Q-Day, when quantum computing will be able to quickly and easily crack the encryption keys that safeguard most internet communications, is drawing near.
Experts have known about the possible threat of Q-Day since the 1990s. However, Google recently warned that some encrypted systems could be cracked by quantum computers by 2029, drastically reducing the window of opportunity to protect data that many cybersecurity experts had previously predicted. The revised estimate may result in much less time for businesses, governments, and other organizations to get ready.
Michele Mosca, cofounder and CEO of cybersecurity company evolutionQ said:
“It’s the day when people, perhaps adversaries, will have access to a quantum computer that can break cryptographic codes that are in use.”
The moment a quantum computer acquires sufficient resources and stability to defeat traditional crytopraphy is known as “Q-Day.” When that occurs, a machine that can solve the intricate math that currently protects sensitive data could unlock every financial transaction, medical file, email, location history, and cryptocurrency wallet protected by today’s widely used algorithms.
“everything’s safe — safe, safe — and then suddenly it’s not safe. It’s a very drastic jump, at that pivotal moment”. Mosca, a professor at the University of Waterloo in Ontario’s Institute for Quantum Computing, stated.
It’s possible that adversaries and bad actors are already gathering encrypted data in preparation for “harvest now, decrypt later” attacks. He continued, “In this scenario, information is stolen, stored, and then decrypted when a full-scale quantum computer is available.”
Since 2019, Mosca has coauthored the Global Risk Institute in Toronto’s Quantum Threat Timeline Report. A full-scale, cryptographically relevant quantum computer is “quite possible” within the next ten years and “likely” within the next fifteen, according to the seventh edition, which was released on March 9. 26 experts’ opinions served as the foundation for Mosca and his coauthor’s prediction.
The report authors wrote:
“Many organizations may be unaware that they are currently exposed to an intolerable level of risk that requires urgent action,”
Google stated on March 25 that it intended to use post-quantum cryptography by 2029 “to secure the quantum era.” According to the company, the timeline represented developments in the field of quantum computing.
Google noted in a blog post:
“By doing this, we hope to provide the clarity and urgency needed to accelerate digital transitions not only for Google, but also across the industry.”
CloudFlare, a provider of cloud computing services, also declared that it was now aiming for 2029. Google turned down a request for an interview. Quantum computing is more than just a faster or more potent version of today’s computers. This type of processing operates in a very different manner.
Quantum computers use quantum bits, or “qubits,” which can represent 0, 1, or both simultaneously, in contrast to conventional computers that process information sequentially using bits (0 or 1). The ability of quantum machines to store and process more complex information is known as superposition.
The creation of more stable physical qubits is the primary obstacle facing the field. These delicate parts usually only work in extremely cold, high-vacuum environments, which help to keep them stable and reduce calculation errors.
According to a March report, future quantum computers might be able to crack the second-generation cryptography that safeguards cryptocurrency and other systems using a lot fewer qubits than previously thought. Google staff members and scholars from Stanford University, the University of California, Berkeley, and the nonprofit Ethereum Foundation, which promotes the Ethereum blockchain, coauthored the paper.
The encryption method, called elliptic curve cryptography, or ECC, relies on equations that can be represented as curved lines on a graph and generates encryption keys based on various points on the line. It employs more complex mathematics than the RSA algorithm.
The research team discovered a roughly 20-fold reduction in the number of physical qubits required to solve the basic mathematical puzzle that underpins ECC, according to a March 31 blog post from Google. The business also stated that it has created a new technique to characterize the security flaws in upcoming quantum computers “so they can be verified without providing a roadmap for bad actors.”
Large, multinational corporations were “moving pretty quickly” and were well aware of the threat, according to Dustin Moody, a mathematician working on post-quantum cryptography at the National Institute of Standards and Technology, a US federal agency. But there was a limit to what small businesses and individuals could do, he said.
Moody stated:
“Everyone should be concerned and worried about it. What does the average person need to do? Nothing. I mean, they need to rely on their technology providers and so forth to handle this change for them. Similarly with smaller mom-and-pop companies, they themselves don’t need to do too much, as long as they just make sure that the products they’re using, they talk to providers and say, ‘There’s this quantum threat, have you taken care of it?”
Catherine Mulligan, a visiting academic and research fellow at the Institute for Security Science and Technology at Imperial College London said:
“Cryptocurrencies are inherently incredibly decentralized. The issue is in order to upgrade, you have to get people to agree, and you have to get consensus among the actual engineers to upgrade, and then they tend to argue a lot about how they’re going to do that upgrade”.
Mulligan also added:
“I know that we have these doomsday scenarios, where we are sort of scaring everybody. I’m old enough to remember Y2K. Basically, the reason there was no Y2K is everyone worked hard enough to make sure we didn’t have it.”
Mulligan said she thought that’s what would probably happen with the quantum threat to cybersecurity.
Biomedical devices at risk
Seoyoon Jang, a doctoral student at the Massachusetts Institute of Technology studying computer science and electrical engineering, is working to defend wireless biomedical devices from potential quantum attacks, including pacemakers and insulin pumps.
She lays out a worst-case scenario in which the external device—typically a smartphone that wirelessly connects to the insulin pump to control dosage—is compromised.
She said:
“Imagine, it would be so easy to send a command: ‘Hey release lethal dosage.’ We have to actually care about this. As we move into remote health monitoring, these devices will be everywhere.”
Jang said planned to commercialize the technology. She said:
“My chip is as far as I know, it’s the first to actually try to bridge the gap here”.
According to the most recent Quantum Threat Timeline Report, it’s particularly difficult to assess quantum risk to cybersecurity because “under the radar” research efforts, such as those by covert state-backed labs, businesses operating in stealth, or malevolent private actors, may result in advancements in quantum computing being concealed from public view.
The report said:
“Since covert successes would remain invisible for some time, it is safer to assume that the true threat could be closer than what can be inferred from open publications alone. The real Q-day may occur before the world becomes aware of it, as states or bad actors potentially seek to use this knowledge to their strategic advantage.”
