Quantum computing could be capable of breaking current encryption methods as early as the next five years; yet, implementing protocols capable of withstanding quantum-powered attacks will take 10 to 15 years, and the cost will be high, says Moody’s Investors Service.
In a new report, the rating agency said quantum computing, which will dramatically enhance computing power, poses a dire threat to the encryption methods widely used by governments and businesses today.
“In time, quantum computers will be able to break the asymmetric encryption algorithms we use today, potentially making it possible for users with access to the technology to expose companies’ intellectual property and government secrets,” it said.
Currently, it’s expected that quantum computers will be able to break these algorithms at some point in the next five to 30 years, the report noted. Yet, the threat is more immediate than that, the report said.
“Given the risk that bad actors may harvest sensitive data now to decrypt later, experts recommend swift adoption of quantum-resistant algorithms,” Moody’s said.
In preparation for that eventuality, the U.S. National Institute of Standards and Technology recently issued cryptography standards designed to withstand quantum computing power; however, implementing tougher encryption will likely be a long and costly endeavour, Moody’s said.
“Asymmetric encryption is a long-standing and ubiquitous technology. The overhaul needed to transition to [post-quantum cryptography] will be unprecedented, and is analogous in some respects to shifting power generation away from fossil fuels to sustainable energy sources,” it said.
Given the likely operational challenges, the transition could take 10 to 15 years, the report estimated. While the cost of the transition is hard to forecast, the report compared the challenge to the efforts required to address the Y2K bug, with legacy systems prepared to ensure they could recognize the year 2000 as a valid date.
Moody’s said the estimated cost of preparing for Y2K in the U.S. alone was US$100 billion (US$189 billion in current dollars), with large companies individually spending hundreds of millions of dollars on their own systems.
Additionally, the transition will likely reduce the performance of many companies’ systems.
“Larger encryption key sizes and more complex mathematical operations increase the time it takes to encrypt or decrypt data,” Moody’s said. “The complexity of integrating quantum-resistant cryptography into existing architecture will also require highly skilled [information technology] technicians.”
Regulators and policymakers have begun preparing for these risks.
In its latest risk outlook report, the Office of the Superintendent of Financial Institutions flagged the threat that quantum computing poses to financial industry security, and it included the issue in its latest industry survey on the growing use of artificial intelligence and machine learning.
And earlier this year, the Financial Industry Regulatory Authority completed a consultation on the overall impact of advances in quantum computing on the securities sector, including the looming security threat.