We are pleased to provide an update to the first report issued in November 2019. This report documents a shift in the opinions from the last report due to the advances and changes in the quantum computing landscape. Quantum computers use quantum systems to run computations that go beyond what is achievable by standard computers. They do this by exploiting quantum features that are difficult to preserve and control; this makes building a quantum computer an immense challenge. Despite some skepticism about their realizability, no fundamental roadblock has been identified, and relatively small prototypes have already been built.
Once available, full-fledged quantum computers will be able to solve computational problems previously thought to be intractable, hence breaking several elements of the current cybersecurity infrastructure.
The quantum threat to cybersecurity can be mitigated by deploying new cryptographic tools, both conventional and quantum, that are believed or known to be resistant to quantum attacks. Nonetheless, the transition to quantum-safe cryptography is a challenge itself: it requires the development and deployment of hardware and software solutions, the establishment of standards, the migration of legacy systems, and more.
The urgency for any specific organization to complete the transition to quantum-safe cryptography for a particular cyber-system depends on three simple parameters:
- the shelf-life time: the number of years the data must be protected by the cyber-system,
- the migration time: the number of years to migrate the system to a quantum-safe solution, and
- the threat timeline: the number of years before the relevant threat actors will be able to break the quantum-vulnerable systems.