The world relies on encryption to protect everything from credit card transactions to databases holding health records and other sensitive information. A new report from the US National Academies of Sciences, Engineering, and Medicine says we need to speed up preparations for the time when super-powerful quantum computers can crack conventional cryptographic defenses.

The experts who produced the report, which was released today, say widespread adoption of quantum-resistant cryptography “will be a long and difficult process” that “probably cannot be completed in less than 20 years.” It’s possible that highly capable quantum machines will appear before then, and if hackers get their hands on them, the result could be a security and privacy nightmare.

Today’s cyberdefenses rely heavily on the fact that it would take even the most powerful classical supercomputers almost unimaginable amounts of time to unravel the cryptographic algorithms that protect our data, computer networks, and other digital systems. But computers that harness quantum bits, or qubits, promise to deliver exponential leaps in processing power that could break today’s best encryption.

Key issue

The report cites an example of encryption that protects the process of swapping identical digital keys between two parties, who use them to decrypt secure messages sent to one another. A powerful quantum computer could crack RSA-1024, a popular algorithmic defense for this process, in less than a day.

Such machines, which would require a couple of thousand “logical” qubits, are probably at least a decade away, say the US experts. Qubits’ delicate quantum state can be disrupted by things like tiny changes in temperature or very slight vibrations, so it can require thousands of linked qubits to produce a single logical one that can be reliably used for computation.

Still, complacency would be a mistake. William Oliver, an MIT physics professor and a member of the group that produced the academies’ report, notes that governments and businesses like banks often need to keep data secure for decades. They therefore need to be thinking now about potential future threats to the encryption they’re using.

Scott Totzke, the CEO of Isara, a startup that’s developing quantum-proof cryptographic solutions, says it’s getting plenty of interest from automakers worried about risks to software in connected cars and other vehicles that will spend many years on roads.

Standard setting

Isara’s work is part of a wider push in the cryptographic community to come up with new encryption methods that can’t be cracked by quantum computers. The academies’ report summarizes several of these methods, and the US National Institute of Standards and Technology is working to develop standards for quantum-proof cryptographic algorithms related to them.

The biggest challenge will be getting these widely adopted. The academies’ experts say negotiating standards, persuading vendors to follow them, and then getting organizations to upgrade their hardware and software can take years. Old data will also need to be reencrypted or destroyed.

Hence the depressing-but-probably-accurate forecast that it will take at least a couple of decades to get quantum-safe cryptography broadly in place. If that holds, we’re going have to hope it somehow takes even longer before a powerful quantum computer ends up in a malicious hacker’s hands.