With forecasts that quantum computers could be commercialized in as little as 5 to 10 years, quantum security is drawing attention. Corporations are accelerating the development and deployment of related security solutions to prepare for the so-called "Q-day," when quantum computers—whose theoretical computing speed is 10 million times faster than supercomputers—could neutralize existing cryptographic systems.
◇ Existing public-key cryptography could be broken in a short time
As of the 22nd, according to the related industry, momentum is building behind the view that commercialization will come earlier than expected as big tech corporations have recently stepped up quantum computer development. Peter DeSantis, Amazon's chief AI officer (senior vice president), said this month that "a small commercial quantum computer will appear within 5 to 7 years." Google said commercialization of quantum computers would be possible within five years, and Microsoft (MS) and IBM projected they could develop commercially usable quantum computers by 2029.
The problem, experts warn, is that once quantum computers reach a stage where they can be practically used, the existing cryptographic systems now used in finance, telecommunications, and the public sector could collapse. The widely used public-key cryptographic systems (RSA, ECC) are based on the integer factorization problem. Using the principle that factorization becomes harder as numbers grow larger, it would take from thousands to, at the long end, more than 1 million years for existing computers to decrypt. Quantum computers use qubits (qubit, the basic unit of quantum information) to calculate 10 million times faster than supercomputers, allowing them to break public-key cryptography in a short period.
Hackers are pursuing a "harvest now, decrypt later (HNDL)" plan—stealing encrypted data that cannot be decrypted with current technology, storing it in advance, and decrypting it after quantum computers are released—so experts stress the need to prepare for the coming "Q-day" threat. Until now, even when data was stolen through hacking, it was safe because it could not be decrypted, but once quantum computers are commercialized, the leak of sensitive information such as military secrets and semiconductor technology could cause damage to spiral out of control.
A representative of Palo Alto Networks, the world's largest cybersecurity corporation, said, "Data with retention value of more than 10 years, such as various state secrets, medical records, and financial contract information, is exposed to the threat of hackers' 'harvest now, decrypt later' even at this very moment," adding, "If you respond after Q-day, it will be too late, so preparations must begin right now."
◇ Governments and corporations move to prepare for "Q-day"… France to tighten certification starting next year
As the "harvest now, decrypt later" threat grows with the advent of quantum computers, governments and corporations in major countries have begun building defenses. The French government has moved to phase out existing cryptographic systems. Last week, the National Cybersecurity Agency of France (ANSSI) announced it will stop certifying security products that do not apply so-called "quantum-safe" technologies capable of withstanding quantum computer–based attacks, such as post-quantum cryptography (PQC), starting next year. Corporations and government agencies must adopt only quantum-safe products by 2030. The United States, the United Kingdom, and Korea also said they would convert national cryptographic systems to PQC-based ones by 2035.
Post-quantum cryptography (PQC) is a next-generation encryption technology that uses mathematical algorithms that are difficult to solve even with quantum computers to protect data. According to market research firm Technavio, driven by efforts by governments and corporations to proactively respond to potential security threats posed by the arrival of quantum computers, the global PQC market is expected to grow at an average annual rate of 43.4% to reach $3.42 billion (about 4.7 trillion won) by 2030.
Global corporations are also taking the lead in the transition to PQC. Palo Alto Networks launched its Quantum Safe Security solution early this year to help corporations transition servers, apps, and certificates to PQC, and Fortinet has embedded state-of-the-art PQC technology across its FortiOS firewall operating system. Cloudflare, which handles about one-fifth of the world's internet traffic, is applying PQC at scale across internet infrastructure and has set a goal of transitioning its entire product line to quantum-safe by 2029. The French defense corporation Thales is integrating PQC functions into its key management systems for defense cryptographic keys (values used for data encryption and decryption).
In Korea, Genians is developing foundational next-generation quantum security technology. The goal is to create a composite security architecture by integrating PQC technology into its existing zero trust network access (ZTNA) solution and embedding a high-performance key management system (KMS) that safely controls the entire lifecycle of cryptographic keys. A company representative described it as "next-generation zero-trust security technology that protects corporations' network perimeters from the high-speed computational hacking threats of quantum computers."
Raonsecure has moved to seize the financial sector's quantum security market by promoting KeySharp Crypto, a software-based cryptographic modularization solution that makes it easy to apply PQC. Last month, it signed a PQC solution supply contract with KDB Life Insurance, and it recently completed a pilot applying PQC-based segment encryption security to Korea's first open medical data platform at Severance Hospital. AXGATE has put forward its X-QUANTUM platform, which combines PQC with a quantum random number generator (QRNG), a technology that uses the properties of quantum mechanics to create unpredictable random numbers, as its next growth engine.
AXGATE CEO Joo Gap-su said at a press briefing held last week, "In the defense sector, once a single weapons system is completed, it is operated for 20 to 40 years, and if information stolen now is later decrypted by quantum computers, core technologies could be exposed in their entirety," emphasizing the importance of quantum security.