The arrival of quantum computing isn’t just a theoretical future; it’s a rapidly approaching reality that poses a significant threat to current cybersecurity infrastructure. While quantum computers promise breakthroughs in fields like drug discovery, materials science, and energy, their ability to break existing encryption standards is prompting urgent calls for action from governments and industry leaders alike. , Google issued a stark warning and outlined its own commitments to post-quantum cryptography (PQC), urging a coordinated effort to secure the digital landscape.
The core of the problem lies in the way modern cryptography works. Much of our digital security relies on public-key cryptosystems – algorithms that are computationally difficult for classical computers to crack. However, quantum computers leverage the principles of quantum mechanics to perform calculations in a fundamentally different way, rendering these algorithms vulnerable. As Kent Walker, President of Global Affairs at Google & Alphabet, and Hartmut Neven, Founder and Lead of Google Quantum AI, explained in a recent blog post, “The encryption currently used to keep your information confidential and secure could easily be broken by a large-scale quantum computer in coming years.”
The threat isn’t merely hypothetical. Security experts are already concerned about “store now, decrypt later” attacks, where malicious actors are collecting encrypted data today with the intention of decrypting it once sufficiently powerful quantum computers become available. This underscores the need for proactive measures, even before the emergence of a “Cryptographically Relevant Quantum Computer” (CRQC).
The Shift to Post-Quantum Cryptography
The solution lies in post-quantum cryptography – a field dedicated to developing algorithms that are resistant to attacks from both classical and quantum computers. These algorithms are based on mathematical problems that are believed to be hard to solve even with quantum computers. The National Institute of Standards and Technology (NIST) finalized its first set of PQC standards in , providing a crucial benchmark for the industry.
Google has been preparing for this shift since , and is now rolling out quantum-resistant protections across its infrastructure, aligning its migration plans with the NIST standards. The company’s approach focuses on three key areas: crypto agility, securing critical shared infrastructure, and facilitating ecosystem shifts. Crypto agility refers to the ability to quickly switch between different cryptographic algorithms as needed, providing flexibility in the face of evolving threats. Securing critical shared infrastructure ensures that the foundational elements of the digital ecosystem are protected. And facilitating ecosystem shifts involves encouraging widespread adoption of PQC across the industry.
Five Recommendations for Policymakers
However, Google recognizes that securing the quantum era is a collective responsibility. The company has outlined five specific actions policymakers can take to accelerate preparations:
- Drive society-wide momentum, especially for critical infrastructure: Policymakers need to extend their efforts beyond government networks to address vulnerabilities in vital sectors like energy, telecommunications, and healthcare. Protecting the trust infrastructure, including working with certificate authorities, is also paramount.
- Ensure AI is built with PQC in mind: As artificial intelligence becomes increasingly integrated into our lives, securing its foundation with PQC is crucial. Cryptography protects AI systems, and the growing reliance on AI necessitates a robust cryptographic underpinning.
- Reduce global fragmentation: A unified approach is essential. The NIST standards provide a globally agreed-upon benchmark, and widespread adoption will accelerate the transition to a quantum-safe future, avoiding the pitfalls of fragmented and potentially insecure solutions.
- Promote Cloud-first modernization: Migrating to the cloud offers a compelling pathway to adopting PQC. Rather than investing in updating legacy systems, governments should prioritize cloud migration, leveraging the work cloud providers like Google Cloud are already doing to enable PQC across their networks.
- Lean on the experts to avoid strategic surprise: The timeline for the arrival of a CRQC remains uncertain. Ongoing dialogue with experts from research institutions and groups like Google’s Quantum AI team will help policymakers stay informed and prepared for emerging threats.
The urgency of this situation cannot be overstated. While the exact timing of a CRQC remains unknown, the potential consequences of inaction are severe. The transition to PQC is a complex undertaking, requiring significant investment and coordination. However, as Google argues, it’s a necessary investment to ensure the long-term integrity of the digital economy.
“Here’s the bottom line: We believe quantum computing can help shape a brighter tomorrow — but we need an all-hands-on-deck approach to make sure the quantum era is defined by breakthroughs, not breakdowns,” Walker and Neven conclude. The challenge now is to translate this call to action into concrete steps, fostering collaboration between governments, industry, and researchers to secure a quantum-safe future.
