Original source: Outshift by Cisco
This video from Outshift by Cisco covered a lot of ground. 9 segments stood out as worth your time. Everything below links directly to the timestamp in the original video.
Imagine a world where your most sensitive digital information, encrypted for safety, could be instantly readable by cybercriminals. This segment explains how AI and quantum computing could soon make that a reality, transforming the landscape of cyber security.
AI-Enhanced Quantum Cybercrime Threatens Legacy Data
While current quantum computers lack the necessary logical qubits to break modern encryption, the accelerating investment in quantum technology, coupled with the emergence of AI-powered cybercrime, poses a significant future threat. Experts warn that cybercriminals, utilizing readily available remote access to quantum computing resources and AI coding agents, could eventually decrypt sensitive legacy data, leading to a new era of ransomware demands where companies pay to prevent public exposure of their decrypted information rather than to regain access.
The increasing accessibility of quantum computers, even if currently limited in capability, suggests a future where these powerful tools could be leveraged for malicious purposes. The rapid evolution of AI in automating attacks, as seen with recent malware developed by AI coding agents, indicates that the convergence of AI and quantum computing could soon enable sophisticated cyberattacks capable of undermining existing cryptographic defenses. This necessitates proactive measures and adherence to emerging post-quantum cryptographic standards to safeguard against future breaches.
"Future post-quantum bad actors will be able to decrypt the data and ransom companies to pay not to publish the decrypted data."
Governments Accelerate Push for Post-Quantum Cryptography Standards
Governments globally are advancing initiatives to secure digital infrastructure against future quantum threats, with the European Union advocating for hybrid cryptography and agile systems. The National Institute of Standards and Technology (NIST) in the U.S. launched a Post-Quantum Cryptography (PQC) competition in 2016, selecting its first standards in 2022. Concurrently, the UK's National Cyber Security Centre (NCSC) has set ambitious deadlines, aiming for migration goals by 2031 and full PQC adoption across all systems, services, and products by 2035.
These regulatory and standardization efforts underscore the urgency with which nations are preparing for the quantum era, recognizing that current encryption methods like RSA and elliptic curve cryptography will eventually become vulnerable. The push for cryptographic agility—the ability to quickly swap out algorithms as new standards emerge—is central to these strategies, ensuring that organizations can adapt to evolving threats without major disruptions. This coordinated international response highlights the global recognition of post-quantum cryptography as a critical component of future national security and economic stability.
"Government mandates and industry requirements are accelerating the timeline for post-quantum adoption."
RSA 2048 Potentially Vulnerable to Quantum Attack in Under a Week with Under 1 Million Qubits
Recent research indicates that the widely used RSA 2048 encryption standard could be cracked in less than a week using fewer than 1 million 'noisy' qubits. This finding highlights the increasing proximity of a quantum threat to modern cryptography. Post-quantum cryptography primarily relies on complex mathematical structures known as lattice problems, such as learning with errors, short vector problems, and closest vector problems, which are believed to be resistant to quantum attacks.
While a 6-bit elliptic curve was broken in 2025 as a demonstration, illustrating the practical application of quantum algorithms, the new estimate for RSA 2048 significantly reduces previous projections for the necessary qubit count. This accelerating timeline for breaking current encryption standards underscores the urgent need for organizations to transition to post-quantum cryptographic solutions. The security of data encrypted today could be compromised by future quantum computers, making immediate action crucial for long-term data protection.
"RSA 2048 could be cracked in under a week with a fewer than 1 million noisy qubits."
Quantum Computing Threatens Current Cryptographic Standards with Rapid Decryption
With the theoretical development of quantum computers capable of approximately 4,000 logical qubits, widely used cryptographic standards such as RSA, Diffie-Hellman, and elliptic curve cryptography could be compromised within hours or days. These estimates refer to logical qubits, which are far more stable and error-corrected than the physical qubits currently available, but the potential impact is severe.
Furthermore, Grover's algorithm, another quantum computing technique, significantly reduces the effective key strength of symmetric encryption like AES. For instance, an AES 256-bit key would effectively be reduced to the strength of a 128-bit key under a Grover's attack. This reduction in security highlights the broad and imminent threat that quantum computing poses to current encryption protocols, necessitating a transition to quantum-resistant cryptographic solutions.
"If we have around 4,000 logical qubits, so it's around one day from one hour to one day, depends on different algorithm."
Security Teams Urged to Prepare for Quantum Cryptography Shift
Security teams are being advised to proactively prepare for the transition to post-quantum cryptography (PQC) by educating themselves on emerging threats and solutions. Key steps include identifying and upgrading legacy hardware and software systems, ensuring cryptographic agility to rapidly swap algorithms, and creating a comprehensive inventory of all cryptographic assets and key distribution solutions. This preparation is critical given the impending vulnerability of current encryption methods to quantum attacks.
