Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Cibersecurity in supercomputing and quantic computing

Posted date 18/09/2025
Author
INCIBE (INCIBE)
Supercomputación y la computación cuántica en ciberseguridad

The computers that powered space missions such as the Voyager probes in 1977 represented the technological pinnacle of their time, operating with just a few kilobytes of memory and clock frequencies of a few hundred kilohertz. Four decades later, any commercial mobile phone has millions of times more processing power, integrating capabilities that would have been unthinkable back then.

Today, cutting-edge computing manifests itself in supercomputing systems composed of hundreds of thousands of cores and parallel processing networks capable of executing quadrillions of operations per second, which are used in fields as diverse as climate prediction, pandemic modelling, particle physics research and artificial intelligence development. However, this growth has also revealed a key limitation: many problems of scientific and industrial interest have an exponential computational cost, which means that their practical resolution is beyond the reach of even the most powerful supercomputers.

This is where quantum computing has emerged in recent years, not as an incremental improvement, but as a true paradigm shift. Unlike classical bits, which can only represent a 0 or a 1 at any given moment,qubits —the fundamental unit of quantum computing— can be in a superposition of states, allowing them to represent combinations of 0 and 1 simultaneously. Furthermore, thanks to the phenomenon of quantum entanglement, qubits can be correlated with each other in such a way that the state of one instantly depends on the state of the other, even at a distance. Instead of sequentially traversing all possible paths like a classical computer, the quantum computer acts on a much larger solution space in a fraction of the time, giving it exceptional advantages in certain types of problems such as molecular system simulation or combinatorial optimisation.

In the field of cybersecurity, quantum computing poses a direct threat to traditional cryptographic systems, whose security is based on mathematical problems that a sufficiently advanced quantum computer could solve with relative ease. This turning point is known as “Q-Day”: the day when an operational and scalable quantum computer is capable of breaking the cryptographic algorithms widely used today, compromising the confidentiality of secure communications, financial data, sensitive files and even the integrity of critical infrastructure globally.

The current state of quantum technology poses a plausible but as yet unrealised threat to cryptography, i.e. there is no evidence to date of a quantum computer capable of breaking the most commonly used public schemes. In June 2025, the European Commission published a coordinated implementation roadmap for the transition to post-quantum cryptography which places the arrival of a ‘cryptographically relevant quantum computer’ at a maximum of 16 years (≈2040), with the possibility of shortening the horizon to 10 years if error correction/mitigation heuristics are fully verified and hardware progresses. It also includes expert estimates that assign a 19–34% probability of breaking RSA-2048 within 24 hours within the next decade.

What is holding back projects with greater capacity and more qubits? First, the quality of operations: as reflected in the European roadmap in which INCIBE has participated, the ‘when’ depends on verifying the correction/mitigation heuristics and on hardware continuing to improve. Second, scalability: scaling while maintaining fidelity remains the big challenge. In summary: fewer errors and greater integration are the way forward, but there is still no definite date when capacity will be sufficient to compromise current cryptographic systems.

Risk factors and impact

In this context of technological transformation, several significant risk factors for information security converge.

  • Vulnerable algorithms: The most commonly used cryptographic algorithms today—such as RSA, ECC, and Diffie-Hellman in asymmetric or public-key cryptography—are designed based on mathematical problems such as the factorisation of large integers or the discrete logarithm of elliptic curves, which are simple to calculate in one direction but very complex in the opposite direction. However, with the development of sufficiently powerful quantum computers, algorithms such as Shor's could be used to solve these mathematical problems in reasonable time, compromising the security of these traditional cryptographic systems. The Japanese supercomputer Fugaku, jointly developed by RIKEN and Fujitsu, is one of the most powerful systems in the world, with a maximum performance of 442 petaflops (442 quadrillion operations per second). Despite this immense capacity, solving the factorisation of a 2048-bit RSA number using classical methods would be unfeasible, as the computational cost scales exponentially and could take thousands of years. In contrast, Fujitsu has used its 39-qubit quantum simulator, supported by the computing power of Fugaku and parallel computing technologies, to evaluate the vulnerability of RSA-2048 to attacks by quantum computers running Shor's algorithm. Their studies indicate that a quantum computer with around 10,000 logical qubits and 2.23 trillion quantum operations would require approximately 104 days of fault-tolerant computing to factor a 2048-bit RSA key. Although this figure is far from current capabilities, it demonstrates the disruptive potential of quantum computing.

  • Exposure window for captured  encrypted dataA significant current threat is the strategy known as harvest now, decrypt later” Attackers have begun storing large volumes of encrypted data today that is highly sensitive and non-perishable, even if they do not have the immediate ability to decrypt it. However, when sufficiently powerful quantum computers become available and widely used, this stored data could be decrypted, exposing sensitive and confidential information. This risk is particularly critical for data with long-term value, such as trade secrets, government information, medical records, genomic data, biometric data, and personal data. For example, classified documents intercepted today could be disclosed in the future, compromising national security and the privacy of individuals.

