Quantum Threat Timeline

  • Dr. Michele Mosca, Co-Founder, President & CEO, evolutionQ Inc.
  • Dr. Marco Piani, Senior Research Analyst, evolutionQ Inc.
Abstract geometric image with orange streaks of light.


Quantum computers harness the computational power of quantum systems and offer the ability to solve computational problems previously thought to be intractable. The quantum features that quantum computers rely on are very difficult to preserve and control; this makes building a quantum computer a formidable task. However, when built, quantum computers will break some of the pillars of our cyber security infrastructure.

The quantum threat to cyber security can be mitigated by deploying new cryptographic tools (both conventional and quantum) that are believed or known to be resistant to quantum attacks. Nonetheless, the transition to quantum-safe cryptography is a challenge itself, as it requires the development and deployment of hardware and software solutions, the establishment of standards, the migration of legacy systems, and more.

The urgency for any specific organization to complete the transition to quantum-safe cryptography for a particular cyber-system relies on three simple parameters:

  • the shelf-life time: the number of years the data must be protected by the cyber-system;
  • the migration time: the number of years to migrate the system to a quantum-safe solution;
  • the threat timeline: the number of years before the relevant threat actors will be able to break the quantum-vulnerable systems.

If the threat timeline is shorter than the sum of the shelf-life time and of the migration time, then organizations will not be able to protect their assets for the required years against quantum attacks. A better understanding of the threat timeline provides information on the time available to safely perform the transition to post-quantum cyber-systems.

Assessing the quantum threat timeline is very challenging because of the scientific and engineering obstacles involved in building a working quantum computer. Experts generally acknowledge that they still do not know when we will have quantum computers that can threaten cyber-systems. However, it would be very helpful to gain insights into the prospects of this threat becoming real in the short and medium term, into the rate at which progress is being made, and into the key milestones cyber-risk managers should pay attention to.

This study aims to provide such deeper insights into the threat timeline, by surveying an unprecedented breadth and depth of thought leaders with questions designed to help those managing the cyber-risk associated with quantum cryptanalysis.

The Global Risk Institute and evolutionQ Inc. have already made available a quantum risk assessment methodology for taking estimates of the threat timeline and assessing the overall urgency of taking action.