Quantum is closer than it appears
I don’t know about you, but my news feeds are flooded with the acronyms NIST and PQC. The phenomenon seems anti-climactic, though, since we knew this announcement was coming. The headlines should simply read, as Karl Holmqvist of Lastwall put it: “It’s time to get to work and eliminate outdated cryptography.”
Unfortunately, I’m understating the scope of the problem. I had a chance to speak with Mr. Holmqvist, and I’m probably not the only one misjudging the sheer magnitude of the task in front of us.
Timeline
The side mirrors of your car probably include the warning, “Objects in mirror are closer than they appear.” Without scaremongering, there are several reasons to suspect that this also applies to quantum threats to cybersecurity.
First, many of us are thinking about general-purpose quantum computing. Great strides are being made, but this is still a long way off. However, special-purpose punchcards and mainframes preceded general-purpose personal computers. Nation states, in particular, may be interested in developing specific-purpose quantum computers, which can reasonably be expected to arrive before general-purpose quantum computers.
Second, we won’t know when Y2Q/Q-Day arrives. During World War II, German encryption was broken in secrecy. In fact, extreme measures were allegedly taken to protect that secrecy, purportedly allowing events to happen that would have signaled that Enigma was compromised had they been stopped. It is reasonable to assume that nation-states with encryption-breaking quantum computers will likewise keep quiet about it.
Third, we don’t know how long the gap will be between when the technology exists and when we’ll know that it exists. Enigma was compromised in the 1940s and this was kept secret for three decades, long after the war was over.
Fourth, quantum error correction (QEC) is improving rapidly. The assumption that breaking encryption will require 20 million physical qubits is coming down significantly. QuEra has already demonstrated 48 logical qubits and Quantinuum has already demonstrated a Logical Quantum Volume of 256. The meaning of these numbers is beyond the scope of this article, but the key takeaway is that both numbers were zeroes just two years ago.
Fifth, as physics-based scaling challenges give way to economics-based scaling challenges, this becomes a race among large economies. The US government has a well-known penchant for multi-billion-dollar technology programs, but other nation-states are demonstrating a willingness to ante up for this technology, as well.
Scope of the Problem
Imagine the cost of switching the United States from the imperial system to the metric system. It wouldn’t be as simple as switching all the yardsticks to meters. We tend to forget all the places where measurements are used. Likewise, we tend to forget all the places where breakable encryption exists. These forgotten applications can harbor secrets, too.
For those old enough to remember, think back to Y2K. We understandably focused on critical systems and infrastructure first, but we still had to find all the little systems that could have failed. A missed system in terms of encryption could be a valuable company secret; let’s use the highly-secretive Coca-Cola formula as an example. Your company secret passes through the Internet or gets stored somewhere, and a malicious actor has made a copy of it. Although it’s not yet useful – as far as we know – we know that “harvest now, decrypt later” is happening. We know that these government secrets, corporate secrets, and other secrets are being stored now in anticipation of future quantum-enabled decryption. These secrets could affect critical infrastructure, research and development, and just about anything else.
Scope of the Cost
There’s a reason why the quantum threat is depicted as a Mack truck in the image above. If all your secrets were suddenly not so secret, how damaging would that be? The impact of quantum decryption could hit hard.
According to the July 2024 Report on Post-Quantum Cryptography, it will cost $7.1B over 10 years just to migrate priority government systems. Because we’re underestimating the scope of the problem, we’re also underestimating the cost of migrating every applicable system.
And then there’s the issue of liability, which can be looked at from two different angles. First, there’s the potential cost of being liable for customer/client data losses. And, second, there’s the potential of your own uninsured losses a la Crowdstrike.
Avoiding Waste
The flip side of underestimating the scope of the problem could be overestimating the scope of the problem. You could waste limited time and resources looking into migrating systems that are not actually vulnerable to quantum attacks.
Conclusion
The differences between Y2K and Y2Q are ironically appropriate. Y2K was classical and deterministic; we knew when it would happen. Y2Q will be quantum and probabilistic; we can’t know for sure when it will happen. The sense of urgency doesn’t require scaremongering, it’s simply a matter of understanding that we’re underestimating the scope of the problem and that we have an uncertain timeline to resolve forgotten vulnerabilities.
An interesting analogy comes from speculative execution attacks, which were theorized in the early 2000s but dismissed as being a future threat. The Specter and Meltdown chip-based vulnerabilities were discovered only a decade-and-a-half later. Shor’s Algorithm, meanwhile, went from theory to experimental demonstration in less than a decade. That caught the attention of nation-states – and others – more than two decades ago. We know the status of publicly-available general-purpose quantum computers that can’t run Shor’s Algorithm, but we don’t know the status of classified special-purpose quantum computers that possibly can.
https://www.bing.com/images/create/a-side-view-mirror-showing-the-mirror-image-of-a-27/1-66c06bac69f04e47b0c72f606d3b8905?id=CITZy4Qkq8V9Ke8Rbosq9w%3D%3D&view=detailv2&idpp=genimg&idpclose=1&thid=OIG3.cZ4SOhLg6W8JrjHclqZR&frame=sydedg&skey=u0pbLGvpoqa0uLomPmMyulg3xyxXMycmsPR7B1XgJvI&form=SYDBIC
