What is the quantum threat, and is it real?
The boy who cried (quantum) wolf: being honest about the threat and what it means for you
A cryptographically-relevant quantum computer (CRQC) is a quantum computer that can run algorithms to crack or weaken existing (so-called “classical”) cryptography.
Today, I’ll explain when — or if — this CRQC is likely to exist, what the real threat is, and how it might affect your data and assets. After reading this, you should get 100% on these quantum quiz questions:
Yes, you are hearing a lot about quantum computers (QCs) existing today, and that’s true — they do exist! But there is a critical distinction missing: none of today’s quantum computers are “cryptographically relevant”. That means they don’t yet have enough stability, enough qubits, or the right code to be able to crack even the weakest classical cryptography by quantum means (here’s looking at you, 256-bit RSA).
I hear you ask, “OK, so when will we have a cryptographically-relevant quantum computer?” Those are known as CRQCs, and that’s what I’m here to answer for you.
(Read all about quantum-safe cryptography & the NIST post-quantum process.)
There are two important points to make here:
Put simply: not all cryptography is equally vulnerable to quantum attack.
Which means we can prioritise! In the same way you should prioritise patching systems — by threat, severity of impact, and criticality of vulnerability — you should also prioritise which cryptographic assets to migrate first, if you need to migrate at all. In fact, here’s two very clear recommendations for you:
(Side note: One of my favourite latest innovations is the concept of being “quantum-annoying”: not quantum-safe, but ‘annoying’ enough that it’s not worth the work for an adversary to crack it.)
The truth is this: quantum computers already exist, but today they don’t have enough qubits (quantum bits) or the stability to be CRQCs.
So, your next question might be when CRQCs will exist? No-one knows for certain, and it may actually never come to exist. But we can have a decent guess. An annual estimate, using the latest research and industry developments, has found that since the 1980s, a CRQC has been estimated to be 15 years away. Most recently, at an annual quantum conference run by ETSI in winter 2022, Professor Michele Mosca shared a presentation on this topic:
(Source: Slide 25 of Mosca's PDF.)
At this point, someone usually points out Moore’s Law, but remember: Moore’s Law applies to classical computers. We cannot say if the same rate of advancement will apply to quantum computing.
Importantly, it’s not just about how many qubits you have — quantum computers also need stability to be cryptographically-relevant. Today, they lack the necessary stability. We also don’t know how stability will be affected as the number of qubits increases.
However, there was a now discredited Chinese academic paper published in late 2022 that claimed to lower the number of qubits needed to run relevant attacks. Advances like this, even if they aren’t real, spook people at the very least. And if the paper had been true, it would have suddenly brought the quantum threat horizon much closer.
So, the quantum threat is a way off right now, but you might want to start preparing. You might wonder how this will all affect your data and your assets. And it’s a great question.
I promise I will give some crunchy answers to that question now, but first — this will take a while. Like all things, the answer depends on your context, threat model, and real problems. Let’s start with the theory and work up from there.
CRQCs will be able to run two algorithms that impact cryptography:
So you can already see that different types of cryptography are impacted differently, but timelines also matter!
You need to work out the lifetime of your data that needs to be secret or signed, and this will vary for every single organisation. If you’re developing a product or you make embedded hardware that lasts for decades, your answer will be different to a large retailer handling transactions and some customer data, where the security requirements for that data diminish over time.
Luckily for you, here is the rubric to follow:
Now time for some (simple) maths! This is known as Mosca’s inequality. Essentially, you’re fine for as long as:
Required Security Lifetime of Data + Time to Migrate < Time to Develop a CRQC
Perhaps some data, like telemetry, you just won’t care about in 15 years. Some data, like medical or financial records, you likely will. Your range of influence varies too. You can’t do much about when a CRQC will exist, but you can minimise the time it would take to migrate your systems, by preparing for it.
We know that the threat is not real today, and won’t be for a while. But the risk is not just decided by threat: it’s a combination of the vulnerability and impact too.
At least at first, CRQCs will only be accessible to sophisticated adversaries who can harvest and store lots of your data today, i.e. nation states. And if these threat actors are currently stealing your data with ease — because your systems have been unpatched for months or years — they aren’t going to suddenly switch TTPs and start using expensive CRQCs.
So fix those vulnerabilities first! (And with that, I’ll leave you with something fun…)
Armed with this knowledge, here’s my short guide to find a quantum time-waster! Despite all the people pushing snake oil and telling you that you should have moved to quantum like yesterday, we now know that’s not the case.
So how can we identify those quantum time-wasters? Simply state these two facts and if there’s disagreement, you’re best off politely excusing yourself to take a call:
Test time! You should be able to tell me now:
See an error or have a suggestion? Please let us know by emailing [email protected].
This posting does not necessarily represent Splunk's position, strategies or opinion.
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.