Workshop 3: Quantum Computing: Global Challenges and Security Opportunities

Summary

This discussion focused on the challenges and opportunities presented by quantum computing, particularly in relation to cybersecurity and encryption. The session featured presentations from experts in the field, highlighting both the potential benefits and risks associated with this emerging technology.

Tim Smith from CERN emphasized the importance of international collaboration and applications for society, stressing that the quantum revolution is already underway. He highlighted the need for multilateral governance and capacity building to ensure equitable access to quantum technologies.

Mark Mattingley-Scott discussed the quantum threat to current encryption methods, explaining the concept of “harvest now, decrypt later” and the urgency of developing post-quantum cryptography. He emphasized that while large-scale quantum computers are not yet available, preparations for quantum-safe security must begin immediately.

Elif Kiesow presented research on the social implications of quantum computing, focusing on organizational needs for migration to post-quantum cryptography and the potential impact on IoT security. She stressed the importance of creating cryptographic inventories and considering quantum-readiness in public procurement.

The discussion touched on various concerns, including the risks of dual-use technology, the digital divide, and the need for public awareness. Participants emphasized the importance of bridging the gap between researchers, industry, and policymakers in quantum technology development.

Key takeaways included the need for proactive measures in adopting quantum-safe encryption, the potential for quantum technologies to exacerbate global inequalities if not managed properly, and the importance of international cooperation in shaping the future of quantum computing. The session concluded with a call for increased public awareness and investment in quantum technologies, particularly in Europe, to ensure responsible development and widespread benefits.

Keypoints

Major discussion points:

– The current state and future potential of quantum computing, including opportunities and risks

– The need for post-quantum cryptography to protect against future quantum threats

– The importance of international collaboration and governance frameworks for quantum technologies

– Raising awareness and building capacity around quantum computing across sectors and geographies

– Addressing potential digital divides and ensuring equitable access to quantum technologies

The overall purpose of the discussion was to examine the global challenges and security implications of quantum computing, while exploring opportunities for responsible development and governance of this emerging technology.

The tone of the discussion was generally balanced, starting with a hopeful outlook on the potential of quantum computing, then shifting to more serious warnings about security risks, before concluding with pragmatic recommendations for moving forward. There was an emphasis on the need for proactive, collaborative approaches to harness the benefits of quantum computing while mitigating potential harms.

Speakers

– Wout de Natris-van der Borght: Moderator, Internet Governance and Cybersecurity Consultant, Coordinator of the Internet Governance Dynamic Coalition Internet Standards, Security and Safety

– Tim Smith: Coordinator, Open Quantum Institute at CERN

– Mark Mattingley-Scott: Chief Revenue Officer at Quantum Brilliance

– Elif Kiesow: Project Lead of the IGF Dynamic Coalition Internet Standards, Security, and Safety, Working Group 9 on Quantum Computing

РJ̦rn Erbguth: Focal point for the session

Additional speakers:

– Marijana Puljak: Member of the Croatian Parliament and Parliamentary Assembly of the Council of Europe

– Biljana Zaslova-Friedrich: Senior Project Manager at European Centre of Quantum Sciences

– Karen Mulberry: Focal point for the session (mentioned but did not speak)

– Online moderator: Unnamed person who introduced the session

Quantum Computing: Challenges, Opportunities, and Global Implications

This comprehensive discussion on quantum computing brought together experts from various fields to explore the challenges, opportunities, and global implications of this emerging technology. The session, moderated by Wout de Natris-van der Borght, featured presentations and insights from key speakers including Tim Smith from CERN, Mark Mattingley-Scott from Quantum Brilliance, and Elif Kiesow, Chair of Working Group 9 on Emerging Technologies of the IGF Dynamic Coalition Internet Standards, Security, and Safety (DCISSS).

Current State and Future Potential of Quantum Computing

A central theme of the discussion was the current state and future potential of quantum computing. Tim Smith emphasised that “the second quantum revolution is already underway,” challenging the common perception that quantum computing is a future technology. He argued that quantum computing is already being used in hybrid systems, highlighting the urgency for engagement and proactive measures.

