Toby Cubitt, cofounder of Phasecraft.


October 25, 2023

Quantum computing is not a threat to national security. So why can't Europe work together?

There are technologies that are highly sensitive and pose a significant security risk. Quantum computing is not one of them

Toby Cubitt

5 min read

Ever since the Enlightenment, scientific and technological progress has transcended borders.

At his observatory in Denmark, Tycho Brahe chartered the orbits of the planets, which Johannes Kepler used to develop his three laws of orbital mechanics in Germany.

In England, Isaac Newton realised that Kepler's laws could be explained by a gravitational force obeying an inverse-square law. Newton, along with Gottfried Wilhelm Leibniz in Germany, invented calculus in order to calculate orbital motion.

Centuries later, calculus and Newton's theory of gravity allowed the US to put the first human on the moon.


When the nations that birthed the Enlightenment put up barriers to scientific collaboration, the only winners are the opponents of reason and discovery. 

The UK and EU cut themselves off from the inheritance of centuries of scientific collaboration when the Horizon 2022 project excluded British scientists and academics after Brexit.

The resumption of scientific collaboration between the nations of Brahe, Kepler, Newton, Leibniz and others through the re-accession of the UK to the Horizon Europe programme — confirmed in September — is something we can all welcome.

But this relief is sadly tempered by the increasingly protectionist barriers the UK, EU and US are erecting by classing increasingly broad areas of fundamental science and technology as areas of "national security importance". 

As a consequence, every quantum project that applies to be included in Horizon will need to be reviewed on a case-by-case basis. Certainly, there are technologies that are highly sensitive and pose a significant security risk. Quantum computing is not one of them.

Quantum’s security problem 

The exclusion of quantum technology from joint international research collaborations revolves around “strategic importance” — not just national security. But quantum computing is uniquely singled out because of misapprehensions about its impact on cryptography.

The concern stems largely from the most famous quantum algorithm: Shor's factoring algorithm. 

Ever since the time of the ancient Greeks, people have been seeking a way to factor large numbers, meaning finding smaller numbers — called factors — that, when multiplied together, give back the original number. 

There are few, if any, national security implications of quantum computers and algorithms.

For over 2,000 years, no one has found a method of factoring that is much better than trying to divide by two, then by three, etc. until you finally happen upon a factor. At least, not one that can be carried out by conventional means, or even by supercomputers. 

But in 1994, Peter Shor came up with an algorithm that would allow quantum computers to factor large numbers far faster than any conventional supercomputer.

So, why is this seemingly obscure mathematical problem a risk to national security? 

Well, it turns out that one of the original and still widely used cryptographic systems — which is used to protect credit card transactions on the internet — is based on the difficulty of factoring large numbers. 


Moreover, all the other cryptographic systems used on the internet are based on related mathematical problems, which can also be solved by generalisations of Shor's algorithm. 

Once someone builds a quantum computer large enough to run Shor's algorithm, these systems can all be broken, and all communication rendered insecure.

Surely, then, quantum computing is a sensitive technology with national security implications that should be locked down and tightly controlled?

No. This conclusion is based on a naive, incomplete understanding of the science and technology behind quantum computing and quantum algorithms.

Decades away from fault-tolerant quantum computing

Despite impressive progress in recent years, quantum computers remain extremely primitive. 

No one has yet solved a useful problem on a quantum computer, that could not also be solved effectively on conventional computers.

 The first niche, but useful, applications of quantum computers to condensed matter science may happen within the next three to five years. These will open up applications in materials and chemistry modelling, promising improvements to the materials used in key technologies, such as batteries and photovoltaics. 

Beyond that, if quantum computing hardware continues to progress, applications in optimisation may come within reach in the next decade. 

But of all the quantum algorithms we know, Shor's algorithm is the most demanding. It can only be run on a fully scalable, fault-tolerant quantum computer. 

Building one of those requires billions of qubits and trillions of layers of quantum gates; current quantum computers have around 100 usable qubits and can only manage a few 10s of layers of gates.

If not now, then when

The consensus in the quantum computing research community is that, one day, fault-tolerant quantum computers will ultimately be built.

But, even then, Shor's algorithm is almost irrelevant to communication and internet security. 

In the nearly three decades since the discovery of Shor's algorithm, the field of cryptography research has not been sitting idle. 

Once it became clear that quantum computers might eventually be able to solve the hard mathematical problems underlying the security of existing cryptography, researchers started looking for alternative mathematical problems on which to base the security. 

These are problems that cannot be solved by quantum computers. Now, post-quantum cryptography has flourished into a major field of research. 

There are now well-established cryptographic systems, for example lattice-based systems, that cannot be broken even by large-scale quantum computers.

Organisations have already tested out deploying these post-quantum systems on the internet, and NIST has already announced a standard for post-quantum cryptography. 

With this fuller picture of the science and technology behind quantum computing and algorithms, it becomes clear that whilst quantum computers may have significant applications in materials science and chemistry, and perhaps even in optimisation problems, their impact on communication security will be negligible or non-existent.

 It may be decades before we see quantum computers capable of running Shor's algorithm on non-trivial problems. And we already know now how to design and deploy post-quantum cryptographic systems. By the time quantum computers can run Shor's algorithm, internet security will already be immune to quantum algorithms.

There are few, if any, national security implications of quantum computers and algorithms. But there are huge risks in how the UK, EU and US manage the development of this technology. 

Erecting barriers to scientific and technology collaboration in this field due to imagined risks to national security will only serve to hinder progress on the very real promise of applications in condensed matter, materials science and chemistry. 

The UK, EU and US have a long tradition of technological strength built on open scientific collaboration dating back centuries. 

As close partners, democratic nations and allies, we cannot afford to squander the advantages of collaboration in quantum technology. Doing so would be a far greater risk than the imaginary national security risks based on a lack of understanding of the underlying science.