## Cryptology ePrint Archive: Report 2015/1075

Cybersecurity in an era with quantum computers: will we be ready?

Michele Mosca

Abstract: Quantum computers will break currently deployed public-key cryptography, and significantly weaken symmetric key cryptography, which are pillars of modern-day cybersecurity. Thus, before large-scale quantum computers are built, we need to migrate our systems and practices to ones that cannot be broken by quantum computers. For systems that aim to provide long-term confidentiality, this migration should happen even sooner.

There are viable options for quantum-proofing our cryptographic infrastructure, but the road ahead is neither easy nor fast. Impressive progress in developing the building blocks of a fault-tolerant scalable quantum computer indicates that the prospect of a large-scale quantum computer is a medium-term threat. For example, I estimate a $1/2$ chance of breaking RSA-2048 by $2031$.

In this note, I briefly overview the problem, the solutions and some of the next steps.

Category / Keywords: cryptanalysis, quantum cryptanalysis, post-quantum cryptography, quantum cryptography, quantum-resistant cryptography, quantum-safe cryptography, quantum computing