Mosca's theorem

In the field of cryptography, Mosca's theorem addresses the question of how soon an organization needs to act in order to protect its data from the threat of quantum computers. A quantum computer, once developed, would have the capacity to break the types of cryptography that have been widely used throughout the world, such as RSA. Although this is known risk, no one knows exactly when a quantum computer will be created. Mosca's theorem provides a risk assessment framework^[1] that can help organizations identify how quickly they need to start migrating to new methods of quantum-safe cryptography.

Mosca's theorem was first proposed in the paper "Cybersecurity in an era with quantum computers: will we be ready?" by Michele Mosca, a professor at the University of Waterloo and co-founder of the Institute for Quantum Computing.^[2] He proposed that if X + Y > Z, then organizations need to worry about the impact of quantum computers on their data. In this formula, X is the amount of time a given piece of data needs to be secure (shelf life); Y is how long it will take your organization to implement post-quantum cryptographic solutions (migration time) and Z is how long it will be before a sufficiently strong quantum computer exists (threat timeline).^[3]^[4]^[5]

While the value of Z is unknown, many national information technology organizations predict the year 2030^[6] or 2035.^[7] Given the complexity of migrating to post-quantum cryptography, Mosca's theorem suggests that most organizations need to be transitioning soon, or are perhaps behind schedule.

Mosca's theorem helped justify the National Institute of Standards and Technology’s 2016 strategy to establish a handful of PQC algorithms with the international community.^[8]

References

^ Kashyap, Anand. "The State Of Cybersecurity (Part Three): Assessing The Risk". Forbes. Retrieved 2025-04-09.
^ "Professor Michele Mosca | Mathematics | University of Waterloo". uwaterloo.ca. Retrieved 2025-04-09.
^ Graps, Amara (2022-05-09). "Quantum Cryptographic Threat Timeline - Inside Quantum Technology". Retrieved 2025-04-09.
^ Anantharam, L. (2024-11-14). "How Quantum Systems Can Unleash New Possibilities, Cybersecurity Risks". www.bizzbuzz.news. Retrieved 2025-04-09.
^ Poeppelmann, Thomas (2021-09-02). "The Battle For Post-Quantum Security Will Be Won By Agility". Semiconductor Engineering. Retrieved 2025-04-09.
^ "National Quantum Strategy roadmap: Quantum computing". ised-isde.canada.ca. 2025-03-07. Retrieved 2025-04-09.
^ "NIST publishes timeline for quantum-resistant cryptography, but enterprises must move faster". CSO Online. Retrieved 2025-04-09.
^ dougfinke (2024-10-20). "Recipe for a Quantum Hype Omelet". Quantum Computing Report. Retrieved 2025-04-09.

[1] Kashyap, Anand. "The State Of Cybersecurity (Part Three): Assessing The Risk". Forbes. Retrieved 2025-04-09.

[2] "Professor Michele Mosca | Mathematics | University of Waterloo". uwaterloo.ca. Retrieved 2025-04-09.

[3] Graps, Amara (2022-05-09). "Quantum Cryptographic Threat Timeline - Inside Quantum Technology". Retrieved 2025-04-09.

[4] Anantharam, L. (2024-11-14). "How Quantum Systems Can Unleash New Possibilities, Cybersecurity Risks". www.bizzbuzz.news. Retrieved 2025-04-09.

[5] Poeppelmann, Thomas (2021-09-02). "The Battle For Post-Quantum Security Will Be Won By Agility". Semiconductor Engineering. Retrieved 2025-04-09.

[6] "National Quantum Strategy roadmap: Quantum computing". ised-isde.canada.ca. 2025-03-07. Retrieved 2025-04-09.

[7] "NIST publishes timeline for quantum-resistant cryptography, but enterprises must move faster". CSO Online. Retrieved 2025-04-09.

[8] ugfinke (2024-10-20). "Recipe for a Quantum Hype Omelet". Quantum Computing Report. Retrieved 2025-04-09.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]