- What is the development timeline of a quantum computer with sufficient capability to attack public key cryptography (PKC)?
- What is the timeline for the standardization and adoption of new PKC that is not vulnerable to quantum computing?
The world is waiting for the first quantum computers, which are expected to revolutionize computing. Their unprecedented power may also enable them to crack the digital encryption system upon which the modern information and communication infrastructure depends. By breaking that encryption, quantum computing could jeopardize secure communications, financial transactions, and the support system for the global economy.
The authors of this report explore those risks by assessing, first, how quickly quantum computers are likely to be developed; second, how quickly encryption that can withstand attacks by quantum computers, or postquantum cryptography (PQC), is likely to be standardized; and third, how quickly and widely PQC will be adopted. The analysis concludes that the threat to the security of the modern communications infrastructure is urgent but manageable, and the authors offer recommendations to the U.S. government for responding.
There is already a race among nations and corporations attempting to develop quantum computers (primarily in the United States, China, and the European Union), and many expected commercial applications are unrelated to cryptography. Quantum computers capable of undermining current cryptography are likely at least a decade off, but they are already introducing risks, and these risks will grow over time.
To assess these timelines and associated risk, the authors undertook a mixed-methods approach consisting of a literature review, a review of expert opinion, and a broad consumer survey to assess the likely events, risks, and uncertainties and recommend appropriate policies and risk-mitigation actions.
Expert predictions of the advent of quantum computers vary widely
- Quantum computers capable of cryptographic applications are expected, on average, to be approximately 15 years away — roughly 2033. However, experts assess that both earlier and much later development are possible.
PQC standards are only a few years off, but implementation might happen too slowly to avert security losses
- Standard protocols for PQC are expected to be drafted and released within the next five years. However, the transition necessary to implement the standard protocols and mitigate the vulnerability from quantum computing is expected to take decades.
- If adequate implementation of PQC has not taken place by the time capable quantum computers are developed, it may become impossible to ensure secure authentication and communication privacy without major, disruptive changes to our infrastructure
Consumers' low awareness of quantum computing risks makes them unlikely to demand protective policy changes
- Consumers have low awareness of quantum computing generally, as well as low awareness of the risks associated with its advent. This is true across demographics, even among the most informed age group, 18-to-35-year-olds.
- Consumer responses to the potential threats of quantum computing show logical consistency &mash; the more proximate the threat, the greater the response
- Nevertheless, the lack of consumer awareness of quantum computing and associated risks implies that consumers will likely not be the primary drivers for policy change on this issue. As a result, federal leadership will be needed to advocate for consumer protection.
- Take actions to spur a robust adoption of PQC as soon as possible. Widespread, adequate transition to PQC will be the most effective means of mitigating risk from quantum computers. Moreover, the sooner an interoperable standard for PQC can be widely implemented, the more the eventual risk will be diminished.
- Build cyber-resilience and cryptographic agility into the digital infrastructure. As security implementations are adapted in response both to constantly evolving current threats to our critical infrastructure and to future threats, such as quantum computing, we should consider how to make new security implementations more agile. The systemic changes needed to transition to PQC offer an opportunity to implement structural improvements in the use of cryptography in communication and information systems that could improve our ability to respond to both current and future cyber threats.
- Prepare for an uncertain future. Timelines for quantum computing development are still very uncertain, but an uncertain future need not be a less-secure future. Communications to the public on risk from quantum computers should seek to find a middle ground between exaggeration of the threat and a reckless disregard of the real risk. The United States has solutions to mitigate the risk, and even the worst-case scenarios will not result in the end of digital information security. In best-case scenarios, worldwide cybersecurity could improve.
Funding for this philanthropically supported research was provided by gifts from RAND supporters and income from operations. The research was conducted by the Center for Global Risk and Security within International Programs.
This report is part of the RAND Corporation research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.
Permission is given to duplicate this electronic document for personal use only, as long as it is unaltered and complete. Copies may not be duplicated for commercial purposes. Unauthorized posting of RAND PDFs to a non-RAND Web site is prohibited. RAND PDFs are protected under copyright law. For information on reprint and linking permissions, please visit the RAND Permissions page.
The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.