“Q-Day”: What risks are computers facing and why there is a “post-quantum” branch of cybersecurity

Cryptography is much more present in our lives than we realize. It is a set of techniques for encoding information so that it can only be accessed by authorized users: a bank transaction, an online purchase, or a WhatsApp message use different protocols to guarantee the security of both parties, whether buyer-seller or sender-receiver.

The average user may not realize this, but a large part of our online lives depends on encrypted information. And, in this hyperconnected world, there's a public-key cryptography algorithm that underpins a large portion of communications and transactions: RSA .

Last week, Google research estimated that while it's still very difficult to break that encryption, it's closer than before. This is due to advances in what's known as post-quantum cryptography , a set of algorithms designed to withstand what quantum computers can do in terms of calculations.

In some ways, global cybersecurity faces a threat that does not yet exist, but is developing at a theoretical level: when quantum computers become powerful enough, they will be able to break some of the most widely used encryption algorithms on the Internet today, such as RSA or ECC ( Elliptic Curve Cryptography , used by apps like WhatsApp).

This is what is known as "Q-Day" (or "Quantum Day") , the name given to the hypothetical moment when a quantum computer is powerful enough to break the security of many of the encryption systems we use today.

These types of issues, among others, will be discussed on June 5 at the Cyber ​​Summit in La Rural, a cybersecurity event focused on the business and industrial world, taking place for the second time in Buenos Aires.

Here, three specialists who will speak at the summit explain what quantum cybersecurity is and why it's generating buzz.

The first point, before talking about quantum cybersecurity, is to remember what the term " quantum " refers to.

“Quantum physics is a scientific discipline that deals with describing how the smallest things work: atoms, electrons, photons, fundamental particles. A special discipline is required because, in this world of the very small, particular phenomena begin to occur , linked to the fact that the objects we want to describe are as small as the tools we use to measure them,” Christian Schmiegelow, PhD in Physics and researcher at the University of Buenos Aires (UBA) and Conicet (Conicet), explains to Clarín .

“In this regime, it's inevitable to consider that the act of measuring necessarily involves altering what is being measured. And with that, something surprising arises: you can't say with certainty where something is or what it's doing before we measure it. Interestingly, this leads to things in the quantum world being able to do more than one thing at the same time. For example, an object can move in two different directions simultaneously,” adds the director of the Ions and Cold Atoms Laboratory.

Under this framework, it's also important to remember that cryptography is a set of techniques designed to protect information so that it's only accessible to authorized individuals. For example, every time a message is sent via WhatsApp, it can only be read by the sender and recipient, not by third parties.

Due to the importance of communications encryption, quantum physics poses a series of problems that are currently being extensively studied in the world of cybersecurity.

“Quantum security is a direct consequence of the quantum properties of elementary particles, particularly polarized photons. It is a set of protocols (rules of use) based on the laws of quantum mechanics that allow us to achieve the main objectives of cryptography: confidentiality , certification of origin, and control of information integrity . All this is achieved because cryptographic protocols can be configured to be invulnerable and absolutely resistant to espionage of information in transit ,” Pedro Hecht, PhD in Biophysics and coordinator of the Master's Program in Computer Security at the University of Buenos Aires, added in an interview with this medium.

Specializing in experimental quantum optics, Schmiegelow explained to this outlet why quantum technology is generating so much interest in the world of cybersecurity.

“In cybersecurity, in particular, there are two key issues. The first is that the only protocol we really know, and that many years of use have proven to be very good and secure—on which virtually all current telecommunications infrastructure is based—is RSA. Now, if one had a powerful quantum computer, one could break RSA cryptographic keys. This generated a huge stir in the environment, although that possibility still seems remote. But it remains a real and important concern,” he said.

