Q-Day - what and when?

Suppose a structural engineer was assigned a project to design a new bridge over a river for carrying vehicular traffic. As one of the first steps, he or she would need to find out what type of load to expect on the bridge to make it strong enough for withstanding the load. So, they go to a traffic manager at the highway department and ask them what is the maximum load to that can be expected. And the traffic manager might say something like, “Well, the largest load that could fit on the bridge would be four full loaded semi tractor trailers and each would weigh 80,000 pounds. So, the MOST LIKELY maximum load on the bridge would be 320,000 pounds.”

So what does the structural engineer do? They will design the bridge with a safety factor to withstand 640,000 pounds of loading to take into account any unforeseen circumstances. What if there were four tractor trailers on the bridge while both a hurricane and an earthquake are simultaneously occurring? The engineer will think about a REASONABLE WORST CASE because they want to make sure that the bridge does not fall down under any circumstances.

We are all aware of the threat to today’s classical public key cryptography that are posed by future quantum computers. An excellent analysis titled 2022 Quantum Threat Timeline Report of when this could occur was published by the Global Risk Institute and authored by Dr. Michele Mosca and Dr. Marco Piani in December 2022. They polled 40 quantum experts on when they thought a powerful quantum computer would be available that could factor a 2048 bit number to break RSA-2048 within a 24 hour period (sometimes referred to as Q-Day). Although the responses varied, almost all the respondents felt that this would not occur within the next 10 years and some felt it might take 20 years or more. If you take an average of the results, you might conclude that the MOST LIKELY date for this to occur would be 2035 or later.

However, if you are a CIO (Chief Information Officer) or CSO (Chief Security Officer) of an enterprise, our recommendation is to think like the structural engineer as discussed in the example above. Rather than basing your planning on the MOST LIKELY date, we suggest you base your planning upon a REASONABLE WORST CASE date. And GQI’s suggestion is to use 2027 as the REASONABLE WORST CASE date in order to fully ensure the safety of your organization’s data against quantum decryption under any circumstances. We think it makes sense to use this date to protect against any unforeseen black swan events which could include new heuristic algorithms, novel quantum architectures that enable scaling to occur much faster than predicted, a major state undertaking a “Manhattan” style project to expedite development, or other new innovations that are not currently on anyone’s radar.

GQI has written a full report titled Quantum Safe ’23 Outlook Report that provides an in-depth of the cryptographic threats posed by quantum computers and the various activities in place to combat these threats. You can learn more about this report and how to obtain it by visiting this web page here.