Mark Mattingley-Scott provided a slightly different perspective, noting that while quantum computers at scale are not yet available, they are beginning to solve some problems faster than classical computers. This nuanced view underscores the rapid progress in the field and the need for preparedness.

The speakers agreed on the transformative potential of quantum computing across various sectors. Tim Smith introduced the Open Quantum Institute (OQI), which focuses on exploring future applications aligned with UN Sustainable Development Goals. Mark Mattingley-Scott highlighted Europe’s unique position to lead in quantum technologies.

Cybersecurity Implications and Post-Quantum Cryptography

A significant portion of the discussion focused on the cybersecurity implications of quantum computing. Mark Mattingley-Scott introduced the concept of “harvest now, decrypt later,” explaining that encrypted data stored today could become vulnerable to future quantum attacks. This highlighted the urgency of developing and implementing post-quantum cryptography (PQC).

Elif Kiesow provided insights into the practical aspects of PQC, noting that it can run on classical computers. She emphasised the importance of organisations creating detailed cryptographic inventories as a first step towards post-quantum migration. Jörn Erbguth added a legal perspective, pointing out that current laws like GDPR already effectively mandate the use of quantum-proof encryption for relevant data.

The discussion also touched on the potential risks of quantum computing as a dual-use technology. Tim Smith warned that without anticipatory governance, quantum computing could undermine digital security and fuel geopolitical tensions.

Global Collaboration and Governance

The speakers unanimously agreed on the need for international collaboration and governance frameworks for quantum technologies. Tim Smith emphasised the importance of shaping global governance to ensure equitable access and benefits. Elif Kiesow suggested that the Internet Governance Forum (IGF) could play a crucial role in bringing stakeholders together.

Marijana Puljak, a member of the Croatian Parliament, highlighted the need to bridge the gap between researchers, industry, and policymakers in quantum technology development. This point resonated with other speakers, who agreed on the importance of a multistakeholder approach to quantum governance.

Addressing the Digital Divide

Elif Kiesow raised a crucial point about the potential for quantum technologies to exacerbate global inequalities. She warned of an increased risk of digital divide if some countries migrate to PQC while others do not. This concern was echoed by other participants, who stressed the need for international cooperation and support to ensure that developing countries are not left behind in the quantum revolution.

Public Awareness and Capacity Building

The discussion highlighted the critical need for raising public awareness and building capacity around quantum computing. Tim Smith emphasised the importance of creating public demand for quantum solutions, while Marijana Puljak stressed the need to train younger generations and industry professionals in quantum technologies.

Biljana Zaslova-Friedrich suggested targeting both industry and policymakers to increase awareness and adoption of quantum technologies. She also mentioned the ongoing EU quantum strategy consultation process, highlighting the importance of stakeholder input in shaping policy.

Conclusion and Future Steps

The session concluded with a call for increased public awareness and investment in quantum technologies, particularly in Europe. The speakers agreed on the need for proactive measures in adopting quantum-safe encryption and the importance of international cooperation in shaping the future of quantum computing.

Key takeaways included:

1. The urgency of preparing for the quantum era, with emphasis on hybrid quantum-classical systems already in use.

2. The need for global governance frameworks to ensure responsible development and equitable access to quantum technologies.

3. The importance of implementing post-quantum cryptography to protect against future quantum threats.

4. The potential for quantum technologies to exacerbate global inequalities if not managed properly.

5. The critical role of public awareness and capacity building in driving the development of beneficial quantum applications.

As next steps, Jörn Erbguth presented draft messages from the session. The group plans to present a draft report on the social implications of quantum computing to AFNIC, followed by a public consultation process. Results and reports will be published on the is3coalition.org website, further advancing the dialogue on this crucial technological development.

Wout de Natris-van der Borght:

Online moderator: Good morning, everyone, and welcome to today’s session. We’re really glad to have you here. Before we begin, I’d like to quickly go over a few session rules. Please enter your full name on this Zoom session. To ask a question, raise hand using the Zoom function. You will be unmuted when the floor is given to you. When speaking, switch on the video, state your name and affiliation. Do not share links to the Zoom meetings, not even with your colleagues. Now I’ll hand over to our session moderator to guide our through the session. Thank you.

