We are now entering the era of fault-tolerant quantum computing. The computers are getting better. The qubits are getting faster and more reliable, and there are more of them.
NIST published its list of quantum-safe encryption algorithms, and now enterprises are racing to upgrade their encryption before Q-day, the quantum apocalypse that will make the previous generation of encryption protocols obsolete. Many large technology companies, infrastructure providers, and security firms have already committed to encryption upgrades, though enterprises are lagging behind.
“When gen AI hit, we were all caught by surprise,” says Henning Soller, partner and leader of the global quantum tech team at McKinsey & Company. “We have a bit more time here. We can make sure we’re better prepared.”
In the US, NIST guidelines say that the old encryption algorithms will be deprecated by 2030, and disallowed by 2035, with the European Union also following the same timeline.
But a lot has happened over the past couple of months. Several companies have announced improvements in the physical hardware of quantum computers and in error correction. As a result of this progress, at the end of March, Caltech researchers found that useful quantum computers could have as few as 10,000 physical qubits—not the millions expected previously. And on the same day, researchers at Google published a paper saying that quantum computers could break elliptic curve cryptography with as few as 1,200 to 1,450 logical qubits. Elliptic curve cryptography is used to secure authentication, for digital signatures such as those used in software updates, and for cryptocurrencies.
So now Google and Cloudflare have moved up the quantum deadline to 2029 and have said that the current focus on protecting encryption misses something even more important: authentication and security certificates.
“Data leaks are severe, but broken authentication is catastrophic,” said Bas Westerbaan, principal research engineer at Cloudflare, in a post outlining Cloudflare’s new roadmap.
According to Westerbaan, an overlooked key that’s vulnerable to quantum decryption can be used to infiltrate systems, and automated software-update mechanisms become remote code execution vectors. “An active quantum attacker has it easy,” he wrote. “They only need to find one trusted quantum-vulnerable key to get in.”
It’s no longer a question of when encrypted data will be at risk, Westerbaan added. “But how long before an attacker walks in the front door with a quantum-forged key?”
Google has also adjusted its threat model to prioritize post-quantum cryptography (PQC) migration for authentication services, according to a new timeline the company released at the end of March. “We recommend that other engineering teams follow suit,” the company said.
Credentials give attackers direct access to things like financial systems, says Bob Sutor, founder and CEO at Sutor Group Intelligence and Advisory. “And if the authentication system is protected by RSA or elliptic curve cryptography, it could be broken sooner than we think they could,” he says. “Someone could break the security, and then they can go and do things.”
Early quantum computers are likely to be slow, Cloudflare’s Westerbaan said in his post, suggesting that companies should prioritize keys that don’t turn over rapidly.
Some credentials are long-lived, Sutor says, and not replaced for weeks or longer.
However, the quantum threat is still one of future potential.
“They’ve reduced one theoretical number to another theoretical number,” Sutor says. “But it’s just a blueprint. It hasn’t been built.”
“There’s a degree of difficulty in going from something on paper to something that works in a lab as a proof of concept,” says Sridhar Tayur, professor of operations management at Carnegie Mellon University’s Tepper School of Business. And then it has to work at scale as a prototype, and then work at scale in production.
“It’s not like we have 1,450 logical qubits ready to go,” Tayur says. “We don’t have a hundred logical qubits ready to go.”
Meanwhile, enterprises are still having to deal with real and current threats. Attackers are using social engineering and phishing to steal credentials even without the help of quantum computers, and credentials are accidentally leaked online or stolen in data breaches.
And, of course, AI is now being used to speed up attacks.
Researchers at cybersecurity firm CodeWall used AI to hack into Boston Consulting Group’s data warehouse, which had no authentication on an API endpoint, allowing access to a 3-trillion-row data warehouse with individual-level employment data on hundreds of millions of people, at millions of companies. Worse yet, the service account behind that unprotected API had full write privileges, meaning that attackers would be able to change data.
So, security managers have to figure out if they have time to deal with the quantum threat on top of everything else.
Sutor suggests that companies could take quantum preparations out of their normal cybersecurity operations. “They have to have a dedicated task force that’s maybe extra to their original budget to get post-quantum cryptography systematically deployed internally,” he says.
The latest news should be a wake-up call for companies, he adds. “Quantum is not going to steal your credit card on the web next Monday,” he says. “But now you have to say, ‘Well, maybe not Monday, but maybe three or four years from now.’”
“What I’m seeing with clients is a growing sense of urgency but not panic,” says Scott Likens, emerging technology leader at PwC. “These breakthroughs in error correction don’t mean encryption is about to be broken tomorrow, but they do reinforce that the timeline is no longer abstract.”
Enterprises are starting to inventory where they rely on vulnerable encryption, he says, and are thinking about crypto-agility. And the fact that the quantum computers being discussed are still theoretical shouldn’t be a barrier to action.
“Migrating encryption across large-scale environments can take years,” Likens says, “making it unwise to wait for a definitive quantum moment.”