# Preparing for Y2Q: The Ultimate Guide to Surviving the Quantum Leap

## Preparing for Y2Q: The Ultimate Guide to Surviving the Quantum Leap

The term Y2Q, or “Year to Quantum,” is a play on the term Y2K, or “Year 2000.” In the leadup to the year 2000, many critical computer systems stored only the last two digits of four-digit years. The legitimate concern was that rolling over from 99 to 00 would cause the year 2000 to be interpreted as 1900, predating all transactions up to that point and having potentially catastrophic consequences. Fortunately, however, the world had ample time to prepare, and the rollover is remembered as being largely uneventful.

The term Y2Q, besides the play on the name, bears a couple of actual similarities to Y2K. If left unchecked, the consequences of Y2Q are also expected to be quite catastrophic. Fortunately, like the lead-up to Y2K, there is still ample time to prepare. Unfortunately, not all of the concerns regarding Y2Q have been resolved just yet, but the issues are well known and are being addressed.

The Y2Q threat, interestingly, also concerns data. Instead of concerning a date format, however, the concern is over the cryptographic schemes that protect the data. The Y2Q cybersecurity threat is that large-scale, fault-tolerant quantum computers will be able to use a quantum algorithm called Shor’s Algorithm to decrypt the world’s most popular public-key cryptographic protocols. Doing so could expose the data these protocols are meant to protect to malicious actors.

The must-know points about the Y2Q quantum computing threat are:

- Like Y2K, the issues are known and understood well in advance.
- Because of “harvest now, decrypt later,” the time to start preparing is already in the past.
- Like Y2K, governments are spearheading this issue.
- Two major resolutions have been proposed: post-quantum cryptography (PQC) and quantum key distribution (QKD).
- Unlike Y2K, the timeline is uncertain; depending on who you ask, Y2Q will happen in as short a span as a few years or as long a span as a few decades.

It is important to remember that quantum computing hardware and algorithm breakthroughs could happen at any time. The year 2023, for example, shifted the hardware conversation from physical qubits to logical qubits. Without getting technical, just know that this shift is an important step on the path to Y2Q. But this conversation wasn’t in the public discourse as recently as 2022, which serves as a reminder that Y2Q preparation is overdue.

## Understanding Y2Q and Quantum Computing

Y2Q is the as-yet-unknown year in which fault-tolerant quantum computers will be able to decrypt some of today’s most in-use public-key cryptosystems. The quantum algorithm – Shor’s Algorithm – has been known for three decades; the world is simply waiting for the hardware to be developed that can execute it.

The underlying problem is that some cryptosystems multiply two very large prime numbers together to generate a key. This method presumes that it is impossible to factor the key back into its prime numbers, which is essential for decrypting the message. For classical computers, there is, indeed, no known efficient way to do this.

Shor’s Algorithm, however, can factor numbers efficiently. Many estimates show that 2048-bit RSA encryption will be breakable within a matter of hours, a timeframe that could be quite useful for malicious actors. This is in stark contrast to classical computation estimates, which are often framed against the lifetime of the universe.

The challenge to implementing Shor’s Algorithm is that the quantum circuit is massive. It requires far larger quantum computers than currently exist, with much lower error rates than are currently possible. As physical qubit counts grow, and as the industry shifts to logical qubits, the error rates will come down and Y2Q will inch gradually closer.

## The Significance of Y2Q

The significance of Y2Q is that it doesn’t just threaten a few encryption schemes, it threatens some of the most important encryption schemes. The potential consequences of this include:

- Decryption of sensitive communication and stored data previously thought to be secure
- Disruption of government, public utility, and enterprise systems
- Damages to the global economy; Y2K estimates were hundreds of billions of dollars
- Investment into novel, quantum-safe cryptographic protocols

The term “disruptive” is often applied to quantum computing, and nowhere is that more appropriate than when discussing cryptography.

{{Newsletter-signup}}

## Preparing for Y2Q: Strategies and Considerations

The first step in preparing for Y2Q is to understand that not all cryptosystems are vulnerable to future quantum attacks. But for the cryptosystems that are, there are currently two major approaches to addressing the problem. One is called quantum key distribution (QKD), which can be thought of as quantum cryptography. The other is post-quantum cryptography (PQC), which are classical algorithms, but classical algorithms that are believed to be resilient to quantum attacks. Although neither initiative is fully mature, test QKD deployments exist and some PQC protocols are already commercially available.

The steps that you can take now to prepare for Y2Q include:

- Understand the Y2Q threat.
- Catalog your data and dataflows.
- Inventory your cryptographic assets.
- Identify your specific vulnerabilities
- Follow developments in PQC and QKD.
- Plan implementation, as it will likely require significant money, time, and coordination.
- Follow national preparedness initiatives.
- Follow advancements in logical qubits and fault-tolerant quantum computing (FTQC).

For further reading, the Wilson Center has published “Preparing for Y2Q and Post-Quantum Disruption.” This article addresses geopolitical concerns, the wide-ranging time estimates until Y2Q, “harvest now, decrypt later,” US policy, and China’s strategy. It also includes a primer on encryption, as well as the status of PQC at the time of publication. “Y2Q: Let the Prep Begin” by SdxCentral overlaps some of the Wilson Center’s content, but it has a short section dedicated to action steps and beginning to address the problem.

## The Implications of Quantum Supremacy

Quantum supremacy is a term that is applied when a quantum computer performs a task that is infeasible for classical computers. Two of the shortcomings of the term are that there is no need for the task to be of any commercial interest, nor is there any requirement for quantum error correction (QEC) to be applied. Despite these shortcomings, however, these demonstrations of quantum computational power are important. Unfortunately, the results of the experimental demonstrations thus far have been short-lived, with novel classical algorithms quickly being developed to challenge them. Nevertheless, demonstrations of quantum supremacy that withstand challenges will embolden researchers to embark on further challenges.

One demonstration that is crucial to the Y2Q calendar would be a large-scale demonstration of Shor’s Algorithm. The algorithm has already been demonstrated at small scales, but factoring two-digit numbers is a far cry from factoring 2048-bit numbers. Even without QEC, demonstrating that Shor’s Algorithm can actually be implemented at scale and that the execution time can be measured in hours or less, would be a major step toward Y2Q. A claim of quantum supremacy, even if not yet enough to break RSA encryption, would be a landmark achievement for quantum computing.

A demonstration of quantum supremacy with Shor’s Algorithm would have implications beyond cryptography. Solving a classically intractable problem with real-world applications would support the proposition that quantum computers can solve other classically intractable problems, also with real-world applications.

For more about the implications of quantum supremacy beyond Y2Q, be sure to read “Understanding the Potential of Commercial Quantum Computers.” This article acknowledges the role Y2Q has played in the development of the global quantum ecosystem but also explores the commercial applications of quantum computers, and more.