Q Day is coming: is your cyber-security ready?

With Q Day clearly getting closer and closer, current encryption technology will soon be obsolete. Chris Erven at KETS Quantum Security outlines the danger from quantum computers and suggests solutions

 

Quantum computing has long been a subject of speculation, excitement, and, in some cases, fear. While estimates on when we will achieve a fully functional quantum computer vary, recent news in error correction from Microsoft, Google and Amazon suggest huge progress is being made.  

 

Despite the significant steps forward, it is unlikely there will be a quantum computer in every home in the next five years. But by 2030, at least one cryptographically relevant quantum computer will be online. The arrival of this milestone, Q Day, will mark a seismic shift in cyber-security. Exposing vulnerabilities in our digital world that were previously considered unbreakable.

 

Playing poker with your cards face up

For decades, the security of online communications has relied on encryption methods that have been effectively unbreakable with traditional computers. However, quantum computing will render current encryption methods obsolete in an instant. 

 

Once a powerful enough quantum computer exists, everything transmitted over the internet will be at risk: financial transactions, government secrets, corporate trade data, personal messages. Nothing will be safe. Imagine playing poker while your opponent can see all your cards, no communication will be secure. 

 

What makes this threat even more concerning is that it won’t require quantum computers to be widely available. A single, functional quantum computer in the wrong hands will be enough to create global chaos. Hackers and rogue states will be able to decrypt existing data, disrupt financial systems, and even manipulate critical infrastructure. Even just the possibility of it will create a state of paranoia. The internet as we know it could become a place of perpetual vulnerability unless we act now.

 

Harvest now, decrypt later

The race toward quantum supremacy is well underway. While companies and researchers are developing quantum computers for legitimate purposes, not all actors have such benign intentions. Certain nation-states and cyber-criminal organizations are already engaging in a tactic known as ‘harvest now, decrypt later’. They are actively collecting encrypted data today with the expectation that they will be able to unlock it once quantum computing capabilities are in place.

 

Much like Alan Turing’s Enigma Machine, when the first large-scale quantum computer comes online, whoever builds it is highly unlikely to publicise the achievement. If an adversary secretly gains quantum computing capability before defensive measures are widely adopted, they will have free rein to access vast amounts of sensitive data undetected. This secrecy could persist for years, allowing the first movers to infiltrate and manipulate everything from financial markets to military intelligence.

 

This is why companies, governments, and individuals must start preparing now. Waiting until Q Day arrives will be too late. By then, the damage will already be done. Organisations must take proactive steps to safeguard their communications and digital assets before quantum computing becomes a reality.

 

How to protect against the quantum threat

Fortunately, researchers and cyber-security experts have been developing solutions to counteract the threats posed by quantum computing. These solutions fall into two main categories: software-based and hardware-based quantum security measures.

 

Post-Quantum Cryptography (PQC) is one of the primary software solutions to quantum threats. PQC involves developing new encryption algorithms that quantum computers cannot easily break. These cryptographic techniques are designed to replace traditional encryption methods like RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography), which will become obsolete in the quantum era.

 

There are advantages to the approach, PQC is relatively easy to implement, hopefully just requiring a coordinated software update without drastically upgrading hardware. This means it can be implemented at scale relatively quickly. It can also work globally. With no hardware involved, location is not a barrier.

 

The downside however is there is no guarantee the PQC algorithms can’t be broken. And if they are, there’s no way of knowing. Quantum computers are so new with additional capabilities, the likelihood of the encryption being complex enough to be impossible to break is small. Some proposed PQC algorithms also require more processing power than traditional encryption methods, which could lead to performance slowdowns.

 

Quantum Key Distribution (QKD) is a hardware-based approach that leverages the principles of quantum mechanics to create secure communication channels. QKD enables two parties to exchange encryption keys in a way that makes eavesdropping impossible. If an unauthorised party attempts to intercept the key, the act of measurement itself alters the data, immediately revealing the intrusion.

 

The advantage of QKD is that it is based on the laws of physics, meaning that it provides theoretically unhackable encryption. Any attempt to intercept the key exchange is instantly detectable, allowing users to respond immediately without ever putting their communications and information at risk. And unlike PQC, which may eventually be broken by more advanced quantum techniques, QKD offers a long-term security solution.

 

Currently, there are some drawbacks. QKD requires specialised hardware, including quantum communication networks, making it a more costly solution in the early stages of its commercialisation. Deploying QKD at scale requires fibre-optic networks or satellite-based quantum communication systems, which may not be feasible for all organisations.

 

Traditional QKD systems rely on fibre optics, which can limit the distance over which they operate effectively. But this is a very similar situation to the early days of fibre optic classical communication, which obviously continued to improve, brought costs down, and now provides the backbone of our communications. Overall, they are the safest defence against a quantum computer. 

 

Invest in quantum cyber-security now

The question is no longer if quantum computers will arrive but when. Businesses and governments that fail to prepare for Q Day risk catastrophic data breaches, financial losses, and reputational damage. Investment in quantum cyber-security must start immediately.

 

The European Union is already introducing regulations that stipulate organisations need to protect against quantum computers. For instance, the Digital Operational Resilience Act sets out requirements for data protection and cryptography, stating financial institutions “shall use ICT solutions and processes” that “(a) ensure the security of the means of transfer of data” or “(c) prevent […] the impairment of the authenticity and integrity, the breaches of confidentiality and the loss of data.”

 

Although the framework doesn’t mention quantum computing, the implication is that financial institutions need to prepare for the threat they will provide. 

 

Customers and partners will also demand strong cyber-security assurances. Companies that adopt quantum-safe measures early will gain a competitive advantage by demonstrating their commitment to data security.

 

Retrofitting security after Q Day will be significantly more expensive than implementing proactive measures now. Investing in quantum-resistant technologies today minimises future risks and costs.

 

Q Day will mark one of the most significant cyber-security challenges of our time. While the exact timeline remains uncertain, the fact is that quantum computers will compromise today’s encryption standards. Organisations that fail to act now will be left exposed to an unprecedented wave of cyber-threats.

 

By adopting quantum-safe cryptographic solutions and investing in hardware-based quantum security like QKD, enterprises everywhere can fortify themselves against the inevitable quantum revolution. Waiting until the first quantum cyber-attack occurs will be too late. The time to act is now. Before Q Day arrives and changes the cyber-security landscape forever.

 

---

 

Chris Erven is CEO and co-founder of KETS Quantum Security

 

Main image courtesy of iStockPhoto.com and adventtr