What is Q-Day?

A futuristic circuit board on a dark blue background.
(Image credit: Getty Images)

Q-Day may sound like a cheerful event for Star Trek: The Next Generation fans, but it's actually a day that most cybersecurity experts are dreading. It marks the day when quantum computing advances to the point that it can break the encryption methods safeguarding most of the Internet. These encryption algorithms form the bedrock of the cryptography that secures your banking applications, internet chat rooms, and sensitive data from prying eyes. 

While traditional supercomputers would require millions of years to be able to crack our current encryption algorithms, quantum computing represents a monumental leap in processing power. As a result, our current encryption methods could essentially become obsolete. Thankfully, our brightest minds are well aware this day is on the horizon and have already come up with some innovative solutions that will help safeguard the internet long before Q-Day arrives. 

Read on and I’ll delve deeper into the implications of Q-Day, as well as point out a few steps you should take to protect yourself from this quantum threat.

A futurisic data chip with light emitting from it

(Image credit: Getty Images)

What are quantum computers?

Traditional computers operate using binary data, which means each bit represents either a one or a zero based on the voltage level of a circuit. In contrast, quantum computers use qubits, the basic unit of quantum computing which is a representation of a quantum system. Furthermore, while bits in a classical computer exist in a specific state, a qubit can exist in multiple states simultaneously due to a quantum property called superposition. While qubits can exist in any statistical ratio between the two states of a particular quantum system, it seems that the maximum amount of data that can be transmitted using quantum entanglement is two classical bits worth of data. 

However, when we observe a qubit's superposition, it collapses into a single state, and we lose access to all other information contained within the superposition permanently. Consequently, quantum computers require a fundamentally different programming approach from classical computers to effectively harness their potential processing power. 

Why are quantum computers a threat?

The ramifications of RSA encryption (the encryption system widely used for secure data transmission) being compromised by quantum computing are significant. Not only will systems that rely on RSA encryption—for example web browsers, VPNs and email chats—become vulnerable to snooping and exploitation, but information captured in the past could potentially be decrypted in the future once quantum computing capabilities evolve.  It’s a concept called “Store Now, Decrypt Later”, and it’s been hypothesized that any data encoded using RSA encryption could be intercepted and stored by a third party, then deciphered when quantum computing reaches a sufficient level of advancement. 

It's suspected that intelligence agencies are amassing vast troves of encrypted data in anticipation of Q-Day, when quantum computing matures enough to unlock this encrypted information. At that juncture, powerful quantum computers could potentially access and decrypt the stored intelligence, posing serious security risks and privacy concerns for the average internet user. 

It’s not just the intelligence agencies you’ve got to watch out for, either. For years, the prevailing assumption has been that RSA encryption is unbreakable. Consequently, much of our critical infrastructure, such as banks, power plants,  and hospitals, rely heavily on RSA encryption to make the key exchanges that safeguard their data streams. The ability to decode, intercept, and manipulate this data would pose catastrophic risks.

Consider the potential scenario where quantum technology falls into the hands of a rogue nation or a hacker group. They could exploit it to steal bank account passwords, intercept classified military documents transmitted over the Internet, or even forge information sent to a nuclear power plant. The consequences of such breaches would be severe, to say the least. Clearly, there’s an urgent need for the development of quantum-resistant encryption protocols to mitigate these risks effectively. Thankfully, the National Institute of Standards and Technology is one step ahead.

A concept image of circuit board and CPU generated AI brain.

(Image credit: Getty Images)

The importance of quantum security in the digital age

Quantum-resistant algorithms are designed to remain challenging for both quantum and classical computers to solve in the foreseeable future. However, as quantum computing power continues to advance, what is currently considered quantum-resistant may become more susceptible to decryption. 

On the other hand, quantum-proof algorithms rely on mathematical properties that inherently defend against both quantum and classical-based attacks. Essentially, they represent a distinction between algorithms that are merely very difficult to break for current quantum computers and those that are theoretically impossible to break using quantum computers and classical computers. 

As the field of quantum computing evolves, the development and adoption of quantum-proof algorithms will be crucial to ensuring the long-term security of sensitive information in the face of emerging technological threats.

How quantum computers are changing laws

Many security-conscious organizations have recognized the impending threat posed by quantum computing. The National Institute of Standards and Technology (NIST) has initiated multiple competitions aimed at developing quantum-resistant algorithms, which are now being widely implemented.

In the US, the Quantum Computing Cybersecurity Preparedness Act has been enacted into law. This legislation mandates that federal agencies take stock of their current encryption schemes, identify their systems that are vulnerable to quantum attacks, and transition to quantum-resistant algorithms to brace for the inevitable advent of quantum computing. This proactive approach underscores the seriousness with which the US government regards the imminent challenge posed by quantum computing. 

If the US government is taking it seriously, you should too.

An abstract image of a mirrored tunnel in neon pink and blue

(Image credit: Getty Images)

How to prepare for Q-day

Q-Day represents a significant upheaval for personal security as well as national security. It's prudent to assume that any data transmitted over the Internet using non-quantum-resistant encryption may have been intercepted and stored for future decryption, whether by intelligence agencies or malicious hackers. It’s crucial to realize that the passwords you currently have in use are likely to become vulnerable to exposure when Q-Day arrives.

To mitigate this impact, the first step you should take is transitioning to an offline password manager. This will make it easy to update all of your passwords while ensuring they are unique. Remember, anything you’re transmitting over the internet using RSA is up for grabs: this includes passwords you’re sending to an internet based password manager.