Some organizations are prioritizing the PQC readiness of outbound traffic, for example by upgrading to TLS 1.3, to immediately reduce their vulnerability to external threats while simultaneously working on internal system updates, which often require more time and resources. This phased approach allows companies to mitigate immediate risks while developing a comprehensive long-term strategy for internal infrastructure, highlighting a pragmatic path towards a quantum-secure future.
"Some companies choose the way where they identify assets that are not PQC ready and define a roadmap to update it."
NIST Finalizes Lattice-Based Encryption Standards for Quantum Resistance
The National Institute of Standards and Technology (NIST) has advanced several lattice-based encryption algorithms as finalists for post-quantum cryptographic standards, including ML-KEM, ML-DSA, and SLH-DSA. These new algorithms are designed to withstand attacks from quantum computers, fundamentally differing from traditional elliptic curve cryptography (ECC) in their mathematical basis. ML-KEM, for instance, uses significantly larger key sizes, ranging from one to two kilobytes, compared to ECC's typical 256-bit keys.
A crucial element of ML-KEM's security lies in the use of randomness to generate an error vector, often referred to as 'noise,' which effectively hides the secret from attackers. This noise prevents an adversary from using simple linear algebra to solve the encryption equation, a vulnerability present in ECC that quantum computers could exploit. The larger key sizes and the integration of noise are fundamental to the quantum resistance of these new standards, representing a significant shift in cryptographic design.
"In ML-KEM, randomness is used to generate noise, so this error vector E, this hides the secret."
Quantum Algorithms Shor's and Grover's Pose Imminent Threat to Current Encryption
Shor's algorithm, invented in 1994, offers an exponential speed-up in computation, primarily targeting public-key cryptography systems like RSA, Diffie-Hellman, and DSA. Experts project that quantum computers reaching approximately 1 million physical qubits could break RSA encryption, rendering these widely used protocols vulnerable. In contrast, Grover's algorithm provides a quadratic speed-up, specifically impacting symmetric key algorithms such as AES by reducing their effective key strength.
While current quantum computers possess around 1,000 physical qubits, far from the estimated 1 million needed to break RSA, the rapid pace of quantum development suggests that these threat levels are becoming increasingly relevant. Projections indicate that Diffie-Hellman 2048-bit encryption could be compromised within hours or days with around 4,000 logical qubits. This underscores the urgent need for a transition to post-quantum cryptography to secure digital communications and data against future quantum attacks.
"If we can assume that quantum computers can achieve around 1 million physical qubits, it can break RSA."
OpenSSL 3.5 Integrates Quantum-Resistant Cryptography
OpenSSL 3.5, the latest version of the widely used cryptography library, now supports post-quantum cryptography (PQC) algorithms such as ML-KEM and ML-DSA. These new algorithms fundamentally differ from traditional methods by incorporating randomness to generate 'noise' or an 'error vector,' which is crucial for hiding secrets and preventing attacks based on linear algebra. This approach ensures that even if an attacker gains access to the encrypted data, they cannot easily solve the underlying mathematical problems.
In contrast, traditional cryptographic systems, particularly those relying on elliptic curve cryptography, often use pseudo-random number generators. These deterministic algorithms produce predictable sequences of numbers, making them vulnerable if an attacker can discover the generation algorithm and reproduce the sequence. OpenSSL 3.5's integration of PQC algorithms, which source noise from high-entropy sources, marks a significant step towards securing digital communications against future quantum computing threats.
"In ML-KEM, randomness is used to generate some noise, it's our error vector E, that hides the secret."
Quantum Randomness Crucial for Post-Quantum Cryptography Development
Many post-quantum cryptography (PQC) algorithms rely heavily on quantum random numbers to ensure their security. Projects like Open Quantum Safe are actively developing and prototyping quantum-resistant cryptography, providing open-source libraries that support this transition, often integrating with widely used tools like OpenSSL. These initiatives are vital for building cryptographic solutions that can withstand attacks from future quantum computers.
Major technology companies are also advancing in this field; Google, for example, has announced quantum-safe digital signatures within its Cloud Key Management Service (KMS). Additionally, specific projects are focusing on integrating quantum-resistant cryptography into embedded systems, such as ARM Cortex M4 processors, commonly found in IoT devices, industrial control systems, and medical equipment. These developments highlight a growing ecosystem dedicated to implementing robust, quantum-resistant security across various technological domains.
"Google announcing quantum safe digital signatures in Cloud KMS."
Also mentioned in this video
- The agenda for the presentation, which includes discussing quantum computers,… (0:30)
- Three types of quantum computers (1:14)
- The most capable quantum computer is IBM Condor with 1,121 physical qubits,… (2:59)
- Simultaneously. (3:38)
- Qubit growth estimations, showing projections for the number of qubits needed… (9:46)
- Cisco offers a quantum random number generator leveraging quantum mechanics to… (25:08)
Summarised from Outshift by Cisco · 32:46. All credit belongs to the original creators. Streamed.News summarises publicly available video content.
