Banks, governments and technology providers need to be prepared for quantum computer hackers capable of breaking most existing encryption systems by 2029, Google has warned.
The tech company said in a blogpost that quantum computers would pose a “significant threat to current cryptographic standards” before the end of the decade and urged other companies to follow its lead.
The company, owned by Alphabet, said: “The encryption currently used to keep your information confidential and secure could easily be broken by a large-scale quantum computer in coming years.”
As it stands, quantum computers – which can rapidly carry out complex tasks – are a nascent technology with great potential and significant obstacles to being widely usable.
Google, Microsoft and universities across the UK and the US are in the midst of building systems that harness the physics of quantum mechanics to perform extremely sophisticated mathematical calculations.
Most of these systems are prohibitively difficult to build, requiring, for example, massive amounts of helium to cool quantum systems to near-absolute zero temperatures, or weeks of work aligning lasers. Those that are working at the moment are too small to perform the tasks that most excite the scientific community.
Constructing a very powerful quantum computer – with hundreds of thousands or even millions of stable qubits, or quantum bits – will require overcoming physical and technological challenges to keep those qubits stable, given the inherently fragile nature of quantum systems.
Google said: “We’ve adjusted our threat model to prioritise post-quantum cryptography migration for authentication services – an important component of online security and digital signature migrations. We recommend that other engineering teams follow suit.”
Leonie Mueck, formerly the chief product officer of Riverlane, a Cambridge-based quantum startup, said Google’s statement did not necessarily suggest there would definitely be a working quantum computer capable of breaking encryption by 2029.
In fact, most timelines for a cryptographically relevant quantum computer – that is, one powerful enough to break encryption – range from the 2030s to the 2050s. But Mueck said the prospect was close enough that governments were already preparing for the eventuality that data stored to today’s encryption standards would be exposed when the technology sufficiently advances.
“We’re basically seeing in the intelligence community already that for probably more than a decade they’ve been thinking about this threat,” Mueck said.
Last year the UK’s cybersecurity agency, the National Cyber Security Centre, urged organisations to guard their systems against quantum hackers by 2035.
Google’s timeline suggests engineering teams across the technology industry should consider measures to protect sensitive data by migrating to more advanced encryption systems now. Certain kinds of attacks predicated on the future availability of quantum decryption – “store now, decrypt later” – may currently be being deployed across the field.
Mueck said: “National security documents from 1920 are not relevant today. But stuff from 10 years ago is much more relevant, and should not get into the wrong hands in the future. You need to have classified documents that are classified today in a way that a quantum computer in 10 years won’t be able to decrypt them.”