Quantum computing involves the use of quantum phenomena such as superposition. Quantum computers use ‘qubits’ instead of bits: while bits can be either a 0 or a 1, a qubit can represent 0, 1, or any superposition of these two states. Although quantum computers remain in early stages of development, in theory, a quantum computer could perform calculations exponentially faster than a classical computer.

Last year, Google claimed to have achieved a milestone in quantum computing: quantum supremacy. This refers to the point at which quantum computers have the ability to perform calculations which would be impossible using classical computers.

The new report assesses how quickly quantum computers could be developed, how this could compromise current encryption, and how quickly new encryption methods could be made in response.

There is already an international race to develop quantum computers, primarily between China, the US, and the EU, with applications ranging from research (such as complex molecular and climate simulations) to cryptography. The report estimates that quantum computers capable of cryptographic applications are expected to appear around 2033.

It is widely acknowledged that the arrival of these quantum computers will pose a serious risk to modern communications infrastructure, which relies on asymmetric encryption. The RAND corporation expects that this threat is “urgent but manageable”.

According to the report, the security risks can be managed if governments act quickly with centrally coordinated national approaches.

“If adequate implementation of new security measures has not taken place by the time capable quantu computers are developed, it may become impossible to ensure secure authentication and communication privacy without major, disruptive changes,” said Michael Vermeer, lead author of the report and RAND scientist. “The US has the means and very likely enough time to avert a quantum disaster and build a safer future, but only if it begins preparations now.”

Standard protocols for postquantum cryptography – the use of cryptographic algorithms resistant to attacks from quantum computers – to maintain current levels of security are expected to be drafted and published within the next five years. But the implementation of these new protocols and mitigation of the vulnerability from quantum computing could take decades.

If the US acts in time with appropriate policies, risk reduction measures, a whole-government approach and “collective sense of urgency”, it could have the opportunity to build a future communications infrastructure which is even safer than it is currently, the report says.

“The advent of quantum computers presents retroactive risk because information being securely communicated today without postquantum cryptography may be captured and held by others now in order to be decrypted and revealed later once quantum computers are created,” said Evan Peet, a co-author and RAND economist. “This presents a vulnerability that urgently needs to be addressed.”

Quantum computing involves the use of quantum phenomena such as superposition. Quantum computers use ‘qubits’ instead of bits: while bits can be either a 0 or a 1, a qubit can represent 0, 1, or any superposition of these two states. Although quantum computers remain in early stages of development, in theory, a quantum computer could perform calculations exponentially faster than a classical computer.

Last year, Google claimed to have achieved a milestone in quantum computing: quantum supremacy. This refers to the point at which quantum computers have the ability to perform calculations which would be impossible using classical computers.

The new report assesses how quickly quantum computers could be developed, how this could compromise current encryption, and how quickly new encryption methods could be made in response.

There is already an international race to develop quantum computers, primarily between China, the US, and the EU, with applications ranging from research (such as complex molecular and climate simulations) to cryptography. The report estimates that quantum computers capable of cryptographic applications are expected to appear around 2033.

It is widely acknowledged that the arrival of these quantum computers will pose a serious risk to modern communications infrastructure, which relies on asymmetric encryption. The RAND corporation expects that this threat is “urgent but manageable”.

According to the report, the security risks can be managed if governments act quickly with centrally coordinated national approaches.

“If adequate implementation of new security measures has not taken place by the time capable quantu computers are developed, it may become impossible to ensure secure authentication and communication privacy without major, disruptive changes,” said Michael Vermeer, lead author of the report and RAND scientist. “The US has the means and very likely enough time to avert a quantum disaster and build a safer future, but only if it begins preparations now.”

Standard protocols for postquantum cryptography – the use of cryptographic algorithms resistant to attacks from quantum computers – to maintain current levels of security are expected to be drafted and published within the next five years. But the implementation of these new protocols and mitigation of the vulnerability from quantum computing could take decades.

If the US acts in time with appropriate policies, risk reduction measures, a whole-government approach and “collective sense of urgency”, it could have the opportunity to build a future communications infrastructure which is even safer than it is currently, the report says.

“The advent of quantum computers presents retroactive risk because information being securely communicated today without postquantum cryptography may be captured and held by others now in order to be decrypted and revealed later once quantum computers are created,” said Evan Peet, a co-author and RAND economist. “This presents a vulnerability that urgently needs to be addressed.”