Do you know what’ s the difference between **quantum computing, quantum cryptography and post-quantum cryptography**? Because to be honest, they have (almost) nothing to do with each other. They are terms that keep coming up in conversations about cybersecurity. In this article, **I will tell you what every CIO/CISO should know about these three terms** in order to participate in the conversation without screwing up. Let’s unravel this quantum mess!

**Quantum ****Computers and The Power of Massive Parallelism**

Let’s start with **quantum computing.** As we all know, classical computers use classical physical phenomena to represent bits: an electric current passing or not passing through a transistor, a magnetic dipole pointing up or down, a plastic disc with or without holes in the range of a laser beam, and so on. They are well-defined states, allowing unambiguous representation of ones and zeros: a one is a one and a zero is a zero.

In contrast, quantum computers use quantum particles, such as photons or electrons, to represent quantum bits or qubits. And here the astonishment bursts in: **a qubit can be in either a zero state or a one state, or in all states between zero and one.** This amazing property of quantum physics, known as superposition of states, allows for massively parallel computations.

For instance, imagine that you want to calculate the results of a function f (x) for all the possible values of x. If the input x is two bits long, on a classical computer you would have to try sequentially the four possible values: first 00, then 01, then 10 and finally 11. Whereas a quantum computer will perform all four calculations simultaneously. But there is a trick: the two qubits store all four possible results at once, but the readout only returns one of those four values and you can’t choose which one – it happens randomly.

Therefore, quantum algorithms must cleverly and skilfully exploit this feature so that the probability that you will randomly read the result you are looking for is as close to 100% as possible. And this is not easy. **That is why there are only very few quantum algorithms.** The two best-known in the cyber security field are **Shor’s**, which is capable of wiping out the public-key cryptography in use today, and **Grover’s**, which simply weakens secret-key cryptography and hashes, with the simple solution of doubling the size of the key or hash.

In addition to breaking today’s cryptography, **quantum computers will have many other more constructive uses**, such as, for example, the following uses outlined by Gartner in its highly recommended report **The CIO’s Guide to Quantum Computing:**

**Machine Learning:**improving ML through faster structured prediction.**Artificial Intelligence:**faster computations to improve perception, understanding and fault diagnosis of binary circuits/classifiers.

**Chemistry:**new fertilisers, catalysts and battery chemistry to drive improvements in resource efficiency.**Biochemistry:**new drugs, personalised medicines and perhaps even hair restorers.**Finance:**faster and more complex Monte Carlo simulations, e.g., trading, trajectory optimisation, market volatility, price optimisation and hedging strategies.**Health:**genetic sequencing of DNA, optimisation of radiotherapy treatment/detection of brain tumours in seconds instead of hours or weeks.**Materials:**highly resistant materials; anti-corrosion paints; lubricants; semi-conductors.

**Computing:**faster multidimensional search functions, e.g., query optimisation, mathematics and simulations.

**M****uch ****Better Quantum Key Distribution Instead of Quantum Cryptography**

**Quantum cryptography does not exist.** What has existed since 1984 is “Quantum Key Distribution” (QKD). In other words, (misnamed) **quantum cryptography has nothing to do with quantum computation,** but is in fact, a brilliant exercise in quantum communication, applied to the distribution of random keys.

Historically, **the biggest obstacle in cryptography has been the problem of key distribution:** if the channel is insecure and you need to encrypt the information, which channel do you send the encryption key through? In 1984, researchers C. Bennett and G. Brassard came up with the first method for sharing keys over a quantum communications channel using suitably polarised single photons, known as **BB84.** This protocol has the interesting property that, **if an attacker intercepts bits of the key,** he will inevitably be detected, since, in the quantum world, one cannot observe without leaving a trace. Subsequently, other QKD protocols have been presented, such as **E91,** proposed by researcher A. Ekert in 1991, based on the “entanglement” or “quantum entanglement” between two particles, **and many others. **

Do not believe that QKD is the Holy Grail of cryptography either. In fact, **some of the world’s largest intelligence agencies have pointed out that it is far from solving our secrecy problems.** What theoretical physics can propose is one thing; what engineers can build is quite another. Although the gap between theory and practice is closing by leaps and bounds since that humble PoC in 1984, the implementation of QKD is not yet as secure as it will undoubtedly become with technological advances.

**Post****-Quantum Cryptography or How to Resist A Future Dominated by Quantum Computers**

Finally, we get to post-quantum cryptography, which has little or nothing to do with the previous two. Post-Quantum Cryptography (PQC) or Quantum-Safe Cryptography **brings together those cryptographic algorithms capable of resisting Shor’s and Grover’s algorithms,** mentioned above. These are classical mathematical algorithms, some of them more than 40 years old. The three best-studied alternatives to date are **hash-based cryptography, cryptography based on ciphers and lattices-based cryptography.**

According to the recent report **Post-Quantum Cryptography (PQC): A Revenue Assessment,** the market for post-quantum cryptography software and chips will soar to $9.5 billion by 2029. While PQC capabilities will be embedded in numerous devices and environments, according to the report, PQC revenues will be concentrated in web browsers, the Internet of Things (IoT), 5G, law enforcement (police, military, intelligence), financial services, healthcare services, and the cyber security industry itself.

NIST has initiated a process to request, evaluate and standardise one or more PQC algorithms for digital signature, public key encryption and session key establishment. After three years of analysis of the proposed candidates, **NIST announced the winners** of the second round for the selection of the new post-quantum cryptography standard in July. In the third and final round, NIST will specify one or more quantum-resistant algorithms for 1) digital signature, 2) public key encryption and 3) cryptographic key generation. The algorithms that will proceed to the third round in the public key encryption and key management categories are Classic McEliece, CRYSTALS-KYBER, NTRU and SABER; and in the digital signature category, CRYSTALS-DILITHIUM, FALCON and Rainbow.

**Do ****N****ot**** ****Get Tangled Up in Quantum Science**

Nowadays, **only 1% of organisations are investing in quantum computing and quantum computers.** This is an area in full swing, consuming budgets in the billions, within the reach of only the most sophisticated R&D teams. Europe is navigating the second quantum revolution through its European **Quantum Flagship** programme, although there is no doubt that China has taken the lead. It is expected that in a decade or two we will be enjoying error-free quantum computers of thousands of qubits. When that day comes, if it does come, it will be **a profound change in technology** as we know it today.

On the other hand, **the area of quantum communications is much more mature,** with a multitude of fully operational proposals, available at a wide range of prices and performance. In 3 years time, the development and certification of quantum random number generation (QRNG) and key distribution (QKD) devices and systems is expected. This will address high speed, high TRL, low deployment costs, novel protocols and applications for network operation, as well as the development of systems and protocols for quantum repeaters, quantum memories and long-distance communication. **All of this would lead in 10 years to a “Quantum Internet”.**

As for post-quantum cryptography (PQC), it is nothing more than traditional cryptography, based on classical mathematical algorithms, but with the peculiarity of resisting quantum computing. **If your organisation currently handles encrypted information which needs to be kept confidential for more than 10 years, you better start analysing the PQC product offerings on the market to start the transition.**

The future will either be quantum or it won’t be or it will be something in between or, it will be and won’t be at the same time or… Do not get tangled up in quantum science!