10 seconds to break: Preparing for quantum security threats
enero 7, 2025 / Stijn Van Impe
Short on time? Read the key takeaways:
- Quantum computers could break current encryption in seconds, presenting an unprecedented risk to the digital infrastructure where cryptography is used.
- Organizations should embrace a hybrid approach to post-quantum cryptography (PQC), starting with a comprehensive cryptographic posture assessment.
- With commercial quantum computers potentially hitting the market by 2029, enterprises need to act swiftly to protect their most sensitive data from "harvest now, decrypt later" threats.
- Achieving crypto agility is crucial, allowing organizations to adapt their security measures while maintaining seamless operations as the quantum threat evolves.
A perfect quantum computer could break RSA-2048, our strongest current encryption, in just 10 seconds.
Quantum computing uses the principle of quantum mechanics to process information using quantum bits (qubits) instead of traditional computer bits. While classical computers use bits that are either 0 or 1, qubits can represent both states simultaneously. This capability makes quantum computers exceptionally powerful for solving complex problems, particularly in cryptography, artificial intelligence and materials science.
While this computational leap opens remarkable possibilities across industries, it also introduces significant security challenges. When quantum computers reach their full potential, they'll be able to break through traditional encryption methods that protect our most sensitive data.
While the timeline for the commercial availability of fully functional quantum computers remains speculative, predictions vary widely. The Boston Consulting Group forecasts a broad quantum advantage between 2030 and 2040, whereas Gartner suggests that advances in quantum computing could begin compromising current encryption methods as early as 2029, with complete vulnerability by 2034. Regardless of the exact timeline, the consensus is clear: the era of quantum computing is rapidly approaching.
The looming quantum threat
The imminent arrival of quantum computing brings with it the risk of "harvest now, decrypt later" attacks. In such scenarios, malicious actors could steal and store encrypted data today, intending to decrypt it once quantum computing capabilities become available. This threat is particularly alarming for data with long-term sensitivity, such as financial information, intellectual property and government secrets.
Building quantum resilience
To counter this looming threat, organizations must:
- Adopt new cryptographic algorithms that are secure against impending quantum attacks, known as post-quantum cryptography (PQC). The National Institute of Standards and Technology (NIST) recently released its first set of PQC algorithm standards (FIPS 203, FIPS 204, and FIPS 205) to help organizations secure their data against quantum attacks. This will require upgrades across the infrastructure.
- Build crypto agility to adapt to new cryptographic methods without major system overhauls as threats evolve.
This requires four essential steps:
- Discover and assess: Map where your organization uses cryptography and evaluate quantum risks to those assets. Identify crown jewels and potential business impacts.
- Strategize: Discover your current cryptographic inventory, asset lifetimes versus quantum threat timeline, quantum risk levels to critical business assets, and create a comprehensive PQC migration roadmap.
- Modernize: Implement quantum-resilient algorithms while aligning with broader business strategies.
- Enhance: Maintain crypto agility through regular updates, asset assessment, modular practices, ongoing education, and compliance monitoring.
The urgency to act
Past cryptographic migrations often took over a decade to complete. Early adopters of quantum-resistant encryption have reported far-reaching impacts, including interoperability issues, infrastructure rewrites and other upgrade challenges, leading to multi-year modernization program timelines. While the transition to PQC could be a practical problem due to its vast and fragmented spread across the digital infrastructure, the extended implementation period makes starting now essential. Organizations must prioritize crypto agility to protect critical data before quantum threats become tangible risks.
To learn how Unisys can help your organization prepare for the coming quantum security challenges, speak with an expert today.