Countdown to Q-Day: How to prevent a quantum decryption disaster
"The foundations of digital security are at stake. Traditional cryptographic techniques may soon be vulnerable to quantum..."
One of the most critical developments on the horizon in cybersecurity is the rise of quantum computing, a shift which has the potential to redefine the future of data security.
While full-scale, commercially viable quantum computing may still be some time away, the concept of Q-Day - the day quantum computers can break widely used encryption algorithms - is no longer theoretical.
Some experts anticipate Q-Day could occur between the late 2020s to early 2030s, with forecasts such as Gartner predicting that by around 2030 quantum computers will start to pose a significant threat to asymmetric cryptography.
Early cracks are starting to appear
Last year, researchers in China made headlines by breaking a 22-bit RSA encryption - the algorithm that underpins modern encryption and secures the internet - using quantum techniques. While this is relatively trivial compared to the 2048-bit encryption which is commonly used today, their method dramatically reduced the technical effort required. When Q-Day arrives, it could instantly render many current encryption methods obsolete, posing a serious threat to data security across many sectors.
Today’s encryption algorithms rely on the difficulty of solving complex mathematical problems such as factoring large numbers. Unlike classical computing, which relies on binary states, quantum computing can perform calculations at speeds and complexities previously thought impossible. That’s what makes the threat existential: once quantum reaches a certain level of maturity, it will break the very foundations of our digital world.
The time to transition is now
The implications are clear: the foundations of digital security are at stake. Traditional cryptographic techniques, which have underpinned data protection for decades, may soon be rendered vulnerable by quantum computing’s vast processing power. Worryingly, outdated cryptographic algorithms remain widespread. For example, 83% of server-side SSH protocols still rely on pre-2020 versions, highlighting an industry-wide issue of systems lagging in security updates, at a time when forward-thinking preparation is key.
To stay ahead, organisations must begin transitioning to quantum-resistant cryptographic methods now, especially as quantum-resistant encryption is being actively developed and standards are advancing. The National Institute of Standards and Technology (NIST) is spearheading the development of post-quantum encryption standards and has already finalised the first three quantum-resistant encryption algorithms, which security experts are encouraged to incorporate into their systems.
Winners and losers will be defined by readiness
This shift is already triggering a surge in demand for quantum-secure products and services, marking a new phase of innovation in cybersecurity. Companies that proactively adopt quantum-resistant encryption will be better positioned to safeguard their data assets, while those that wait may find themselves scrambling when Q-Day strikes. The mitigation approach will broadly fall into two types of players: those that create services with encryption embedded and those that use these services.
- For companies that are building services, they must look at the development of apps, infrastructure and data, and plan either a migration to quantum-safe encryption or how they will be able to support them. The challenge will be how modular the apps are, and how easily they can change encryption methods. There is also a further issue to consider with encrypted data at rest. Are they going to need to decrypt and re-encrypt Terabytes of already stored data to ensure its confidentiality?
- For companies procuring services, they will need to rigorously assess the quantum readiness of their providers. Microsoft, as an example, holds a massive amount of customer data through their M365 platform and hyperscale cloud. As far back as 2023, they formed a group of experts across the organisation to identify a path to make all applications and services quantum safe. They have the scale and deep pockets to do this, but will all service providers be able to follow suit?
Quantum is fragile – but progress is relentless
To balance the hype vs. reality, there are some challenges to quantum computing coming of age. Qubits are inherently unstable as they exist in a superposition of states, meaning they can be both zero and one simultaneously, and need to maintain what is known as quantum cohesion. This delicate state is easily disrupted by even minor environmental factors like temperature fluctuations, electromagnetic radiation, or stray particles.
To put that in perspective, in 2024 researchers made a “breakthrough” by establishing quantum cohesion for only 100 nanoseconds at room temperature. So, there are significant challenges to overcome before quantum becomes mainstream, meaning the chances of Q-Day arriving tomorrow is unlikely, but, it is a day that will come. And with the pace of innovation, it may come faster than most expect.
Richard Ford is Chief Technology Officer at Integrity360
