The Rise of the Cryptographically Relevant Quantum Computer
Why Quantum Computers Threaten Cryptography: Emergency Action
No Cryptographically Relevant Quantum Computers (CRQCs) exist yet, but scientists warn that future improvements could put sensitive data at risk. The Cryptographically Relevant Quantum Computer can scale Shor's algorithm and crack popular public-key encryption. Their arrival will harm cryptographic infrastructure.
The severe threat CRQCs offer stems from “Harvest Now, Decrypt Later” (HNDL). Despite being unreadable, encrypted data can be intercepted and stored, according to this threat model. Decrypting older traffic encrypted with susceptible techniques is possible with a Cryptographically Relevant Quantum Computer. Long-term critical information including corporate secrets, government documents, and medical records protected by quantum-vulnerable encryption is already at risk due to this delayed threat.
Cryptographically Relevant Quantum Computers (CRQCs) can scale quantum algorithms to crack popular public-key encryption. Even if these technologies don't exist yet, their advent will challenge cryptography.
Below is a detailed discussion of Cryptographically Relevant Quantum Computers, their hazards, and their distinctions from contemporary quantum computers:
Define thresholds
A cryptographically relevant quantum computer can crack public-key cryptography systems like Elliptic Curve Cryptography (ECC) and RSA by comparing real-world key sizes to Shor's algorithm. These sophisticated, deep quantum circuits require technological benchmarks that are “cryptographically relevant”.
CRQCs are different thresholds, not just larger experimental machines.
Technical Skills Required
For cryptography, a quantum computer must tackle major stability and scale issues:
The machine must be able to detect and rectify its computation errors. Deeper algorithms like Shor's need fault tolerance.
Fault tolerance requires robust, error-corrected logical qubits, which encode one qubit's information over several physical qubits. A CRQC may require thousands of logical qubits. If the hardware has error rates, millions of physical qubits may be needed.
To finish deep quantum circuits needed to factor an RSA key or solve an elliptic-curve discrete log issue, the CRQC must maintain coherent, error-corrected operation for hours. Perform billions of quantum gate operations without difficulties.
The key barriers to a Cryptographically Relevant Quantum Computer are stability, precision, and computing time, not raw power.
Differences from Existing Quantum Systems
Marketed quantum computers are NISQ devices.
NISQ devices are useful for small-scale research and tests, but they can't repair errors immediately.
Their stability and strength are insufficient for cryptographic assaults at large key sizes. The present quantum computers on the market are limited for cryptography.
Unlike a “quantum supremacy” machine, a Cryptographically Relevant Quantum Computer does not need quantum advantage on a limited task to perform complex cryptographic attacks, which require much higher stability and scale.
Impact on Crypto
The cryptography of most modern digital systems would be threatened by a CRQC.
Elliptic-curve cryptography (ECC) for digital signatures and authentication systems and RSA for secure communications and key transfers would be compromised. The Shor algorithm solves mathematical problems efficiently and effectively at scale. Instantaneous and retroactive effect.
Symmetric encryption (Weakened): Grover's method would weaken AES without breaking it. In quantum environments, a 128-bit key may only guarantee 64 bits of security, however increasing key sizes can reduce this.
Current threats include “Harvest Now, Decrypt Later”. Though CRQCs have yet to arrive, the threat is considered active today. Estimates put them in the next 10–20 years. The “Harvest Now, Decrypt Later” threat concept is to blame.
After CRQC availability, HNDL can intercept, store, and decrypt encrypted data. Trade secrets, government information, and medical histories are at risk if quantum-vulnerable algorithms protect them. When sensitive data is obtained, the threat begins, not when a CRQC is built.
Post-Quantum Cryptography (PQC), which uses quantum-resistant techniques, is necessary now because migration takes time and planning must begin before CRQCs exist.
A Common Misconception
CRQCs must be distinguished from other quantum advances.
Unlike noisy, limited laboratory systems, CRQCs need fault tolerance, stability, and scale.
They differ from quantum-supremacy devices. To demonstrate quantum advantage on a constrained job, the machine must conduct cryptographic assaults, a far higher bar. Even with quantum key distribution, post-quantum cryptography (PQC) is needed. A dedicated infrastructure safeguards active channels but not stored data or digital signatures for QKD communication.
To prepare for the future threat, organizations should inventory quantum-vulnerable systems, monitor cryptographic dependencies, and devise migration plans as moving to quantum-resistant algorithms requires time and work.