Everyone has heard the stereotype of the older person complaining about the “new music” younger people listen to, and we can all see the effects of polarization and rigid-mindedness in all aspects of our society.

I think the key to the question is not age, so much as one’s attitude toward learning, and a person’s level of intellectual humility, which can perhaps best be illustrated by Socrates’ comment:

People who like learning, and who have a degree of intellectual humility, often go searching for things which are new – not necessarily chronologically, but new to them. With regard to “new music”, I think there is an enormous amount of talent out there, and I believe that keeping an open mind is a great way to avoid rigid-mindedness. So, I sometimes search for genres I am not familiar with, or look for unfamiliar songs on “best of” lists – or even just search for songs with names similar to something I am interested in. Rather than avoiding it, I actively seek out what “the kids today” listen to. Sometimes, of course, it’s not to my taste, but sometimes...

TIL about Mammút, an Icelandic band I found through searching for songs which include the word “shore”. I found their song “Shore”, which appeared on their 2015 EP “River’s End”. I liked the song, liked the band, and am enjoying their music as I type. From what I can see, the word “mammút” means “mammoth” in Icelandic, and the accent appears to be important to distinguish the band from other bands – a German metal band called “MAMMUT”, and a German rock band called “Mammut” (Apparently the word means “mammoth” in German as well, but without the accent).

But why would I be searching for “shore”?

Well, I was interested in commenting about the pending disastrous collapse the world’s security infrastructure... or maybe not. Some of the breathless coverage in the media implies that the world will come to an end as soon as quantum computers become viable.

Do quantum computers represent a risk? Yes, definitely. Will the world collapse? No, probably not... at least not because of quantum computers.

I have previously described some basic cryptography, but to summarize, there are two main types of cryptography in use for modern web communication. Generally, when you go to an “HTTPS” website (ie, most of them, nowadays), you can be reasonably confident that the communication between you and the site is secure and not visible to a bad actor. (This does NOT mean that the site is not malicious – bad guys also use HTTPS – but does mean that an eavesdropper will only see encrypted traffic).

Asymmetric encryption is used to “negotiate” a shared key for the session, which is then used to encrypt traffic using symmetric encryption. In answer to the obvious question “Why is asymmetric encryption not used all the time?”, it requires more resources, and is better-suited to small data sets (such as encryption keys). In contrast, symmetric encryption is more efficient, and is generally used for data storage, messaging, and document encryption.

A term which sometimes appears in the media coverage is “quantum apocalypse”, where we are usually talking about what will happen when quantum computers are sufficiently large and powerful enough to be used against current encryption. While both symmetric and asymmetric encryption are theoretically vulnerable to quantum computers, the most immediate concerns relate to asymmetric encryption.

The most common asymmetric algorithm currently used is “RSA” (Rivest-Shamir-Adleman), which is based on the “factoring problem”. The most efficient “classical” algorithm for integer factorization is the “general number field sieve”, which is “super-polynomial but sub-exponential”. As I understand it, this means that increasing the size of the key increases the complexity and time required to break the key by a “not quite exponential” amount. Or, put more simply, integer factorization is really hard, and gets dramatically harder as the size of the key increases. In practice, this means that you can’t break current asymmetric encryption in a realistic timeframe... at least not with “classical” computers.

That’s where Shor comes in.

Peter Shor is an American theoretical computer scientist, and is best known for devising Shor’s algorithm, which is a “quantum algorithm” that allows quantum computers to factor integers far more efficiently than is possible for “classical” computers. This means that sufficiently large quantum computers are expected to be able to perform factorization of large integers in “polynomial time”, so factorization which is practically impossible for classical computers will be relatively simple and fast for sufficiently large quantum computers.

This is bad.

One of the reasons that it’s bad is that some groups (state actors, generally) are simply saving as much encrypted traffic as they can, on the assumption that they will be able to decrypt it easily in a few years/decades.

However, to extend the metaphor or data being radioactive, it also has a half-life, which means that these actors may well be saving a LOT of data which will be worthless in a few years, so when they (eventually) begin decrypting, there will be a lot of data which has little or no value to them.

This is somewhat less bad.

We don’t know exactly when we’ll have quantum computers of sufficient power to break current cryptography – but we have known for years that it is just a matter of time. As a result, there has already been a lot of work on post-quantum cryptography, and US NIST has already published standards which are considered “quantum safe”. The magnitude of the impact of the “quantum apocalypse”, then, is entirely dependent on how quickly these standards are deployed, and how quickly viable quantum computers are available.

As an example, if viable quantum computers had existed ten years ago, the impact of the “quantum apocalypse” could have been catastrophic. If they appear tomorrow, the impact will be less severe, because of the work which has been done over the past few years, and the fact that many companies are already actively working on migrating to quantum-safe algorithms. Examples include Google, Apple, and Microsoft.

In fact, the impact of “Q-day” decreases as time goes on. According to the Quantum Threat Timeline Report 2024, it appears that the estimates of a CRQC (Cryptographically-Relevant Quantum Computer) being developed are between five years (5% pessimistic / 14% optimistic) and thirty years (77% pessimistic / 92% optimistic). A CRQC is defined as a quantum computer able to “break” the RSA-2048 encryption algorithm within 24 hours.

It should be noted that such machines will likely be very expensive and very rare at first, so there may well be a few more years for such machines to be common enough to be used routinely, or in significant quantity.

In any event, the risk will continue to decrease as post-quantum cryptography is deployed, and the “quantum apocalypse” may end up being far less disruptive than the doomsayers say, depending on when “Q-day” comes, and how much progress is made in the migration to quantum safe algorithms. The eventual impact of “Q-day” might be comparable to that of Y2K which, as I have previously noted, was much less than it might have been – mainly due to the vast amount of work done to mitigate the risk ahead of time.

We should certainly not minimize the risk of quantum computers, but it’s important to be realistic about the situation, the risk, and our best course of action.

If we think of the future as an uncharted sea, at least we’ll know where the Shor is.

Cheers!