Paper 2015/1075

Cybersecurity in an era with quantum computers: will we be ready?

Michele Mosca

Abstract

Quantum computers will break currently deployed public-key cryptography, and significantly weaken symmetric key cryptography, which are pillars of modern-day cybersecurity. Thus, before large-scale quantum computers are built, we need to migrate our systems and practices to ones that cannot be broken by quantum computers. For systems that aim to provide long-term confidentiality, this migration should happen even sooner. There are viable options for quantum-proofing our cryptographic infrastructure, but the road ahead is neither easy nor fast. Impressive progress in developing the building blocks of a fault-tolerant scalable quantum computer indicates that the prospect of a large-scale quantum computer is a medium-term threat. For example, I estimate a $1/2$ chance of breaking RSA-2048 by $2031$. In this note, I briefly overview the problem, the solutions and some of the next steps.

Note: This note is based on the abstract for a talk I gave at QCRYPT 2015 in Tokyo. http://2015.qcrypt.net/scientific-program/

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
cryptanalysisquantum cryptanalysispost-quantum cryptographyquantum cryptographyquantum-resistant cryptographyquantum-safe cryptographyquantum computing
Contact author(s)
mmosca @ uwaterloo ca
History
2015-11-05: received
Short URL
https://ia.cr/2015/1075
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/1075,
      author = {Michele Mosca},
      title = {Cybersecurity in an era with quantum computers: will we be ready?},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1075},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/1075}},
      url = {https://eprint.iacr.org/2015/1075}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.