> **来源:[研报客](https://pc.yanbaoke.cn)** ```markdown # Quantum Threat Summary ## Core Content The document outlines the growing threat posed by quantum computing to current cryptographic systems and emphasizes the urgent need for organizations to transition to quantum-safe alternatives. It highlights the potential for quantum computers to break widely used public-key encryption algorithms, leading to severe economic, geopolitical, and security consequences. The focus is on the implementation of post-quantum cryptography (PQC) as the primary defense mechanism against these threats. ## Main Points ### 1. Quantum Threat Overview - Quantum computers use qubits that can represent 0, 1, or both simultaneously, enabling them to perform complex calculations at unprecedented speeds. - This capability could break current public-key encryption standards, such as RSA and ECC, which are foundational to digital security. - The term "Q-day" refers to the future date when quantum computers will be powerful enough to break encryption, leading to potential data breaches and loss of confidentiality. ### 2. Quantum Readiness and Timeline - The probability of Q-day occurring by 2034 is estimated at 19–34%, increasing to 60–82% by 2044. - A "harvest now, decrypt later" (HNDL) strategy is a real and immediate threat, as encrypted data can be stored and decrypted in the future. - The timeline for Q-day is uncertain, but the risk is considered high enough to warrant immediate action. ### 3. Regulatory and Industry Initiatives - **NIST**: Has published several PQC standards, including FIPS 203, 204, and 205, and is evaluating more. - **U.S. Federal Agencies**: Required to begin migration to PQC by 2030 and achieve full quantum-resistant security by 2035. - **EU**: Coordinated roadmaps and minimum requirements for PQC transition by end of 2026 and 2030. - **Israel**: Mandated banking institutions to assess and manage quantum risks, with a deadline for preparedness plans. - **Global Alignment**: Many countries are developing or recommending PQC standards and transition timelines, often aligning with NIST. ### 4. Economic and Security Impacts - A single-day quantum attack on a major U.S. bank could impact GDP by 10–17%, potentially costing \$2.0–\$3.3 trillion. - Quantum threats extend across all sectors, including defense, finance, healthcare, and telecommunications. - The economic impact could be far greater than any previous cybersecurity risk due to the widespread reliance on classical cryptography. ### 5. Blockchain Vulnerabilities - Public-key cryptography underpins blockchain transaction validation, making it vulnerable to quantum attacks. - Bitcoin has about 25% of its coins exposed to quantum risk, while other blockchains like Ethereum and Solana have a much higher percentage. - Quantum attacks on blockchain could allow fund redirection, impersonation, and compromise of digital signatures. ## Key Information ### 6. Quantum-Safe Migration Steps - **Identify**: Locate all uses of public-key cryptography within the organization. - **Prioritize**: Focus on critical systems and long-lived data requiring immediate migration. - **Enable**: Implement crypto-agility and hybrid systems to support both classical and PQC algorithms. - **Migrate**: Execute a phased transition plan aligned with vendor readiness and regulatory guidance. - **Sustain**: Maintain continuous key management and rotation to adapt to new standards and evolving threats. ### 7. Challenges in Migration - Transitioning to PQC is complex, requiring re-engineering of systems, retraining staff, and large-scale implementation. - Legacy systems and custom integrations complicate the migration process. - A skills gap exists in quantum-safe architecture and risk modeling, necessitating investment in expertise. ### 8. Quantum Risk for Blockchains - Blockchains are at risk due to the exposure of public keys, which can be used to derive private keys with quantum computing. - Address reuse and older transaction formats like P2PK increase vulnerability. - Migration to PQC is necessary, and leading blockchains are researching and prototyping new signature schemes. ### 9. Call to Action - Organizations must act now to implement PQC standards to protect long-term confidentiality. - The shift to quantum-safe cryptography is the largest digital infrastructure upgrade in history, surpassing even the Y2K transition. - Collaboration across the ecosystem is essential, including cloud providers, hardware vendors, and global partners. ## Conclusion Quantum computing poses a fundamental threat to current cryptographic systems. While the exact timeline for Q-day is uncertain, the risk is significant enough to demand immediate preparation. The transition to post-quantum cryptography is not just a technical challenge but a strategic and operational one. Institutions must prioritize quantum readiness, invest in PQC adoption, and ensure continuous resilience against future threats. ```