Currently, information technology (IT) relies on encryption to protect the confidentiality of digital data. However, the application of quantum mechanics to IT is expected to compromise most current encryption protocols and encrypted data. Post-quantum cryptography aims to develop systems that secure against these future risks. This article provides a high-level overview of post-quantum cryptography and its impact on cybersecurity. 

Summary and timeline

Quantum computers will not replace traditional computers anytime soon. Only experimental ones are in operation today. But as the advent of quantum cryptanalysis nears, governments and industries face an increased risk of sensitive data being stolen based on the assumption that once such computers leave the confine of laboratories, they will be able to break traditional encryption.  

Given the experimental state of research on quantum computers, it is difficult to assess with confidence when they will become a mainstream product. Companies actively developing quantum computers, such as Google and IBM, only indicate a timeline for the next few years. The NSA, in its August 2021 Q&A session, remained cautious, saying it “does not know when or even if a quantum computer of sufficient size and power to exploit public key cryptography (a CRQC) will exist”. However, some researchers provide an estimate of beyond 2026 for scalable quantum computation – meaning quantum computers beyond lab experiments – and no earlier than 2039 for a quantum computer capable of breaking traditional encryption. 

In the meantime, governments are seeking countermeasures to quantum cryptanalysis to stay one step ahead. 

Quantum technology is a game-changer for encryption

Currently, we depend on encryption to make intercepted data undecipherable. Assuming the encryption design is robust and free of backdoors, the only way to decrypt the data is to repeatedly try random or pre-generated entries, a rudimentary method known as “brute force”. However, this takes a lot of time. Estimates depend on the amount of computing power available and the specific implementation of the encryption protocol. Brute-forcing the most common encryption standard (AES-256) is practically impossible, given it would take more time than the Universe has existed to date.  

Quantum technology has two major applications to cryptography; one strengthens security, while the other weakens it. The first, quantum key distribution (QKD), allows for the secure transmission of cryptographic keys between the sender and the receiver of data. These two keys are necessary for both ends to be able to talk to each other, akin to a dual-lock safe (also known as dual custody). The second, quantum computers, will be able to break traditional cryptographic standards. 

More on Quantum Key Distribution (QKD)

Quantum key distribution (QKD), on the one hand, relies on peculiar properties of photons, known as entanglement, to ensure that private keys have not been compromised. This is because of the dual property of quantum physics. First, the position and momentum of photons cannot be precisely determined unless they are observed. At the same time, observing photons influences their position and momentum, destabilising entanglement. In other words, observing data modifies them. This means that if the keys are intercepted, the communication is interrupted. This is what makes quantum communications much more robust against spying attempts. 

However, this technology is not ready for commercial use. While verifying entanglement remains challenging over long distances and fibre cables, the Chinese satellite system Micius has successfully maintained entanglement over nearly 1200 km.

More on quantum cryptanalysis 

Quantum computers, on the other hand, can take advantage of the design features of Qubits, which, as opposed to traditional computer bits limited to either a 0 or 1 state, can superpose those states, creating the ability to process much more data. As such, quantum computers can run new kinds of algorithms that help break traditional encryption methods. Deutsch-Jozsa, Shor and Grover are the names of the most prominent quantum algorithms that achieve that. This capability is known as quantum cryptanalysis.  

Quantum computers running such algorithms against traditional encryption protocols would render moot most of the current encryption standards used for data at rest or in transmission (AES, SSL/TLS/SSH, WPA), risking past, current and future data. 

Many US states store intercepted encrypted data with the hope of decrypting it with quantum computers in the foreseeable future. Today, governments and the private sector are thus striving to develop and adopt quantum-proof encryption protocols, known as post-quantum encryption (PQE). The US National Institute of Standards and Technology (NIST) started gathering submissions for quantum-resistant cryptographic systems in 2017 and developed a strategy for short-term protection against quantum cryptanalysis.