Kevin Reifsteck, Director for Cybersecurity Policy, and Emily Violi Benjamin, Senior Program Manager, Quantum Legal and Policy, discuss quantum safety, correct common misconceptions, and share practical tips for how organizations can prepare for the quantum future.
We are working to help civil society, governments, and technology makers come together to discuss what responsible computing means in the quantum era so we can safely use these technologies for societally beneficial purposes.
Emily Violi Benjamin, Senior Program Manager, Quantum Legal and Policy
How do you prepare for a risk that doesn’t yet exist?
That’s the question we all face when it comes to quantum computing. No one—not even the scientists building them—can say precisely when a quantum supercomputer will become a reality, but we can bet that when they arrive some of our most sensitive data will be vulnerable. One day, a cryptographically relevant quantum computer (CRQC) could make short work of some of the complex mathematical calculations that are currently used to encrypt data—problems that would take classical computers millions of years to figure out.
The need for quantum-safe encryption is the primary cybersecurity challenge currently emerging from rapidly developing technology. Today’s cryptography needs to be updated before someone builds a computer that can break it. But in the meantime, cyber thieves can scoop up massive amounts of data and simply wait for quantum technology to be able to break the cryptography—a threat known as “harvest now, decrypt later.” There is an immediate need to protect currently encrypted data that will still be sensitive when quantum computers can decrypt it.
Here, Kevin Reifsteck, Director for Cybersecurity Policy, and Emily Violi Benjamin, Senior Program Manager, Quantum Legal and Policy, break down what we know today about quantum safety. They explain the need for global standards, correct common misconceptions, and share practical tips for how organizations can prepare for the quantum future.
There are wildly different predictions for when quantum computers could be able to break certain types of encryption that are currently in use. Why is it so hard to know when this risk will become real?
Emily Violi Benjamin: Building a utility-scale quantum computer involves doing things that have never been done in human history. It requires major advances across many types of technologies. At the same time, any timeline we set could be shortened by a leap forward in hardware or software development, so we need to keep our foot on the gas with the migration to post-quantum cryptography.
Kevin Reifsteck: That’s especially important because of the “harvest now, decrypt later” risk, which is our biggest concern right now. It’s critical to get started with the transition to quantum-safe cryptography now to protect data from people who want to steal it and hang onto it until quantum computers exist.
A lot of data today is protected by “public key encryption”:
One key, which is public and accessible by anyone, is used to encrypt data; another key, which is private and can only be used by the data’s owner, is needed to decrypt it.
The most common method of public key encryption is the RSA algorithm, which is based on the idea that it’s very hard to factor large numbers. For example, it’s easy to multiply 31 by 67 and get 2,077. But it’s extremely difficult to take 2,077 and identify 31 x 67 as the equation that got you there.
The longer the number, the harder it gets. Encryption today depends on factoring very big numbers, which would take a data center full of classical computers more than a million years. A sufficiently powerful quantum computer, on the other hand, will be able to find the combination of factors that make up the “private key” in about 100 seconds.
Who is behind the “harvest now, decrypt later” threat?
Kevin Reifsteck: We’re most concerned about nation-state threats. We’re looking at who is making progress on quantum research and development, and who has the resources to steal large amounts of encrypted data and store it long enough for cryptographically relevant quantum computers (CQRCs) to be created. That’s going to be a nation-state actor. It’s much less likely that cybercriminals and non-state actors will have the capabilities and resources to harvest data at scale and also have access to a quantum computer in the near future.
What are these bad actors doing in the meantime?
Kevin Reifsteck: The concern is that they are collecting encrypted data that will remain sensitive for at least a decade or longer. In the public sector, that means national security data, including intelligence and defense information. In the commercial world, healthcare data is a concern because it will be sensitive throughout a person’s lifetime, and it can be valuable for intelligence, counterintelligence, and potentially blackmail.
So this is a bigger issue than stealing passwords—it’s a government-level threat. How can a private company like Microsoft help?
