According to the International Data Corporation, 64 zettabytes of data was floating around the global “datasphere” in 2022. That’s equal to one billion terabytes or one trillion gigabytes. Just one zettabyte would take a billion powerful home computers to store it, and the size of the global datasphere is projected to reach 175 billion ZB in 2025 according to Google. Most of that data is highly sensitive, confidential data from companies, banks, governments, and other high risk sources, but even the security of the average consumer’s data is taken extremely seriously, shown by the exodus of over 30 million users from WhatsApp in 2021 on the rumour that new policies were being introduced that compromised user privacy.

The current industry standard of encryption and cybersecurity is AES, the Advanced Encryption Standard, secure enough to be adopted by the US Government to encrypt its sensitive information. This style of encryption is a symmetric encryption algorithm, where the same key is used for both encryption and decryption. AES operates on fixed block sizes, typically 128-bit, with key sizes of 128, 192, or 256 bits, which determine the encryption strength and complexity. It uses a series of well-defined steps, including substitution, permutation, and mixing of data to scramble the information into an unreadable form. Due to its robustness and efficiency, AES is the default encryption standard for many applications, including secure messaging, financial transactions, and secure network protocols like HTTPS. Its high resistance to cryptanalysis attacks has solidified AES as a global standard for both public and private sector data security.

Another widely used system for encryption is RSA, which is asymmetric and is far more computationally intensive and is mainly used to secure internet messaging. This method relies on the simple principle that most problems that can be easily verified by a problem are not easily solvable. In this case, the problem to be solved is prime number factorisation. The method used by school children to get the prime factors of a number becomes rather inefficient with large numbers, and there is no known efficient method to calculate the prime factors of numbers that are 1024, 2048, or 4096 bits in length. In the RSA system, a public key is released, the largest part of which is the product of two large prime numbers. Anyone can encrypt using the public key, hence its name. However, the private key, required to decrypt the data, requires knowledge of the two prime factors that were originally used. Attempting to brute force a 2048-bit RSA private key, that is to just keep trying numbers until the prime factors were found, with full use of the computational power of Google’s entire data centres, would take approximately 19.8 quadrillion years to render 2048 bit RSA useless using just brute force. This is in the order of magnitude 1000 times larger than the current age of the universe. Needless to say, classical computers are useless against RSA.

However, quantum computers, through algorithms like Shor's algorithm, can potentially factor these large numbers exponentially faster. Researchers at Google have shown that a quantum computer with 20 million qubits could break 4096 bit RSA in just 8 hours. A qubit (or quantum bit) is the basic unit of information in quantum computing, but unlike a classical bit it is not bound to one of two states. A quantum computer can represent multiple states at once, and the number of states it can represent grows exponentially as the number of qubits in the computer grows (2n where n is the number of qubits). We are quite far from a 20 million qubit computer, with IBM’s Condor only have 1,121, but at the current rate of growth it is conceivable that our current methods of encryption might become fully obsolete within 25-50 years, presenting a huge problem for consumers but an even bigger one to governments and security agencies.

Quantum computers are currently far too expensive and finnicky to pose any threat. For example they require a constant supercooled environment of almost 0 Kelvin and can only be produced and maintained by the likes of IBM and Google – huge tech firms with effectively unlimited cash piles for R&D. However, it only takes one breakthrough to render RSA useless, and because of the fact that it is usually used in conjunction with AES to protect information as securely as possible, a quantum computer capable of breaking RSA would not just threaten internet messaging systems, but would pose a severe threat to most modern cryptography. It would be reasonable to assume that a lot of money and research-hours are being poured into contingency plans for post-quantum cryptographical systems, but it seems that most governments are content to live in a fools’ paradise while they encourage Google and IBM to invest in the very technology that might render their security useless. The market for post-quantum cryptography is only worth about 300 million USD, pennies compared to the 2.44 trillion US defense budget, showing where their priorities lie. For now, our data is safe, but if you intend to keep your data and passwords secure in 30 years’ time, perhaps it is worth starting to think about alternatives.