As we embrace AI and its immense potential, it’s crucial to acknowledge the security concerns that come with it. We have learned from past technological milestones that every new innovation brings both opportunities and challenges.
Now, as we stand on the brink of another disruptive technology—scaled quantum computing—we must prepare for the future. Quantum computing has the power to address complex global problems like food sustainability, climate change, and energy storage. However, this transformative computing capability can also be misused by malicious actors. To ensure the benefits of quantum computing while mitigating risks, we must enhance our security measures.
Microsoft embarked on its quantum journey over 20 years ago and is uniquely positioned to contribute to a quantum-safe future. Our investments in this field have enabled us to understand and address emerging risks effectively.
The Challenge of Quantum Computing on Encryption
Most current security systems rely on public-key cryptography, which secures various aspects of our digital lives. However, quantum computers have the potential to break these cryptographic systems quickly through algorithms like Shor’s algorithm. Traditional computers would take millions of years to solve the mathematical problems underlying current encryption methods, but quantum computers could accomplish the task in minutes.
Scaled quantum machines, consisting of over a million stable qubits, are on the horizon. It’s crucial to ensure that these powerful quantum systems are not exploited by bad actors.
Microsoft’s Approach to Quantum-Safe Readiness
At Microsoft, our quantum machines will be delivered through Azure as a cloud service. We will implement technical and operational controls to prevent malicious use. However, not all quantum machines will have such protections. Immediate risks, such as scenarios where adversaries harvest encrypted information and decrypt it later, require attention. Additionally, un-updatable IoT devices may become obsolete. To address these challenges, organizations need to prepare and act now. The transition to becoming quantum-safe will be a significant undertaking.
Just as the Y2K challenge required an industry-wide effort, becoming quantum-safe will involve updating cryptographic systems globally. Governments and the private sector are investing in research, development, and standardization of post-quantum cryptography (PQC) algorithms and other quantum-safe approaches. Organizations like the U.S. National Institute for Standards and Technology (NIST), the European Telecommunication Standards Institute (ETSI), and the International Organization for Standardization (ISO) are actively involved in evaluating and standardizing quantum-resistant algorithms.
Microsoft is deeply engaged in PQC research, collaborating with organizations like NIST, ETSI, and ISO. We participate in international standards efforts and lead working groups focused on PQC transition preparation. We also encourage global adoption of harmonized cryptographic standards and additional quantum-safe measures.
Quantum-Safe Readiness Across Microsoft’s Ecosystem
Given Microsoft’s unique position in developing both hardware and software, along with our past experiences transitioning cryptographic algorithms, we understand the magnitude of the quantum-safe journey.
We are committed to being a trusted partner, collaborating with industry and governments throughout the iterative process. Transparency and clarity will be essential as we share learnings and recommendations with the broader community.
To accelerate quantum-safe readiness, organizations can leverage the hyperscale cloud. However, recognizing that not all customers and partners use the cloud, we are taking a comprehensive approach across our platforms and systems.
Microsoft’s portfolio and ecosystem are undergoing rigorous assessments to ensure our products and services remain secure as quantum technology evolves. We have assembled a team of experts, including input from regulators, industry partners, vendors, legal experts, and research teams. Our efforts include creating and testing practical cryptographic solutions, exploring quantum-safe algorithms, and developing a roadmap to address crucial areas.
The Time to Prepare is Now
Implementing quantum-safe measures will take time, but starting early ensures greater safety. Organizations should raise awareness, deepen their understanding of risks, and begin the journey to quantum safety.
Creating an inventory of critical data and cryptography technologies is a good starting point, identifying areas where cryptographic protocols may be vulnerable. It is essential to update those protocols and libraries to mitigate potential risks.
Based on assessments, organizations should prioritize systems and services based on criticality, dependencies, and cost, and develop a transition roadmap accordingly.
Microsoft is already assisting customers and partners, particularly those in risk-sensitive industries, on their quantum-safe journey. The urgency for all organizations to embark on this path cannot be overstated. We encourage action and stand ready to support.
As quantum technology progresses, Microsoft remains committed to the security of our products and customers. Leveraging our research and engineering teams, we strive to minimize the efforts required for organizations to become quantum-safe, ensuring the ongoing security of our products and services.