This week saw two major announcements in the quantum world. Google launched a new chip, Willow, with bold comparisons against classical systems. Meanwhile, my colleagues at Quantinuum revealed a record-setting entanglement of 50 logical qubits.

Whenever significant quantum news is released, my LinkedIn feed overflows with speculation that RSA and Bitcoin can now be hacked. These lazy interpretations frustrate me. Do people think encryption would be shattered overnight without a large collection of experts saying so?

Philip Intallura wonderfully summarised the collective feeling on my side of the fence:

However, if I put on my Hat of Reluctant Understanding, I recognise the quantum threat is difficult to assess based on sporadic industry announcements. How can you tell if a year full of exciting announcements impacts the date when quantum computers will threaten encryption?

One approach is to periodically consult a large group of experts to see what they think. This is exactly what Michele Mosca does in his annual Quantum Threat Report, which was recently updated for 2024. Mosca’s team has polled dozens of experts since 2019, asking them to estimate when quantum computers will break 2048-bit RSA in less than twenty-four hours.

These experts presumably keep abreast of the latest developments in quantum (at least up until the cut-off point for the report). So their collective answers represent a balanced opinion on how the various announcements contribute towards cryptographic risk.

This year, they assigned a one-in-ten probability that a quantum computer would break RSA in the next five years. The risk steadily rises over the subsequent years, passing the fifty-percent mark at the end of the 2030s.

Does that mean we can heave a collective sigh of relief? Absolutely not!

In the world of cybersecurity, even a ten percent risk is unacceptable. Organizations spend millions each year to squash much smaller risks. And since Mosca’s report is a lagging indicator, it’s best to assume things might have worsened since it was published.

The message remains simple and urgent: take this growing threat seriously and begin your migration planning.

There is no need to panic, and no need to believe RSA has been broken each time you read quantum news. However, the exciting announcements this week show the quantum industry is moving rapidly, and we need to be ready for whatever comes next.

In Other News…

• The Open Quantum Safe project released v0.12 of its quantum-safe library. As of this release, the library now contains FIPS approved versions of both ML-KEM and ML-DSA.

• The Bank of England published a study about using advanced cryptographic techniques (such as zero-knowledge proofs and multi-party computation) to ensure the privacy of digital currency.

• The world of secure enclaves took another battering, this time targeting AMD. A new attack vector allowed attackers with physical access to bypass security mechanisms and expose sensitive data.

• Microsoft is on a mission to move one billion users to passkeys instead of passwords. This blog gives some interesting insights into how they are changing user behaviours.