Why You Should All Be Worried About Q-Day And The Collapse Of Digital Security

Quantum computers are advancing fast, and with them comes the looming threat of Q-Day, a moment when encryption could be shattered and digital security collapse.
Adobe Stock
Imagine waking up one morning to find that there’s no such thing as privacy or secrets anymore.
Suddenly, it’s no longer possible to verify that any digital transmissions, from money transfers to telephone calls, are genuine. Which means they can’t be made.
Without the digital encryption that secures our digital world, everyone from hostile foreign states to terrorist cells can access government and military information, as well as our personal health records and bank accounts.
It sounds like the premise for a disaster thriller, but the threat is very real, and according to proponents of a theory known as Q-day, it could be on us sooner than we think.
Q-day is a term used in cybersecurity talk to mark the moment when quantum computers become powerful enough to easily smash through the cryptographic protection that secures every piece of sensitive information stored online.
And while still hypothetical, the threat is considered to be very serious by governments, corporations and security experts, who are investing heavily in finding a solution.
So, how worried should we be? Let’s take a look at the evidence, what experts are saying, and what we can do to make sure we’re prepared.
What’s So Scary About Q-Day?
Encryption involves taking one piece of information and transforming it into another by following an algorithm that can later be reversed when the information needs to be decrypted.
That information could be the data your computer or phone downloads from the internet, or the instructions you send to your bank when you transfer money.
It’s secured using a “key” (code) that only those with the right to access the information have. But if someone else can guess it, or work it out mathematically by comparing the difference between encrypted and decrypted data, they can crack the encryption.
So far this has been impossible, because the mathematics would take a classical (non-quantum) computer an impractical amount of time to solve, as in 3 trillion years impractical.
In 1994, however, mathematician Peter Shor showed that eventually a powerful enough quantum computer might crack it in a matter of seconds. At the time, this was pure science fiction. Today, quantum computers are a reality, and their power is increasing by the moment.
Q-day is considered to have enormous geopolitical significance. There’s no way to know yet what form state-sponsored attacks against encryption could take. But theoretically, it could involve an aggressive nation deploying it militarily against a rival’s banking, healthcare, telecoms or defense infrastructure.
On top of this, most of the systems we rely on day-to-day to protect our privacy and security would become worthless. Everybody could be tracked through their phone signal, and bank and cryptocurrency accounts could be plundered on a whim.
In reality, it’s probably more likely that those systems would simply stop working, causing economies to crash and society to descend into chaos!
Even shutting systems down wouldn’t be enough to protect data that’s already out there. Malicious actors are already engaging in “harvest now, decrypt later” attacks, storing huge quantities of stolen encrypted data for a time when it can be decrypted.
Estimates vary as to how long we have. Google thinks it could happen by 2029, while Adi Shamir—one of the cryptography experts behind the development of RSA encryption—believes it’s at least 30 years away.
But everyone agrees that it’s coming, sooner or later, so what’s being done about it? And just as importantly, what do we as individuals need to know if we want to take personal responsibility for our future safety?
Quantum-Safe Cryptography
With a threat of this scale, it makes sense that governments, militaries, and corporations aren’t simply sitting around waiting for the apocalypse to happen.
In the U.S., the problem is recognized at the top level, with former President Biden signing a national security memorandum in 2022 prioritizing the development of quantum-safe technology.
Companies like Cloudflare that are responsible for security across large swathes of the internet are also adopting post-quantum cryptography. At the same time, banks and financial service companies are well aware that the threats are particularly challenging for them. HSBC, for example, recently demonstrated a quantum-safe method for trading digital assets.
How exactly does quantum-safe technology work? Well, like everything quantum-related, it’s a hugely technical subject that requires a PhD in physics to fully understand.
But one technique, known as Quantum Key Distribution, involves sending keys as photons (light particles) that will alert the owner if anyone attempts to intercept and measure them. This is due to one of the peculiar quirks of quantum mechanics that shows simply measuring particles can change them!
It’s important to remember, though, that we can still play a part in ensuring the safe transfer of digital information, even if we aren’t quantum scientists working directly on solving the problem.
Consumer manufacturers are starting to roll out quantum-safe versions of the tools and apps we use in everyday life, such as Apple’s PQ3 protocol that protects its iMessage system; as, too, are VPN service providers, which are starting to upgrade their internal security.
So while it might be too late to ensure that data encrypted before the arrival of QSC and QKD never falls into the wrong hands, we can ensure the data being created today will be as safe as possible.
So, Should We Be Worried?
Will all of this be enough to head off the predicted cyber-apocalypse of Q-Day?
Well, what we know for sure is that it’s still being treated as a very real and serious threat. Technological workarounds are emerging, but in reality, there will probably be no way to know for sure how effective they will be until Q-Day arrives.
Rather than worry, the best advice is to start getting prepared. This involves long-term planning and auditing your own requirements around data security, particularly around data that has to be stored for a long period of time.
If you run a business and its success or survival is dependent on its ability to keep data safe (as is true for most companies), then it’s a threat that can’t be ignored.
But individuals should also take the opportunity to reflect on how important data protection and privacy are when it comes to keeping us safe, so we’re also prepared for what’s on the horizon.