Additionally, opting for a VPN provider that has updated its encryption algorithms to be quantum-resistant, such as ExpressVPN, will significantly bolster security. Signal has already integrated quantum-safe algorithms into its protocol, offering protection against quantum threats to messaging apps like WhatsApp, Telegram, and Facebook Messenger. Moreover, OpenSSL has started implementing pluggable quantum-resistant encryption algorithms into its library, enhancing the security of the TLS 1.3 protocol for encrypting internet traffic.

The challenge posed by quantum computing is somewhat similar to the legacy system updates needed during the Y2K threat. It involves updating outdated and insecure protocols that underpin critical systems. While you can take steps to protect yourself, the process really requires technology vendors to work together to ensure we can boldly go into a post Q-Day world. 

A digital concept image of data being transmitted

(Image credit: Getty Images)

Challenges in developing quantum technology

There are various technologies used to create the qubits essential for quantum computing, each with its advantages and disadvantages. Some systems measure the spin of individual quantum particles, while others observe the energy levels of atoms. Superconducting circuits and photon polarization are also used to represent qubits. 

It’s not clear which approach is likely to become the standard for quantum computing, but the most crucial metric used to compare them is the error rate.

Scalability is a significant issue for quantum systems, as building additional logical qubits is not a linear problem. While logical qubits represent quantum effects from a computer's perspective, the physical qubits that make up logical qubits are susceptible to interference, similar to classical computers. 

In classical computing, algorithms incorporate redundant information to minimize the impact of any factors that may affect the accuracy of the calculations the computer performs. However, in quantum computing, this is primarily achieved by employing numerous physical qubits to create redundancy and lower the error rate. 

Therefore, the challenge in scaling quantum computing lies not only in adding more qubits but also in reducing the error rate in the existing qubits. Many different environmental factors, such as changes in temperature, air pressure, and light can introduce noise that increases the error rate of a quantum system.

A digital image of a glowing sphere emitting data

(Image credit: Getty Images)

What is quantum key distribution?

Quantum-safe Key Distribution (QKD) is a significant challenge in the post-quantum era. One of the winning NIST algorithms, CRYSTAL-Kyber, is expected to be the near-future solution to this problem.

CRYSTALS-Kyber is resistant to attacks from both classical and quantum computers. The primary goal of CRYSTALS-Kyber is to provide secure key exchange and digital signatures, essential components of modern communication and security protocols.

At its core, CRYSTALS-Kyber leverages techniques from lattice-based cryptography. In mathematics, a lattice is a discrete set of points arranged in a regular, grid-like pattern in a multi-dimensional space. 

Lattice-based cryptography relies on the complexity of certain multi-dimensional mathematical problems, such as finding lattice points closest to a target point, which is believed to be computationally hard even for quantum computers. Finding an appropriate set of vectors to easily traverse this space is also difficult to calculate.

In the far future, we might see key distributions use entirely quantum-based effects. Unlike traditional methods of key exchange, Quantum Key Distribution offers a fundamentally secure way to establish cryptographic keys, as it relies on the laws of quantum physics to detect any eavesdropping attempts.

QKD protocols incorporate mechanisms for detecting eavesdropping attempts in real-time. Any attempt to intercept or measure the quantum states of photons during transmission will inevitably disturb their properties, alerting the communicating parties to the presence of an intruder. This ensures the integrity and confidentiality of the exchanged encryption keys.

Digitally generated image of purple glowing futuristic semiconductor, circuit board and fast flowing bits and data transfer

(Image credit: Getty Images)

Q-Day FAQs

When is Q-Day?

There isn't a universally agreed-upon date for "Q-Day". The term "Q-Day" is more of a conceptual milestone rather than an actual date on the calendar. It represents the moment when the cryptographic landscape will be fundamentally altered by the capabilities of quantum computers. 

However, the specific timeline for when quantum computers will reach this level of capability is subject to ongoing research and development. It’s still not widely agreed upon how much computational power is required to deploy the algorithms needed to break RSA, but estimates place Q-Day anywhere between 2030 and 2050.

How long until quantum computers exist?

Quantum computers already exist in a limited capacity, with various companies, research institutions, and governments working on developing and improving them. However, the creation of large-scale, practical quantum computers capable of solving complex real-world problems efficiently remains a significant technological challenge. While progress in the field of quantum computing has been substantial, challenges such as error correction, scalability, and maintaining quantum coherence over extended periods still pose a significant problem for building large-scale quantum computers.

When fully functional quantum computers will be widely available is uncertain, but IBM expects to see widespread quantum computing in enterprise environments by 2030.

Are quantum computers faster than traditional computers?

While quantum computers have the potential for significant speedup in specific tasks, they are not universally faster than traditional computers for all types of computations. Quantum computers excel in solving specific types of problems, such as factoring large numbers, simulating quantum systems, and optimizing complex systems. Classical computers follow deterministic algorithms and perform calculations sequentially, which is useful for a wide variety of computing tasks.

Moreover, quantum computers are still in the early stages of development, and practical, large-scale quantum computers capable of outperforming classical computers for a wide range of tasks remain a long-term goal of research and development in the field of quantum computing.

Sam Dawson
VPN and cybersecurity expert

Sam Dawson is a cybersecurity expert who has over four years of experience reviewing security-related software products. He focuses his writing on VPNs and security, previously writing for ProPrivacy before freelancing for Future PLC's brands, including TechRadar. Between running a penetration testing company and finishing a PhD focusing on speculative execution attacks at the University of Kent, he still somehow finds the time to keep an eye on how technology is impacting current affairs.