The Quantum Threat
Also referred to as: quantum computer attack, quantum attack
Overview
- The quantum threat is the risk that a malicious actor could gain access to data encrypted using conventional methods by carrying out a cyberattack with a quantum computer;
- A new generation of computing devices — quantum computers — by virtue of their fundamentally different architecture and operating principles, will be capable of breaking existing cryptographic protection mechanisms;
- Within the next several years, many conventional cryptographic mechanisms — key distribution, asymmetric encryption, and digital signature schemes — are expected to become insecure in the presence of sufficiently capable quantum computers.
Background
A fundamental requirement for information technology is information security — that is, preserving the confidentiality, integrity, and availability of data. The majority of existing solutions addressing this requirement are based on public-key cryptography. In cryptographic terms, this means that protecting data through encryption requires only simple mathematical operations, while breaking that protection demands enormous computational resources.
The emergence of a new generation of computing devices — quantum computers — calls into question the continued viability of modern cryptographic algorithms.
An adversary can already today collect and store data encrypted using conventional methods, with the intent to decrypt it once they gain access to a quantum computer — a strategy commonly known as "harvest now, decrypt later."
A fundamental requirement for information technology is information security — that is, preserving the confidentiality, integrity, and availability of data. The majority of existing solutions addressing this requirement are based on public-key cryptography. In cryptographic terms, this means that protecting data through encryption requires only simple mathematical operations, while breaking that protection demands enormous computational resources.
The emergence of a new generation of computing devices — quantum computers — calls into question the continued viability of modern cryptographic algorithms.
An adversary can already today collect and store data encrypted using conventional methods, with the intent to decrypt it once they gain access to a quantum computer — a strategy commonly known as "harvest now, decrypt later."
In particular, Shor's quantum algorithm makes it possible to efficiently solve the problems of integer factorization and discrete logarithm computation. The security of cryptographic primitives such as RSA and ECDSA — which underpin the majority of cryptographic information protection tools — relies on the hardness computational hardness of these problems. In addition, Grover's quantum algorithm enables an unstructured database search with a quadratic speedup over the best classical algorithm, which necessitates a reassessment of the security parameters for symmetric cryptographic algorithms. As progress in quantum computing continues, the resource requirements for a quantum computer capable of running Shor’s algorithm are steadily decreasing.
As a result, the widely deployed cryptographic data protection infrastructure needs to migrate to quantum-resistant solutions in a timely manner. Data currently transmitted in encrypted form using solutions that are not resistant to quantum computer attacks may become accessible once an adversary gains access to a quantum computer. The need to transition to post-quantum solutions is actively being discussed by both the research and business communities, as well as by international information security regulators.
As a result, the widely deployed cryptographic data protection infrastructure needs to migrate to quantum-resistant solutions in a timely manner. Data currently transmitted in encrypted form using solutions that are not resistant to quantum computer attacks may become accessible once an adversary gains access to a quantum computer. The need to transition to post-quantum solutions is actively being discussed by both the research and business communities, as well as by international information security regulators.
The demand for post-quantum cryptography solutions in both domestic and global markets is supported by a growing body of research and market studies. Leading international consulting and audit firms are recommending that organizations revisit their long-term information security plans in light of the anticipated emergence of quantum computers.
There are two primary approaches to protecting information against the threat of quantum computer attacks:
- Quantum communications — involves transitioning to hardware-based solutions that use individual quantum states of light (photons) to transmit cryptographic keys. In many business scenarios, such solutions face significant practical constraints, including the need for dedicated infrastructure, high equipment and integration costs, and complex certification requirements;
- Post-quantum cryptography (PQC) — cryptographic algorithms designed to withstand attacks using quantum computers. PQC-based solutions are simpler to integrate, easier to update, and more cost-effective.
Industries most vulnerable to the quantum threat:
By data type:
- the financial sector;
- the public sector (government information systems);
- healthcare;
- the industrial sector;
- other industries that rely on digital and cyber-physical systems.
By data type:
- personal data;
- financial data;
- classified government data;
- medical and genetic data;
- Internet of Things (IoT) data;
- blockchain and digital asset data.
How to identify quantum threat risks and protect against them effectively?
- Learn more about the quantum threat and the most relevant protection strategies for your specific industry;
- Conduct an audit of your organization's current cybersecurity infrastructure, identify the most suitable quantum-threat mitigation solutions, and develop a comprehensive protection strategy;
- Conduct a pilot deployment of quantum-resistant solutions and scale the implementation.