Kevin Reifsteck: We’re trying to help governments push forward with the transition to quantum safety across the public sector as well as private industry, and a big part of that is providing quantum-safe technology. We made a company-wide commitment, aiming to enable early adoption of quantum safe capabilities across all our products and services by 2029 and complete the transition by 2033. These timelines are in line with, or even slightly ahead of, most governments’ targets. That’s important because Microsoft is going to provide the IT services and software that many companies across the global economy will use to meet government requirements.
The need for quantum-safe cryptography is a known risk. How can you prepare for the additional risks that might emerge when quantum computing at scale becomes a reality?
Emily Violi Benjamin: We can take a lot of lessons from AI. The technology evolved quickly, but Microsoft was well positioned for it. As an example, our Office of Responsible AI was established in 2019, years before the emergence of GPT-3 in Microsoft products. We had governance and security frameworks in place to help us navigate an entirely new landscape. That’s what we want to see with quantum. To do this, it is important to understand the domains where quantum computing will be most impactful, namely chemistry and material science R&D, to anticipate and address risk now.
In these fields, there is the potential for “dual use” of technology—it can be used to benefit people, or it can be used for harm. That’s true today with AI in computing for science, and it will be true in the future with quantum. We are working to help civil society, governments, and technology makers come together to discuss what responsible computing means in the quantum era so we can safely use these technologies for societally beneficial purposes.
Why are global standards so important?
Kevin Reifsteck: For most organizations, the transition to quantum-safe cryptography will happen in the background—vendors and companies like Microsoft will update encryption with quantum-safe algorithms in the hardware and software they provide. These vendors serve global markets. If every country has different requirements, it’s difficult to engineer products that work for customers worldwide.
The work happening within international organizations now aims to standardize quantum-safe algorithms and the way these algorithms should be implemented in our software and hardware. We participate in these efforts in multiple organizations, including the National Institute of Standards and Technology (NIST), the International Organization for Standardization (ISO), and the Internet Engineering Task Force (IETF). That makes it easier for everyone: IT companies can build to standards that have been created and tested through a rigorous international process rather than having to make decisions themselves, and the technology will be interoperable everywhere in the world. Organizations will be able to rely on their vendors to upgrade the vast majority of their encryption without necessarily having to understand the technical details of the algorithms.
Emily Violi Benjamin: We are in a pivotal moment for quantum computing development. Engineers and researchers are working on many different approaches for quantum computers. And the progress demonstrated across the industry over the past two years has been remarkable. While we are in the early stages of quantum computing standards development, one thing is very clear: global collaboration among trusted partners will accelerate our path to utility-scale quantum computing. Interoperability, standard terminology or criteria for benchmarking quantum achievements, and frameworks that continue to enable innovation and partnership should all be important focus areas. As we often say, “A rising tide lifts all boats.”
What are some common misconceptions about quantum safety?
Kevin Reifsteck: One of the biggest misconceptions is that becoming quantum-safe is just about replacing one algorithm with another. People don’t realize that quantum-safe encryption algorithms have different performance requirements than public key encryption algorithms do. That can create unique engineering challenges in some situations. For example, computers may need specificized hardware accelerators to run quantum-safe encryption algorithms at scale without slowing down operations. It’s not as easy as switching out some lines of code.
Another misconception is that there is a long time before we really need to worry about quantum safety. If a quantum computer that can break current encryption may not exist until 2035, why do we need to change things now? The reality is that the transition to quantum safety is a complex, multi-step process that will take years. If organizations don’t start now, they may not have enough time to get ready before the threat moves from theoretical to real.
How can organizations figure out where to begin?
Kevin Reifsteck: It’s actually not as daunting as people tend to think. The first step is doing a cryptographic inventory, which means mapping out where and how encryption is used across all your organization’s systems and data. That map shows you where your quantum risks lie and what needs to be replaced by quantum-safe encryption. It’s a critical first step, and it doesn’t require you to understand technical details about the algorithms themselves.
We recommend focusing on the most pressing concern—harvest now, decrypt later—to make the cryptographic inventory more manageable. Organizations should focus on identifying the cryptography that’s protecting data that will be sensitive for 10 years or more. That will help reduce the scope of the task but still allow important progress toward quantum safety.
