Sometime in the future, a quantum computer may be able to dismantle key cryptography schemes. No one knows exactly when, but major stakeholders are already taking big steps to prepare for the dreaded “Q-day.”
On Tuesday, Samih Soussi, chief of staff at France’s cybersecurity agency ANSSI, announced it would cease certifying security products without quantum-resistant encryption from 2027, according to a Reuters report on the France Quantum conference. Soussi added that by 2030, businesses should purchase quantum-safe products. ANSSI certification is required for implementation by operators of government and other critical infrastructure. The move will consequently force older systems out, Reuters noted.
“This move is very timely,” Bill Fefferman, a theoretical computer scientist, told Gizmodo. “As a society, we cannot afford to delay implementing post-quantum encryption; the risks of inaction are too severe, and the timeline for building large-scale quantum computers is too uncertain.”
Harvest now, decrypt later
For context, Q-day—the quantum encryption apocalypse—refers to a milestone at which quantum hardware becomes capable of running algorithms that “unscramble” the encryption frameworks protecting sensitive information. These encryption algorithms protect our bank transactions, medical records, government communications, corporate secrets, and more. But as things stand, these algorithms might not be ready for Q-day. And if things don’t change, all this private information may fall into the hands of malicious entities. Quantum computers, unlike classical computers, tap into the strange rules of quantum mechanics to solve problems with extreme efficiency, potentially making them vastly more capable than conventional computers at cracking some forms of encryption.
To be clear, current technology isn’t quite there yet. But when Gizmodo asked experts about preparing for Q-day, they generally agreed that it’s not too early to start getting ready. For instance, Columbia University’s Henry Yuen noted that, if we can’t be highly confident that encryption-breaking algorithms won’t come in the next five years, we need to “move with great urgency.”
And there’s still much work to be done regarding current post-quantum cryptographic schemes, Fefferman pointed out. For instance, current cryptographic schemes have been studied for decades, whereas post-quantum schemes are “based on newer mathematical assumptions and have received far less scrutiny.”
Another concern presented by Souissi at the France Quantum Conference was the “harvest now and decrypt later” attacks. In this scenario, attackers “harvest” encrypted information, which won’t be accessible to them now. However, it will be once future quantum algorithms become capable of decrypting it.
The market responds
Big industry players at the conference immediately expressed their thoughts. To Reuters, Fanny Bouton, head of quantum at OVHcloud, a French cloud computing firm, said that the industry faces a “dual compliance burden” in “auditing our products and securing all the data we hold in order to meet ANSSI’s requirements.”
According to the Quantum Insider, France is among the heaviest investors in quantum technologies, with a national plan valued at approximately $3.5 billion (€3 billion). France is also a part of the G7 Cybersecurity Working Group, which most recently released a statement on quantum security last month.
Accordingly, businesses, banks, and public services must consider how to transition in light of an increasingly “substantial” industry, Pascal Brier, chief innovation officer at Capgemini, a French IT company, told Reuters. During the conference, IBM Quantum’s Jerry Chow said that quantum threats could emerge as early as the mid-2030s. Qperfect, a French quantum computing company, added that the blockchain standard Elliptic Curve Digital Signature Algorithm could be among the first systems to be cracked.
But again, the challenges are real. As Fefferman explained to Gizmodo, many post-quantum schemes “involve tradeoffs in performance, memory usage, or key and signature sizes that can complicate deployment in real-world systems.”
To safely migrate existing infrastructure to post-quantum cryptography, there will have to be updates to protocols, software, hardware, and standards—while making sure stuff doesn’t leak during that process, he added.
“It’s not only a technical issue,” Souissi said. “It’s a matter of governance, industrial planning, regulation, and sovereignty.”
