The quantum threat

Digital innovations - especially in recent years - have often been marked by all kinds of risks to the well-being of society, particularly if they fall into the wrong hands. We are experiencing this intensively with the use of artificial intelligence, and it has also become apparent around quantum computing. Such is the case of the theoretical ability of a quantum computer to break today's cryptographic algorithms and thus jeopardise the security of our data, our digital money or the world's strategic resources connected to the internet.

Qubits, bits with superpowers

Quantum computing - named after the fact that it is based on some of the principles of quantum mechanics - is, for the time being, a specialised branch or application of processing technology. Unlike your standard classic computer - based on bits, bytes, megabytes, etc. - quantum machines are based on qubits as basic information elements. These qubits have certain special characteristics, like superposition (which gives them inherent processing parallelism, with the subsequent ability to execute millions of operations simultaneously) or entanglement (allowing them to solve complex problems faster). Equally, qubits also have some problems, such as decoherence (loss of its quantum state; a kind of degradation over time).

The distinctive feature of computational technology (in its many forms; ion trap processors, superconductors, photonics, etc.) is that it has proven to be particularly powerful in solving certain mathematical problems - especially those involving intensive computation - exponentially faster than classical computers. Here we can mention the factoring of large prime numbers or searches in complex databases, where we can talk about resolution times in minutes as opposed to years or centuries.

Cryptography and the quantum threat

Currently, much of the security infrastructure on the internet is based on public and private key cryptography, which relies on certain mathematical problems that are theoretically impossible or at least economically unfeasible to solve using conventional systems... such as, precisely, the factorisation of prime numbers. This is the case of the well-known RSA, which grounds its (purely theoretical) inviolability on the tremendous difficulty of decomposing a number of, say, 200 digits into its prime factors. We have other, more modern systems that are based on equally complicated problems to solve, such as elliptic curve cryptography (ECC). Of course, we cannot forget the role of symmetric encryption algorithms, such as AES, TwoFish or 3DES.

Apart from the fact that some of the existing cryptographic systems have already been successfully broken by traditional means (albeit with a great investment in time), quantum computing does seem to have a tangible capacity to execute certain algorithms (such as Shor's algorithm for factorisation, Grover's algorithm for intensive search, or the resolution of the discrete algorithm problem) capable of breaking these systems. This calls into question the foundations of internet security (some of which are very old) on which our trust in electronic banking, online shopping, digital identity and privacy, and cryptocurrencies, etc. is (was) based.

It can thus be said that today's cryptography can be divided into pre-quantum and post-quantum cryptography (PQC), depending on whether or not the possibility of using quantum computers to attack it has been taken into account in its design. The capacity of quantum computers to threaten our digital security is moving from theory to practice with exponential speed. In other words, the quantum machines needed to get up to mischief on today's cryptographic systems may not be generally available or perfected enough to be able to industrialise their threat, but we are very close, given the speed at which ever more capable machines are being developed, and the relatively limited quantum power that would be required: late last year, a research team at Tsinghua University in Beijing (China) published that "only" 372 physical qubits are needed to breach the RSA-2048 algorithm.

And it won't be for lack of capacity. IBM, which unveiled a 433-qubit quantum processor at the end of November 2022, has announced that its Condor device of more than 1,000 qubits will be available by the end of this year, and the so-called Kookaburra of at least 4,158 qubits by 2025.

In China, a record has been beaten, entangling up to 51 qubits (which is key to the execution of complex processes). It is to be expected, therefore, that some of the most cyber-warfare-savvy powers and criminal groups would have little trouble developing, acquiring, or at least gaining access to, quantum machines capable enough to successfully attack many critical systems or infrastructures, circumventing their protection mechanisms.

In this first instalment of this article I have simply introduced the problem (by the way, the day when quantum computers are able to break existing encryption algorithms across the board is popularly known as Q-Day, a kind of digital doomsday, as was once the dreaded 1-01-2000). Next time, I will take a quick look at the strategies industry is pursuing to protect itself against this quantum challenge.