Skip to main content
Support
Blog post

Preparing for Y2Q and Post-Quantum Disruption

Brandon Kirk Williams

Global powers are preparing for Y2Q by leveraging policy and technology solutions to prevent strategic surprise. Recent advances by Chinese quantum computing companies are raising alarms that China may beat the United States to Y2Q. It’s time for the US to renew its quantum investments to preserve leadership and anticipate disruption from quantum computing across sectors, especially for enabling rapid biotechnology innovation.

Introduction

Just as the Y2K countdown marked the dawn of a new millennium, the ticking clock to Y2Q (Years to Quantum) signifies the onset of a groundbreaking era in data decryption by quantum computers. Often referred to as "Q Day" or the more ominous "Quantum Apocalypse," Y2Q is the anticipated moment when quantum computing is expected to surpass public-key cryptography, rendering modern data encryption obsolete

Projections vary for when this milestone will be reached, but IBM’s breakthroughs in improving the accuracy of quantum computing starts the countdown to compromising today’s encryption. The Cloud Security Alliance’s Countdown to Y2Q estimates a little over 6 years to safeguard encryption, while the creator of the algorithm to break encryption suggested a timeline that is decades away. But ingenuity, dedication, and luck could overturn moderate predictions. 

Protecting government and civilian networks from this uncertainty requires migrating to post-quantum cryptography (PQC). PQC uses algorithms that can withstand the speed and processing of a quantum computer that would crack today’s encryption. Migrating to PQC can prevent harvest now, decrypt later cyberattacks from stealing sensitive or secret data to decrypt in the future with a quantum computer. 

Global powers are preparing for Y2Q by leveraging policy and technology solutions to prevent strategic surprise. Since 2013, the Chinese Communist Party invested deeply in the promise of an unhackable space and ground quantum communications network. Recent advances by Chinese quantum computing companies are raising alarms that China may beat the United States to Y2Q. It’s time for the US to renew its quantum investments to preserve leadership and anticipate disruption from quantum computing across sectors, especially for enabling rapid biotechnology innovation.

Quantum Computing Basics and the Key to Encryption

A quantum computer draws on principles of quantum physics to process quantum bits—known as qubits—unlike a classical computer’s 1s and 0s. Development of quantum computing is hindered by the notoriously error-prone qubits, which make it difficult to replicate results due to interference or noise. But success would revolutionize computing: a functioning quantum computer promises to process in a matter of minutes what a classical computer can accomplish in centuries if not millennia.

The prevailing encryption method, RSA, secures sensitive information by employing a public key, a corresponding private key, and an encryption algorithm that utilizes prime factorization as the trapdoor for encryption. Encryption is a vital link for safeguarding data in a smartphone-saturated America. Although it is theoretically possible to crack RSA keys, the decryption process is enormously time-consuming, even when executed with the most cutting-edge supercomputers currently available.Consequently, RSA keys are considered practically secure.

However, quantum computing’s potential means that it could easily crack the large number sets needed for today’s standard encryption. This remains only theoretical so far. A 2023 experiment by Fujitsu estimated that processing 10,000 qubits in 104 days could decrypt RSA, but a previous assessment projected 8 hours with 20 million noisy qubits. The highest qubit quantum processor, IBM’s Osprey, maxes out at 433 qubits for experimental research. Scaling qubits to crack encryption, in other words, will prove challenging but the risk is elevating. 

Post-Quantum Cryptography 

Post-quantum cryptography offers resilience against quantum computers or unforeseen synergy between quantum, artificial intelligence (AI), and cyberattacks. Despite that, our current PQC tools are imperfect. One of the National Institute of Standards and Technology’s (NIST) PQC algorithm finalists, CRYSTALS-Kyber, was compromised by a commercially available AI chip and cyberattack. A potential objective should be cybersecurity architectures emphasizing cryptographic agility matched with rigorous PQC testing. We must also confront cyber operations in which malicious actors steal secure data today to unlock its information in the future. Hybridity may be the best solution to tackle this category of attacks and to achieve cryptographic agility: Google recently announced that its Chrome browser adopted a hybrid quantum-resistant cryptography to prevent against harvest now, decrypt later attacks. 

