Quantum computing poses a threat to data; the race towards Q-day is on

A quantum computer capable of breaking the encryption that protects bank transactions, business plans, energy infrastructure, health data, public records and military secrets does not yet exist. And yet, we should already be concerned about it. Because encrypted information and communications intercepted today may be decrypted tomorrow, when a sufficiently powerful quantum machine is capable of breaching the mathematical shield that protects them. Right at this very moment, hackers, criminal organisations, secret services, states or competing industries may already be at work implementing the ‘harvest now, decrypt later’ strategy: collect today, decrypt tomorrow.

This ‘tomorrow’ has a name: it’s called Q-Day – the day that will mark a watershed between the ‘before’ – a world protected by classical cryptography – and the ‘after’ – a world that can only be considered secure if it adopts post-quantum cryptography systems.

The stakes are extremely high. According to a study by the Hudson Institute, a US think tank, a hypothetical quantum attack on the Fedwire funds service – the system managed by the Fed that enables banks, financial institutions and government agencies to transfer funds in real time and with complete security – could, on its own, cause damage and losses amounting to 2,000 billion dollars. At present, it is not possible to pinpoint exactly when ‘Q-Day’ will arrive. The quantum computers available today are still a long way from having the scale, stability and error-correction capabilities needed to pose a genuine threat to current cryptographic systems. However, the threat is growing along two fronts: on the one hand, the hardware, stability and capabilities of quantum computers are improving; on the other, the computational resources required to carry out an attack are decreasing.

Q-Day will occur at the point where these two curves intersect. Most experts estimate that this day could arrive as early as 2030, with a probability of between 5 and 15 per cent, rising to 50 per cent by 2035. These figures should be treated with caution, not as a prophecy. However, even a limited probability becomes significant when essential services, information assets and strategic infrastructure – which cannot be reconfigured overnight – are at stake.

In this scenario, the timeline for the transition to post-quantum cryptography becomes a decisive factor. To understand this, the so-called ‘Mosca theorem’ – named after the researcher Michele Mosca – is useful. It is based on the principle that the risk of a security system being breached becomes a real possibility when the time required to migrate security systems, added to the period during which the data must remain confidential, exceeds the estimated time remaining until the arrival of a technology capable of breaching those very systems. To put it another way, and considering the most widely accepted scenario – namely, a 5–15 per cent probability that ‘Q-Day’ will occur by 2030: if a government currently holds sensitive data whose confidentiality must be guaranteed at least until 2030 and anticipates that the migration of its security systems to post-quantum cryptography will take more than four years, its data is already at risk. The organisation is already vulnerable. The ‘theorem’ demonstrates that waiting until Q-Day to adapt means being certain to be too late.