Quantum Computer Power
Quantum computers may still be years away from being powerful enough to perform useful tasks, but it’s becoming increasingly likely that fully functional, error-corrected quantum computers will be operational within the next five to 10 years.
Quantum computers are advanced machines that leverage the principles of quantum mechanics, using quantum bits (qubits) that can exist in multiple states simultaneously, allowing them to process complex computations far more efficiently than classical computers. This capability enables quantum computers to solve certain problems, such as factoring large numbers or simulating molecular structures, exponentially faster than traditional computers.
This will be a major breakthrough for scientists tackling complex problems in chemistry and material science. However, it also poses a significant threat to current encryption methods, such as the RSA algorithm, which currently secures sensitive internet communications like online banking. While traditional computers would take decades to crack RSA encryption, quantum computers could potentially break it with ease.
This looming threat has driven the development of post-quantum cryptography algorithms. On Tuesday, the U.S. National Institute of Standards and Technology (NIST) published the first set of standards for these algorithms: ML-KEM (formerly CRYSTALS-Kyber), ML-DSA (previously CRYSTALS-Dilithium), and SLH-DSA (initially submitted as SPHINCS+). For many companies, this signals that now is the time to begin implementing these new cryptographic standards.
The question of when quantum computers will be capable of breaking RSA encryption is still open to debate, but it’s increasingly accepted that this could happen between the end of this decade and 2035. Gil, a cybersecurity expert, emphasizes that businesses should start considering the implications of a world where RSA encryption is no longer secure. He warns that a patient adversary could start collecting encrypted data now, with the intention of decrypting it in the future once quantum computers become powerful enough.
Despite the urgency of the situation, Gil notes that few businesses—and perhaps even fewer government institutions—fully understand the gravity of the problem, let alone are taking steps to address it. He describes the awareness and action level as being in its infancy.
One reason for the lack of action, Gil suggests, is the absence of established standards until now, making the new NIST standards particularly significant. Additionally, the long-standing belief that quantum computing was perpetually “five years away” has led to skepticism and a tendency to delay action.
Gil acknowledges that many CISOs are aware of the threat, but they often lack the urgency to act, partly due to uncertainty about which solutions to implement and the overwhelming task of migrating from current cryptographic protocols to new ones. He warns that this transition could take decades and will be a massive challenge for institutions and society as a whole.
If you want to learn more about the subject, check out this video that dissects the issue further.