John Martinis, winner of 2025 Nobel Prize in Physics: ‘I wouldn’t want quantum computing to be known for breaking the internet’
Experts are calling for the cryptographic systems on which the entire network depends to be made ready now for the imminent emergence of technologies that will make them vulnerable
Digital security, which underpins everything from the most common bank transaction to conversations on messaging platforms, cryptocurrency and critical infrastructure, is based on cryptographic keys: strings of characters encrypted by an algorithm. The difficulty in decrypting them depends on factorization, the decomposition of an algebraic expression into a product; for example, six equals three times two. But this simple operation becomes extraordinarily complex if the given number exceeds a relatively small number of digits, such as 261980999226229.
Back in 1994, Peter Shor, a mathematician at the Massachusetts Institute of Technology (MIT), demonstrated that a quantum computer could efficiently solve the factorization problem. This prediction is now beginning to materialize. “By the end of this decade, a cryptographically relevant quantum computer will be able to break the encryption that underpins our global economy,” warns Anand Oswal, executive vice president of Palo Alto Networks, the company considered the largest provider of cybersecurity services. Experts are urging people to prepare.
For Oswal, the current cryptographic model has been for half a century the “invisible shield that protects everything” because it safeguards digital communication and stored data, the pillars of the internet. But Shor’s prophecy is beginning to materialize with the advancement of quantum computing. “It’s at that tipping point: it’s no longer in the labs, it’s no longer a scientific project; we’re starting to see green shoots and companies that claim to have found a way to perform a stable content computing task,” warns Nikesh Arora, CEO of the same company and host of the Quantum-Safe Summit.
Arora believes there is a window of opportunity of between two and seven years to address the challenge, but urges preparing now: “This is the time to start thinking about how it will impact us and what implications it entails.” According to him, the goal is to transition to a quantum environment without disrupting productivity, technology and infrastructure.
Harvest today, decrypt later
The top executive at Palo Alto insists that the threat is real and “will soon appear before us.” In fact, they have already detected a practice among cybercriminals known as “harvest now, decrypt later,” which involves collecting data now to decrypt it when quantum technology becomes available.
This practice means that information stolen today, if it has an upcoming expiration date, will be irrelevant within two or three years. But if it’s critical or strategic data, quantum computing will decipher it. “We can’t wait until then to act. We must be secure today,” Arora concludes.
The imminent availability of this technology is confirmed by Jerry Chow, head of the Experimental Quantum Computing group at IBM’s Thomas J. Watson Research Center. IBM has set a roadmap (and has so far met all planned milestones) to deliver to its clients the first fault-tolerant quantum computer with 200 qubits (the basic unit of quantum information). These systems are expected to be capable of solving problems impossible for classical computing, but also of achieving the qubits necessary to challenge cryptography. “At some point it’s going to happen, and I think the key is to be ahead of it, yes, to prepare for it now,” he admits.
John Martinis, one of the three scientists awarded the Nobel Prize in Physics last year for their research in the quantum universe and a guest at the Quantum-Safe Summit, agrees on the urgency, although he believes there is time to prepare: “I think people need to start worrying a bit. You have time to do this properly, but you don’t have an infinite amount of time. I wouldn’t want quantum computing to be known for breaking the internet. We need to think seriously about replacing our systems.”
How to prepare
Large government cybersecurity agencies and multinational corporations have been preparing for this post-quantum world for years. This is not the case for smaller companies and suppliers to larger entities. Colin Soutar, director of risk advisory at Deloitte, highlights the work of NIST (the National Institute of Standards and Technology), which has been researching this topic for years. But he points to the need for all entities to start thinking about the new era.
“If you start early, you can see where the vulnerabilities are and begin integrating the alternatives into the planned enterprise upgrades that are already being done. It’s about reinventing the underlying systems, and that involves a lot of work,” he warns.
Soutar advocates starting by establishing the infrastructure and organization, identifying weaknesses, and addressing them. “Don’t try to fix everything at once. You can start making selective updates as you go. It’s an iterative, not sequential, process,” he advises.
To this strategy, Dustin Moody, a mathematician in the Computer Security Division at NIST, adds another recommendation: flexibility and agility to “switch to something else at some point.” “We can never have 100% security. Someone can come up with a new idea, a quantum computer, or an AI that represents a new approach we’ve never considered, and that’s always possible,” he explains.
Moody calls for training, inventorying the elements on which cryptographic systems have been or will be established, as well as their lifespan (“it sounds easy, but it’s very complicated,” he warns), having a specific project and management team, executing the plans, and expanding them. In this regard, he warns about one of the classic problems in cybersecurity: “You’ll have to talk to your suppliers to make sure they’re doing the same.”
“Basically, start that process now and don’t wait because it’s going to be a long and complex transition,” he concludes. “We must make sure we take immediate action, move beyond the brainstorming phase, move quickly, think about where to start, and simply begin. Today we’re talking about taking action,” adds Michael Duffy, U.S. Federal Director of Information Security.
Sign up for our weekly newsletter to get more English-language news coverage from EL PAÍS USA Edition