Ventana de exposición de criptoanálisis - Diagrama sobre harvest now, decrypt later

Diagrama sobre harvest now, decrypt later

  • The scientific community, driven by the American NIST and also European initiatives, has  managed to create and test  different software algorithms that are resistant to quantum attacks, or ‘quantum-safe’. After several selection processes, there are now finalist algorithms for the main cryptographic primitives, such as those based on lattices, such as ML-KEM (CRYSTALS-Kyber) for key exchange and ML-DSA (CRYSTALS-Dilithium) and FALCON for digital signatures. These finalist algorithms come with sufficient documentation so that they can be implemented by industry in technological infrastructures (hardware, firmware, OS, APIs, libraries, applications, services, architectures, etc.). Work continues to test these algorithms and to create and test new ones to expand the list and offer more options to the industry, as well as to create lightweight versions for environments with limited capabilities (computing or memory) such as embedded systems, etc. Therefore, the scientific community has already done its part; now it is the turn of governments and industry to carry out the migration.

  • Despite the considerable uncertainties that still surround quantum computing and its impact on security, the first post-quantum advances in cryptography are beginning to emerge, with algorithms that seek to protect confidentiality, integrity and secure key exchange against the threat of quantum computers. For example, for key exchange and encryption, destacan Kyber, based on network cryptography, and HQC (currently being standardised by NIST), which uses error-correcting codes as a robust alternative, stand out. In the field of data authentication and integrity, Dilithium offers quantum-resistant digital signatures, also based on network cryptography. 

  • Difficulty to transition towards new cryptographic systems: The adoption of quantum-resistant cryptographic algorithms represents a significant challenge. Many current systems, including embedded devices and large infrastructures, rely on architectures and protocols designed for classical algorithms. Changing these systems involves considerable technical effort, due to different requirements for processing power, key size, and compatibility. This difficulty may delay the implementation of adequate protection measures, leaving many organisations and systems exposed for an extended period of time. For example, older industrial control systems or IoT devices with limited resources may not be able to support post-quantum cryptography without costly upgrades or even complete replacements. Additionally, this migration must be orchestrated so that both ends of a communication acquire these capabilities while still being able to communicate constantly.

These risk factors can have significant impacts on various key dimensions of information security, directly or indirectly undermining the confidentiality, integrity and availability of information and systems, and jeopardising trust in digital systems as we know them today. 

Protective measures and best practices

To accompany these technological developments, it is crucial to implement protective measures and best practices that ensure a secure transition to post-quantum environments. 

  • A recommended strategy is the adopción paulatina de soluciones híbridas (crypto agility) that combine classical and post-quantum algorithms, such as integrating PQXDH — a post-quantum key exchange protocol that extends the well-known XDH protocol (used in secure messaging applications such as Signal) — alongside traditional key exchange methods, enabling a gradual defence without compromising current interoperability. In June 2025, EU Member States published a coordinated implementation roadmap for the transition to post-quantum cryptography.

  • Include specific requirements for cryptographic features and capabilities, aligned with post-quantum cryptography, in the procurement and acquisition processes for technological solutions.

  • In addition, detailed inventories of systems and devices that are not compatible with post-quantum cryptography should be drawn up, and progressive upgrade plans should be established based on the criticality of the information they manage, setting realistic deadlines in line with current quantum capacity and Q-Day.

  • Strengthening organisational resilience, both from a technical and operational standpoint, will be key to sustaining business continuity: organisations must also include the quantum threat in their risk analysis, as well as define specific controls for detecting and responding to this threat, with clear lines of action in the event of possible impacts. The implementation of secure backups encrypted with quantum-resistant algorithms will also aid in the recovery of critical data in adverse scenarios of compromised cryptography.

  • Meanwhile, having cyber insurance adapted to the new technological landscape can offer an additional layer of financial support in the event of unforeseen incidents. 

  • Finally, promoting training and awareness programmes at all levels of the company will enable staff to understand the risks and adopt best practices in the face of the challenges of the quantum era.

    Transición segura hacia entronos post-cuánticos

Conclusion

Quantum risk is not a remote possibility, but a real threat that requires a proactive and coordinated response. According to a March 2025 ANSSI survey of critical infrastructure operators in France, more than half of organisations are currently exposed to this threat. This is due, for example, to the use of VPNs that employ digital certificates to transmit sensitive information whose confidentiality must be maintained for more than ten years. Although many entities theoretically recognise the quantum threat, the actual impact on their own systems is often unknown, and few have initiated specific risk analyses or transition plans to post-quantum algorithms. The main obstacles include the technical complexity of integration into legacy environments, the lack of established standards, the immaturity of available solutions, and limitations in human and financial resources.

Given this scenario, it is crucial to begin the transition now and foster solid cooperation between the public and private sectors to prevent a global cybersecurity crisis.

The problem is known, the threat is real, and solutions using new PQC algorithms are already available. The current challenge is therefore the transition or implementation from classical to post-quantum cryptography, and this falls mainly to governments, industry and businesses. The transition requires coordinated planning and execution without delay to migrate to quantum-resistant solutions. When the foundations of cyberspace and therefore of the Information Society are at stake, the effort is well worth it.

Etiquetas