Conclusions

Recent estimates suggest that it takes about 20 million qubits to break a 2048-bit RSA key. Currently, the most powerful quantum computers operate at about 70 qubits, and even optimistic estimates expect at most 1,000 qubits within the next three to five years. This means that current quantum computers are not nearly powerfully enough to break today's encryption algorithms. It is unclear if and when a cryptographically relevant quantum computer might exist.

However, if the pace of quantum development observed in recent years continues, the future could hold a realistic threat to secure communications. Some government intelligence agencies have already intercepted and stored vast volumes of encrypted data and might be able to start deciphering that data as soon as there are advances in crypto analysis or as soon as suitable quantum computers become available. This means that different encryption solutions are already useful today even if quantum decryption is not yet available.

At the end of the day, the problems related to quantum-resilient encryption are solvable, but there can be no doubt that the alternatives will not turn out to be as efficient and simple as the classical procedures.

When you migrate to quantum-resilient IT, it will be important to document where cryptography is used in your own enterprise – or in your own products. Then you can explore whether alternative options are available. Dependencies will always crop up, meaning that product manufacturers or open source projects will have to make appropriate adjustments. For example, the question might arise as to whether the crypto libraries used with the project can be replaced by quantum-resilient alternatives, or whether high-security requirements already force transitional solutions.

Some standardization bodies are at least trying to offer the option of securing today's communications against quantum computers without the use of post-quantum cryptography – for example, with the help of pre-shared keys.

The multitude of requirements makes a universal recommendation impossible. Only the use of experts and a broad exchange of knowledge can prevent isolated solutions, which – unfortunately – often occurred in the past. It is important to cover the widest possible range of use cases with the smallest possible number of standard solutions. Crypto and IT security experts rely on the experience of software and hardware developers, as well as administrators of small and large networks. This real-world testing with large volumes of data is the best way to identify vulnerabilities. Government agencies, standards bodies, and the crypto community need this input, and they welcome the participation of all of us in preparing tomorrow's digital world for the requirements of the near future.