptions. Lastly, being tech-savvy is going to be essential in the quantum era. As companies quickly adopt post-quantum cryptography, they need to remember that encryption alone won’t protect them from ordinary human mistakes – employees who click on harmful links, open dubious email attachments or misuse their data guidelines. 

How to Prepare for the Quantum Future 

Organisations need to take a few significant steps to prepare for the challenges posed by quantum security threats. Here’s what’s needed: 

• Perform a cryptographic audit: Identify and document all systems using encryption that could be vulnerable to quantum-based threats. 

• Evaluate data longevity: Decide which data requires long-term confidentiality and prioritise protecting those assets. 

• Establish roadmaps: Create practical timelines for transitioning to post-quantum cryptographic standards. 

• Secure necessary resources: Allocate a reasonable budget and personnel to support the adoption of quantum-resistant security technologies. 

• Improve threat detection: Implement advanced monitoring tools to detect and respond to potential HNDL attacks. 

Getting Ahead of Quantum Computing 

Although there are many positives to new QC technology, we can’t ignore the fact that we’re entering an era of quantum computing that brings some serious cybersecurity threats, and we all need to act fast, even if the entire threat landscape isn’t clear to us yet. It could be decades before we see quantum computers that can break current encryption, but the risks of inaction are catastrophic. 

To get ahead, businesses need to start implementing post-quantum cryptography, keep an eye on adversarial quantum programs and secure the quantum supply chain. It’s crucial to prepare today, before quantum computers make current security measures obsolete.