Quantum computers will break currently deployed public-key cryptography (RSA, ECC, Diffie-Hellman, etc.) which is one of the pillars of modern-day cybersecurity. Thus, we need to migrate our systems and practices to ones that cannot be broken by quantum computers before large-scale quantum computers are built. First, I will give an update on the “quantum threat-timeline”. Impressive progress in developing the building blocks of a fault-tolerant scalable quantum computer indicates that the prospect of a large-scale quantum computer is a medium-term threat. In November 2019, I estimated a 1/5 chance of breaking RSA-2048 within a decade. In a 2020 Global Risk Institute survey of 44 global leaders in quantum computing, 11/44 felt breaking RSA-2048 within a decade was “about 50%” or “>70%” likely. Has anything of practical relevance happened in the past 12 months? Is the threat getting closer, or has progress stagnated? Second, I will overview the state of affairs on the threat mitigation and practical short-term steps that organizations can take now. This includes an overview of soon-to-be-released “quantum-safe best practices” by the Quantum Working Group of the Canadian Forum for Digital Infrastructure Resilience, and other ongoing work worldwide that is facilitating the evolution to digital infrastructures designed to be safe against quantum-enabled attacks. This will include a discussion about the state of post-quantum cryptography as well as commercial grade quantum key agreement.