Current US Policy

 Mitigating the threat and moving to PQC will require continued growth in public-private innovation and partnership. The US’ private sector leaders are embracing the post-quantum challenge, aligning with the Biden administration’s National Cyber StrategyGoogle uses post-quantum algorithms to protect all internal communications. Amazon and IBM are adopting quantum-safe cryptography for securing customers’ data while also building quantum computing hardware and software. Partnerships to allow government to collaborate on and leverage these and other private sector advancements are already underway, such as the Chicago Quantum Exchange or the Quantum Economic Development Consortium (QED-C) established by industry and other stakeholders in partnership with NIST.

For US policymakers, the tools exist for overhauling the country’s cybersecurity architecture. The NIST hunt for a solution began in 2016 and resulted in the 2022 first round of PQC algorithms. The Biden administration’s May 2022 National Security Memorandum 10 solidified an agenda with a deadline of 2035 to mitigate the quantum threat, and the Administration has also outlined implementation goals for PQC in 2025. PQC Guidelines from the National Security Agency and Cybersecurity and Infrastructure Security Agency attest to the bureaucratic readiness for a PQC transition. 

China’s Strategy for Winning the Quantum Race

China’s response to Y2Q has been an aggressive strategy to reportedly fund $15.3 billion in public funds for quantum research and development alongside creating unhackable quantum communications networks. China currently leads the world in quantum communications and Quantum Key Distribution (QKD) which relies on properties of physics to exchange secure data with a set of keys between two trusted parties. Only the key’s recipient can unlock the data, therefore any attempts to intercept the data will alert the recipient to the attack, and any stolen data will be rendered unintelligible.

China authorized its national QKD campaign in 2013 after a briefing for Xi Jinping on quantum communications from physicist Pan Jianwei. Since Pan’s 2013 briefing China has cornered quantum communications patents, publications, hardware, and software. China committed to quantum investments and only four years later, under Pan’s leadership, achieved the first successful test of a QKD video chat from Beijing to Austria using the Micius satellite. The 2017 Micius experiment failed to demonstrate a truly secure communication, but a 2020 Micius trial succeeded in an uncontrolled environment. 

In 2023, a team led by Pan at the University of Science and Technology of China and another at the Beijing Academy of Quantum Information published noteworthy QKD gains in transmitting data via optical fibers. The Beijing group set a new world record for secure QKD of over 300 miles. Chinese physicists are also making notable developments in testing critical components of PQC.

Takeaways for US Policymakers

Protecting government and civilian networks from this uncertainty necessitates that the US migrate to PQC. Should the US shift its investment away from PQC to QKD and secure nation-wide quantum networks? No. QKD is unreliable at scale for secure communications based on current technology. Establishing a nation-wide network is unlikely before reaching reasonable quantum computer breakthrough timelines. The US and its allies need actionable, feasible solutions that governments will standardize. QKD is not the near- or medium-term solution. 

Government-sponsored research and development is pushing frontier research. . A public-private consortium led by the Department of Energy is progressing in testing a quantum network in Tennessee. The Defense Advanced Research Projects Agency initiated an ambitious program to sponsor three companies’ bids to build a cost effective and error-correcting quantum computer in less than ten years. Both of these programs, in addition to others at national laboratories, illustrate the value of public-private partnerships in the race to lead in quantum.

No one can predict Y2Q. The US’ policy muscle, PQC solutions, and private sector initiative offers the best path to mitigate the threat from quantum computing. The Chinese government is committed to rivaling the US in quantum and will leverage technological gains to achieve security advantages. Managing quantum’s latent potential will demand vision and dedication to prepare for a post-quantum world that promises to transform life. Urgency is paramount to align the private sector and government for PQC migration that will be a whole-of-nation effort. Although the clock is ticking, the US has the tools to prepare a new post-quantum world to safeguard the nation’s information security.

The opinions are those of the author and do not necessarily represent the opinions of LLNL, LLNS, DOE, NNSA, the US government, or the Wilson Center. 

About the Author

Brandon Kirk Williams

Brandon Kirk Williams

2022-23 Wilson China Fellow;
Postdoctoral Research Fellow at the Center for Global Security Research at Lawrence Livermore National Laboratory
Read More

Science and Technology Innovation Program

The Science and Technology Innovation Program (STIP) serves as the bridge between technologists, policymakers, industry, and global stakeholders.  Read more