e keep hearing that quantum computers could be a catastrophe for
the secure communications that we rely on for the Internet,
banking, and government. But how does that work and
why is it such a threat? This quick tutorial will tell
you using simple examples. And, for a limited time only,
no math . . . hardly.
Cryptography is one of those topics where authors are all very careful not to tell you anything useful. Very few books actually say anything meaningful about breaking encryption. Mostly you have to learn by doing.
There are many types of ciphers, so there are many different things a quantum computer might have to do. They fall into three categories:
Block ciphers like DES and AES, where the eight bits in each character are split up and shuffled throughout the message using substitution boxes or S-boxes. Computers are good at this. The bits get ‘randomly’ dispersed, so the first bit in the first letter, say ‘W’ (01010111 in binary), might end up as part of a ‘t’ at position 50, the second bit (‘1’) could end up inside a ‘k’ at position 126, and so on. Attacking these requires very complicated algorithms.
Stream ciphers where some kind of random number is generated and used to change one byte at a time. The random number generator uses long integers and in the simplest version uses a 128-bit number called a seed to create a unique sequence of numbers. There are 3.4×1038 possible values, so it’s hard to guess. But if you succeed, attacking it is easy.
Key exchange This is what people usually mean when they talk about factoring large numbers. Public key encryption is a way of establishing a secure connection over an insecure medium and it’s the one quantum computing usually focuses on.
Diffie-Hellman key exchange for dummies
The prototypical example of public key encryption is Diffie-Hellman
(D-H) key exchange. The goal is to exchange keys in a secure way.
Suppose two parties, Alice and Bob, want to start a conspiracy to
spring their comrades Ted (who’s in Leavenworth for espionage)
and Carol (who had gotten too involved with her qubits).
They each pick a different prime number at random, called
a and b, and keep them secret.
They agree on a public number g and a
constant p for doing modular arithmetic.
They calculate public numbers A and B
and email them to each other:
A = ga mod p
B = gb mod p
The two spies now calculate a shared secret number by
calculating
Ab and
Ba.
Through the magic of math, this gives them the same number. For
example, if g, a, and b were 2, 3, and 5, the public numbers
would be 8 and 32 and the secret number would be 32768:
(23)5 = 85 = 32768
(25)3 = 323 = 32768
That’s the basic principle. Of course nowadays there are improved versions that use authentication. There are also lots of tricks to creating good numbers for a and b. Everything is done using modular arithmetic, partly because the numbers are far too big for computers to handle. The use of modular arithmetic also means there zillions of numbers that give the same value. For instance, 3218 is a 104-digit number. Doing everything mod 1000 makes the answer 489. In this case there are 2.1×10101 other smaller numbers that also give 489. This is still an enormous search space.
Both parties can now send their love notes to each other without Eve (the eavesdropper), Fred (who has a crush on Alice), or Gabby (who repeats everything she hears) reading them by grinding the text through this big number.
Breaking encrypted messages
To break this type of code you would need three things:
The ability to factor large numbers
The ability to guess what the shared secret number is
The ability to check the result
Suppose a quantum computer will someday work properly and be able to factor a gigantic number, perhaps using a quantum version of Shor's algorithm. That gets them past step 1. But factoring a big number isn’t enough. How can they tell whether they factored the correct one? To do this, their software also needs a merit function.
Without a merit function, the quantum computer would have to test each possible answer against the server, which would make it no faster than a brute force attack. A typical merit function might be to re-encrypt it and test if it matches, or to test whether the output is grammatical English text.
If the key is only a few thousand bytes long,
there would be billions of results to test. You couldn’t
just blast them to Bob’s server because he’d certainly
have a rate-limiting step to make that impossible.
If Bob and Alice used D-H for their
entire message, you could test it against your copy
of their message. Even there, as AI has shown
us, there is a vast number of grammatically correct
paragraphs that the plaintext could be. Being experienced
secret agents, Bob and Alice play it safe and encrypt all
their text with a block cipher to make it nearly impossible
for the attackers to know if they found the right key.
