How Avengers: Endgame can teach us about quantum computing’s threat to encryption

**Warning, this article contains spoilers for Avengers: Endgame**

At some point in the future, someone with bad intentions is going to figure out how to use technology to transport back in time and steal all of your secrets.

Well, that’s almost true. When quantum computing is solved, it will be capable of cracking algorithms used for encryption today. As a result, CIOs have to start thinking about how to encrypt their data against this future threat today. Otherwise, a well-planned attack might steal that encrypted data today, stowing it away to decrypt in the future to attain the desired information.

It’s a tough conundrum, but one that’s also explored in the latest silver screen Marvel epic, Avengers: Endgame. We’ll be delving into spoilers below the graphic, so don’t scroll down if you don’t want the plot of the movie revealed to you.

Avengers Endgame - Thanos ship




Using a convoluted plot device to understand a complicated security concept may not actually make it easier to understand. But it’s going to be fun.

The Mosca model explains quantum computing’s risk to encryption

For just how worried we should be about quantum computing being used to break all of our encryption, there’s no one better to explain it than Michele Mosca, a special advisor on cyber security to the Global Risk Institute and deputy director at the Institute for Quantum Computing. He’s written extensively on this topic and given many presentations about it, and I spoke with him on the phone about it in Summer 2018.

Like any good mathematician, Mosca calculates the risk with an equation – dubbed the Mosca model. First, let’s define our variables:

  • X – security shelf-life. How long does the data need to be secure for?
  • Y – migration time. How long will it take to migrate to a new solution?
  • Z – collapse time. The time until current cyber defences are dusted by attackers armed with quantum technology.

If X+Y > Z, then assemble the Avengers, because it’s time to panic. In other words, if your data is going to be valuable for a long time and it will take a long time to migrate it to a new encryption standard, the more worried you should be about it being vulnerable to a future quantum decryption attack.

Clearly, no one told Thanos about the quantum threat

In Endgame, our favourite all-star team of superheroes (or at least, what’s left of them after the Snapture) figure out where Thanos is hiding out and promptly blast off through space to confront him. Their hope is to recover the Infinity Stones and use them to undo the damage done in part one of the saga’s finale, Avengers: Infinity War. Unfortunately, Thanos has wisely already destroyed the powerful stones, meaning the plan is at a dead end.

Thanos must have some basic cyber security training because he’s clearly familiar with good data retention policy. If you can delete sensitive data, do it. Don’t wait around for someone to show up and steal it to use against you, whether it’s thwarting your plans to shape the universe or just run a business.

But he’s less up to speed on his Mosca model. It turns out the Avengers come up with a clever plan to go back in time and retrieve the Infinity Stones from known locations, at a time prior to their destruction. (We won’t be exploring the crazy bag of cats logic of this plot, that’s for other articles. This is about serious science.)

In our metaphor, Thanos is actually the victim of the attack by the Avengers team. He’s deleted his important data after using it for its purpose, but it turns out the Avengers have already retrieved a copy from the past. Now that they’ve invented the technology to make use of it in the future, they can successfully exploit this vulnerability to get the payload.

It’s just like how your company’s encrypted data could be syphoned off today with the intent to decrypt it with tomorrow’s quantum technology.

Let’s examine Thanos’ vulnerability using the Mosca model.

  • X, the shelf life of the Infinity Stones is well, infinite.
  • Y, the migration time to a new protection method, is incalculable since they’ve existed since before time began. Also, some Infinity Stones have guardians that seem entrenched in traditional approaches and aren’t open to an agile approach. (The Ancient One proves flexible for The Hulk, but the Red Skull is pretty rigid on Vormir.)
  • Z, the collapse time, is five years. The amount of time the Avengers take to come up with precision time travel after witnessing Thanos destroy the stones.

Given that calculation, Thanos was facing a red alert situation at the time, but didn’t know it. If he’d considered that time travel technology would soon be invented, perhaps he could have willed the destruction of the Infinity Stones throughout all time and space. (But who knows how that technology is operated.)

So how long do I have before getting quantum-dusted?

The good news for you is that you’re reading this article, so you’re considering that quantum computing technology is coming at some point in the future. It could be five years, it could be 10, it could be 50. We really don’t know.

But what we do know is that many tech giants, including Google, IBM, and Intel all have functioning quantum chips. Governments are pouring billions of dollars into researching the field, as the potential benefits could be huge in many different fields. The thought of being the first to have the capability to decrypt the state secrets of other countries might also have crossed their minds.

Mosca thinks there’s is a one in seven chance a quantum computer will break RSA 2048 encryption by 2026, and there’s a 50-50 chance it will be done by 2032.

Quantum-proof security measures already exist today and you can start implementing them. A few solutions to explore:

So don’t make the same mistake as Thanos and have all your hard work ruined by a band of rogues with technology from the future. Take the steps required to protect the data that represent your own Infinity Stones.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Brian Jackson
Brian Jackson
Former editorial director of IT World Canada. Current research director at Info-Tech

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now