“Based on this discovery—which is almost 30 years old—what is known as post-quantum cryptography was developed. These are classical algorithms that, in principle, would not be vulnerable to this type of quantum attack. The problem is that these post-quantum algorithms have been little tested, and no one yet knows for sure how secure they are. RSA, on the other hand, is one of the oldest methods: everyone has tried to break it for decades, and it doesn't seem easy to do so... unless you have a quantum computer,” he continued.

However, practical applications in the current market are limited: “The contribution to industry or to the security of electronic commerce is very limited due to three factors : the technological infrastructure that requires advanced complexity beyond the reach of potential users, there is a high operating cost and it is not directly applicable to physical communication networks such as the Internet,” adds Hecht, who is also a consulting professor of cryptography (FIE-UNDEF).

"It is only justified in special corporate environments, for example, communication links between a bank's headquarters and its branches, provided that cost is not a limiting factor, which is almost inevitable. Clearly, the real solution lies elsewhere: using conventional classical (i.e., non-quantum) cryptography via software," he adds.

“Now, this idea that 'to measure is to alter' also brought a solution to the problem posed by quantum computing: it allows for the development of a new type of cryptography called 'quantum key distribution.' It's a method for establishing a completely secure key between two parties who want to communicate. In principle, it allows for unbreakable communication, since the system continuously 'monitors' whether anyone is trying to intercept the message. And if it detects an intrusion, the transmission is automatically halted,” Schmiegelow continues.

This type of development helps explain the enthusiasm that all things quantum generate in the tech world, beyond the fads or marketing driven by certain companies.

Regarding the current state of quantum security research, he concludes: “Quantum computers are still a long way from being a useful reality. No one rationally believes that a quantum computer capable of breaking RSA will exist in at least the next 30 years . On the other hand, with regard to quantum cryptography, there are already commercial devices that allow for completely secure communications using quantum keys. I wouldn't say they're very well-established, but they do exist. However, they do require specific hardware and usually a specially dedicated fiber optic link to operate.”

While there's a lot of marketing behind this "Quantum Day" idea, the long-term concern has legitimate grounds. What would happen if we had access to a quantum computer that could securely break everything we currently use? How could we send an email without being intercepted? How could we make a banking transaction without it being duplicated?

“With the development of quantum computers (with architectures based on quantum mechanics) and the Shor and Grover quantum algorithms, cryptography as used today to secure Internet communications is either destroyed (public-key cryptography) or significantly weakened (symmetric cryptography). This situation is very serious and will precipitate an upcoming Q-Day (the moment when quantum computers reach this devastating level) , which is expected by the end of this decade. The solution found by the cryptology community is the development and implementation of new algorithms resistant to Shor and Grover attacks, collectively known as post-quantum cryptography,” says Hecht.

"This new cryptography should, in the future (before Q-Day), replace what is used today to encrypt, exchange keys, digitally sign, authenticate origins, certify integrity (that no bits change in transit or storage), and other similar protocols . This will be the software defense against the announced danger," he adds.

Some companies, however, are already using ideas from the world of quantum physics in relation to certain processes. “At Sequre Quantum, we develop quantum technology to strengthen cybersecurity in critical sectors such as defense, finance, and lotteries . Our main product is a quantum random number generator that self-verifies in real time, ensuring that the numbers it produces are truly unpredictable, unique, and private,” Paulina Assmann, PhD in Astrophysics, CEO and founder of Sequre Quantum, tells Clarín.

This is a perspective that attempts to solve a problem in security systems that has to do with how random the starting point of the key to be generated is (what is known as the “seed”).

“This is fundamental because all digital security depends on the quality of randomness. If cryptographic keys can be predicted, even partially, systems are exposed. Our technology uses quantum physics to generate top-quality entropy, and it is already being used to protect critical infrastructure both in the region and internationally,” the specialist concludes.

Under this scenario, while these discussions are largely theoretical in 2025, studies like the one from Google this week prove that, although distant, the post-quantum world will eventually arrive.

By the time Q-Day arrives, systems should be in place to prevent a tech-world mass psychosis like the one that preceded Y2K .