Quantum computers are developing at pace and expected to be able to decrypt all manner of digital security systems much sooner than anticipated - perhaps in three years.
Crypto currency firm Swyftx said the encryption protecting New Zealanders' money, medical records and government data could be vulnerable sooner than expected as artificial intelligence accelerates the development of quantum computing.
Google recently warned quantum computers could be capable of breaking some of the cryptographic systems used in most internet transactions as early as 2029, as AI was helping to overcome technical barriers that once slowed quantum development.
"Quantum is an exponential technology. It's not a problem until it is," Swyftx country manager Paul Quickenden said, adding the threat was closing in "faster than originally forecast."
Quantum computers were expected to become capable of breaking common encryption systems by 2035, otherwise know as the year to quantum (Y2Q), but no longer.
"The problem with quantum computing is that it is not a change that slowly arrives over time. On a single day, actually called Q-day, everything changes, and what once was secure is no longer," Quickenden said.
"The threat is credible enough that responsible organisations should be acting now."
Cybersecurity experts long warned sufficiently advanced quantum machines could break widely used encryption methods, including systems based on RSA and elliptic curve cryptography, which were used to secure online banking, encrypted communications, blockchain wallets and government data transfers.
"If that encryption is broken, it is not broken in one sector or one country. It becomes a global issue," Quickenden said.
The issue was not limited to digital currencies, as the same types of cryptography were used to protect communications, banking apps, access to government platforms, payment systems, health records, private communications and digital identity.
The risk to the cryptocurrency sector was more immediate as blockchain systems relied heavily on public-key cryptography, but the same underlying issue applied to banks, payment providers, cloud platforms, software vendors and government agencies.
Quickenden said one of the most urgent risks was known as "harvest now, decrypt later", where cybercriminals or state-backed actors were actively stealing encrypted data today and storing it until quantum computers were powerful enough to decrypt it.
"That matters because health records, financial records, government files and identity documents can remain sensitive for years or decades."
Investment growth adds pressure
International investment in quantum computing was also accelerating, with AI increasingly being used to help overcome technical barriers.
"The sceptics are right that the fully capable quantum machine does not exist yet. But that is not a reason to wait," Quickenden said.
"Governments and technology companies are putting serious money and AI capability behind quantum computing, and that means the timeline can move quickly."
Governance issues
Quickenden said responsibility for encryption and system upgrades should sit across multiple parties, so that every industry organisation understood who was leading its transition to post-quantum security.
"If you are a bank, a payment provider, a government agency or a health platform, you cannot just assume someone else in the technology chain will solve it for you."
He said organisations should audit their systems, identify where sensitive data was exposed and confirm whether their technology providers had credible post-quantum transition plans.
"We need to start talking about this in New Zealand and asking whether our financial institutions, government agencies and major data holders are preparing quickly enough. This is not something we can afford to be reactive about."

