What changes when quantum computers arrive?
Sushmita Ruj, Faculty of Engineering Lead at the UNSW Institute for Cybersecurity, IFCYBER and Associate Professor at the School of Computer Science and Engineering (CSE), UNSW, Sydney, says that not all quantum machines pose a threat to current encryption methods.
“Cryptographically relevant quantum computers have the power to break currently used public key algorithms like RSA and ECDSA, which are the backbone of many communication protocols and secure applications. Much of the encryption today relies on algorithms like RSA and These will no longer remain secure.”
Post-quantum cryptography is essentially a new way of ‘locking up’ information so that even quantum computers – very powerful future computers – won’t be able to gain access to it. The encryption and authentication algorithms used to keep data safe today – RSA and other common public key algorithms, for example – work well against conventional computers but could be easily cracked by more advanced quantum computers.
“This has a significant impact on personal data, such as health records and credentials, as well as sensitive government and corporate information,” says Ruj.
Public-key systems such as RSA and ECC underpin secure web browsing, digital signatures, authentication protocols, and secure data exchange across supply chains. If broken, the impact would extend across providers, customers, and global digital ecosystems.
Ruj says that although the exact timeline for deploying this new technology remains uncertain, the direction is clear. “With the advancement of quantum computing, the risk is pretty high. Though we might not have cryptographically relevant quantum computers for another five to 10 years, the transition process is so slow that if we don’t start now, then it will be hard to change to quantum-safe systems overnight,” she says.
“To give some numbers, currently, we have quantum computers with a little more than 1,000 qubits; a cryptographically relevant quantum computer might potentially need around a million qubits to break RSA-2048 [a very large digital key that is extremely difficult to crack].”
The implication for risk management is significant. Even if cryptographically relevant quantum computers are years away, sensitive information encrypted under current systems today could be exposed in the future.
