Citi Flags 'Q-Day' as Risk to Financial Encryption

- A recent Citi report estimates a quantum attack on a major U.S. financial institution could cost the economy between $2.0 and $3.3 trillion in indirect impacts. The same report highlights that approximately 25% of all Bitcoin, valued at around $500-$600 billion, is considered "quantum-exposed" because their public keys have been revealed on the blockchain. - The core of the "Q-Day" threat lies in the vulnerability of asymmetric encryption algorithms like RSA and Elliptic Curve Cryptography (ECC), which are fundamental to securing most internet and financial transactions. Shor's Algorithm, developed in 1994, provides the blueprint for how quantum computers will break this type of encryption. - Adversaries are likely already engaging in "harvest now, decrypt later" attacks, where they capture and store encrypted data today with the intention of decrypting it once a sufficiently powerful quantum computer is available. This makes data with long-term sensitivity, common in financial and government sectors, an immediate concern. - Expert consensus places the arrival of a cryptographically relevant quantum computer in the early-to-mid 2030s. Citi's report cites a 19% to 34% probability of this occurring by 2034, with the likelihood increasing to over 60% by 2044. - In response to the threat, the U.S. government has taken action. The Quantum Computing Cybersecurity Preparedness Act was signed into law, and National Security Memorandum-10 mandates that federal agencies migrate to quantum-resistant cryptography by 2035. - The National Institute of Standards and Technology (NIST) is leading the effort to standardize post-quantum cryptography (PQC). These new cryptographic standards are considered the solution to the quantum threat, with the main challenge being the large-scale logistical effort of migration, not a lack of a technical solution.