Quantum computing has been around for a while now, with the first prototype and commercial machines hitting the market more than a decade ago. But now, thanks to rapid advances in quantum computing approaches, the time has arrived for companies to begin to prepare for the impact of quantum computing on application encryption technologies.
What is Quantum Computing?
To understand quantum computing, we start by recalling its predecessor. Traditional computing encodes data via binary digits (bits) where each bit is encoded as a 0 or 1, and multiple bits are strung together to encode ever-more-complex data structures. However, the building block – the bit – is in one of two states. It is either in a 0 state or a 1 state. The block next to it is in a 0 state or 1 state, and it’s the sequence of eight single-state bits that comprises a byte. A different sequence of eight bits means a different byte, and the more unique eight-bit sequences required to encode data, the larger the number of bytes required.
A quantum bit, or qubit, is a bit in a quantum state. So instead of being in a 1 state or a 0 state, it can be in either. So a qubit has more storage that a classic bit, and the greater volume of information stored in that bit can exist in multiple states at the same time. This allows a quantum computer to conduct large numbers of simultaneous calculations, drastically increasing computing capability compared to binary computers. Quantum computing also offers the potential for exponential growth in processing power as more qubits are added to a quantum computer. (See Wikipedia's quantum computing entry for a more thorough discussion of the physics of quantum computing.)
Threats to Encryption
Because of this massive increase in computing power, quantum computing has the potential to break existing encryption algorithms. At an HP Analyst event that I had the opportunity to attend last year, one speaker noted that the belief among encryption experts is that it is only a matter of when, not if, quantum computing breaks existing cryptography, with some experts predicting that this could happen as soon as the early 2030s.
While quantum computing is still in its infancy, and large-scale commercial quantum computers are not yet viable, work continues by universities, private companies such as Google, IBM, and Microsoft, as well as by government-funded efforts to advance quantum computing capabilities and solve several problems that currently limit their usefulness. It’s not hard to see how nations would see the value of investing in quantum computing from a national security perspective, for both protecting their own data as well as potentially gaining access to rival country data.
Countering the Threat
Efforts have been underway on a variety of fronts to combat the threat of quantum computing to existing encryption approaches. Here in the US, the National Institute of Standards and Technology (NIST) under the Department of Commerce, has been hard at work defining ways to protect encryption from the power of quantum computing. In 2022 NIST announced its first standards for quantum-resistant encryption, which it updated in 2023. One of these standards, CRYSTALS Kyber, is gaining traction in the marketplace and was integrated into Google Chrome in April 2024. In May, Zoom announced the first implementation of Kyber in the communications and collaboration world, initially to protect Zoom Meetings from quantum decryption attacks, with plans to extend the capability to Zoom Phone and Zoom Rooms. Also in May, Bloomberg reported that the US government would soon issue standards requiring government contractors to use quantum-resistant encryption for systems supporting sensitive government computing projects.
The basic idea of these quantum-resistant, or post-quantum encryption approaches is to only make encryption keys available between parties wishing to communicate with one another. This means that a rogue attacker wouldn’t have access to key pairs, and thus wouldn’t be able to use the power of quantum computing to decrypt them. Kyber standards define multiple levels of security, with both Google and Zoom implementing Kyber768, which NIST defines as security level 3 on a 5-tier classification system (one being the lowest security level, 5 being the highest).
What Should IT Leaders Do?
Fortunately, given the current state of quantum computing development, companies have some time to implement quantum-resistant computing. In Metrigy’s recent Workplace Collaboration and Contact Center Security and Compliance: 2024-25 global study of 338 organizations, we found that just 18.1% assess their workplace collaboration vendors’ support for quantum-resistant cryptography. We expect this number to increase as awareness grows of quantum computing threats, and as collaboration vendors accelerate the introduction of post-quantum encryption technologies.
At this point in time CTOs and CSOs should be directing their teams to become engaged with their communications and collaboration vendors to better understand their roadmaps for implementing post-quantum encryption into their applications and devices. Plan to test and implement solutions as they become available.
—--------
About Metrigy: Metrigy is an innovative research and advisory firm focusing on the rapidly changing areas of workplace collaboration, digital workplace, digital transformation, customer experience and employee experience—along with several related technologies. Metrigy delivers strategic guidance and informative content, backed by primary research metrics and analysis, for technology providers and enterprise organizations