This means that the biggest threat is to individuals and institutions that encrypt large volumes of material using the same key, not necessarily D-H but something involving large primes. That is the target for a quantum computer. It is not going to crack something small like an Emergency Action Message, which is only a few bytes long, and it won’t magically power its way into your computer.
Security also comes from eliminating redundancy and predictability in the message. That’s where some encryption systems failed: the Soviets reused their one-time pads. The Nazis tacked a ‘Heil Hilter’ or whatever his name was at the end of every message. If security is done properly, breaking it is a significant challenge even for a quantum computer. And at the moment these devices must overcome an even bigger obstacle: the challenge of non-existence.
The smaller the message space, the harder it is to crack because you could decrypt it to mean anything. It’s not like in the movies where a super-intelligent robot with Bluetooth and a slinky gold lamé dress walks past a computer and the screen magically turns green.
Quantum-proofing
Since each qubit can exist in two superposed states, an array of only ten qubits can represent 210 or 1024 states. An array of 1000 can represent 1.0715×10301 states, more than any cryptographic system today. Theoretically, given a suitable merit function, that makes them ideal for some types of cryptographic attacks. But until we know whether quantum computers will work as hoped, quantum proofing is just a way of hedging our bets.
Of course, the ability to represent many states is not unique to qubits. The difference is that because qubits are capable of entanglement, they can interact with each other. This means that using a property called quantum parallelism you could evaluate a function f(x) for many different values of x simultaneously. The information is not accessible until the computation is finished, when you get a classical answer. The example people always give is Schor’s algorithm for factoring a number of length N. On a classical computer, it would take 2N steps. On a quantum computer, it would only take N2 steps. So for a 100-digit number, you theoretically get a speed-up of 1.2677×1026 times. Exactly how qubits do this is way beyond the scope of this blog.[1,2]
The attitude of most cryptography experts is that the risks are understood and solutions are becoming available. NIST has many candidates already. The only question is which is best. The much-hyped elliptic curve cryptographic systems seem to have lost their luster in favor of lattice-based algorithms. It will be up to NIST to decide and most people will follow their recommendation.
When they do, the biggest change for the average Internet user would probably be to download a new version of Firefox. Even so, normal security rules still apply: avoid ftp and telnet, keep your credit card number off your cell phone, use strong passwords, and keep your firewall rules up to date. And keep Bluetooth turned off in case somebody wearing gold lamé shows up.
Should we panic now, or wait till later?
Nobody is going to spend 10,000 dollars in electricity, cooling, and liquid helium to get into your Amazon account and steal your shipment of dental floss. The main target will be governments and maybe banks. The fact remains that the easiest way to get the keys to somebody’s computer is to point a gun at their head. So the main targets of quantum computers will be places where that doesn’t work: governments where nobody knows anything and banks where everybody is behind four inches of polycarbonate.
In this age where all news is fake news until proven otherwise, we will also soon need authentication and encryption for images and even ordinary text.
A big problem for end users who need to encrypt things is that there are so many variations that hardly any two implementations can read any other software’s files. AES has 128, 192, and 256 bit as well as ECB, CBC, CTR, and GCM modes. What happens if you encrypt your files with a set of options that suddenly disappears? This isn’t hypothetical: I almost lost a backup file when one well known site dropped their DES utility and an unexpected compiler change made their old version unusable. This sort of thing discourages use of encryption altogether. Yes, DES only has 56 bits, but it is not as easy to break as everybody thinks. But the average user doesn't get a choice.
You might be wondering whatever happened to those two lovebirds Bob and Alice. My theory, which you’ll never read about in cryptography books, is that Alice and Bob finally arranged a meeting at the Giant supermarket in Silver Spring, Maryland. They fell in love, got married, and had four children: Harry, Ida, Jack, and Kim.
[1] Nielsen MA, Chuang IL. Quantum computation and quantum information. Cambridge 2000
[2] Bouwmeester D, Ekert A, Zeilinger, eds. The physics of quantum information. Springer, 2000
jun 02 2026, 3:20 am. updated jun 3 2026