Wout de Natris-van der Borght: Thank you. Welcome and good morning. After a good party last night, I think, here at the Council of Europe. Welcome to Eurodig’s 2025 Workshop 3, and that is called Quantum Computing, Global Challenges and Security Opportunities. My name is Wout de Natris-van der Borght. and I am your moderator of the day and I, to introduce myself, I work as an Internet Governance and Cybersecurity Consultant and I’m the coordinator of the Internet Governance Dynamic Coalition Internet Standards, Security and Safety. This morning we’re going to take a close look at the future of computing and as you will find look at what people in decision-making positions need to decide on in the present to be secure in the future. That makes this workshop topic extremely timely as the world’s government, scientists and industry face some tough choices. Sorry? I can move a little bit closer. Hopefully that works. I can only do one at the same time. Yes, maybe because I’m the boss here at the moment. I hope this is better. So, I’ll go a little bit back and say that today we have a choice because looking back we can compare the launch of the public internet or social media and IoT and everything connected to the internet to a new vehicle being launched from the top of a mountain. So, here’s a new driver sitting in the car and he’s going down the mountain slowly but surely but while driving the driver starts finding out that there are no security features built in. into that car by design in any way. There’s no braking lights and no brakes. There’s no handbrake, there’s nothing. He just goes down the hill faster and faster and then he sees a side of the road, people, I’ve got brakes for you, and they start running behind him, trying to put it on while he’s speeding ever faster and faster down that mountain. And that is ICT for you. Comes on, it works, it goes, and then we have to start thinking about security. And you have to buy them as end user. Yourself is not there secure by design. So why am I looking at an empty chair on the screen? Or is that? I think it’s because that microphone is also used. This one. Okay. No. No. Yes, I think this is better than looking at an empty chair. So I think you got the picture on this car going down the road. And now we’re at the advent of quantum computing. And as everybody is warning us, that is going to change the whole ballgame once again. And we got that option now to fix this new technique before it starts its descent down the mountain. We also got the option to secure everything that is here now and protect it from the speed of quantum computing. And we don’t know if that is tomorrow, next year, or 10 years from now, but the fact is it will probably be here somewhere in the near future. Today, we will look at the threats and opportunities that quantum computing poses, such as cryptography and data protection. Quantum computing threatens today’s encryption, but it also provides new ways to secure data. It will require new frameworks. that take proactive steps to ensure compliance with the regulatory requirements and security standards while enabling innovation to flourish. What we’re not discussing is what quantum computing is. I hope you have taken the time to participate in the Eurodig webinar on 30 April, or you had the time to view it later to prepare for this session. You can also do that after the session, of course, but without further ado, let’s start and introduce the key participants. I have here, to my furthest right, we have Mark Mattingley-Scott. He’s Chief Revenue Officer at Quantum Brilliance based in Germany. I have Elif Kiesow, who is the Project Lead of the IGF Dynamic Coalition Internet Standards, Security, and Safety, Working Group 9 on Quantum Computing, and hopefully, Tim is there, Tim Smith is there, because I’m not watching the Zoom at this moment. Tim Smith is there, and he’s Coordinator, Open Quantum Institute at CERN, and they all go three, gonna talk about quantum computing from a different angle. But first, I give the floor to Tim Smith, and I think he’s going to make a positive statement about how to approach developments and to avoid the worst. And in a sentence, he described it as keeping the QC opportunities in focus through international collaboration and applications for society. So, Tim, the floor is yours, and what I have to mention first, we have three presentations. After that, we have time for questions and dialogue, as that is what this session is supposed to be about. So, we have about half an hour to discuss this topic. Thank you very much, and Tim, the floor is yours.

Tim Smith: Fantastic. Thanks very much. Can you hear me well?

Wout de Natris-van der Borght: Yes, thank you.

Tim Smith: Perfect. Okay, well, thank you very much for this opportunity. I’m really sorry I can’t be there. there in person to be with you. But nonetheless, I’d like to join in with the discussion by, as was just said, making a bit of a positive outlook on the opportunities because the second quantum revolution is already underway. It’s already here. It’s not a question of waiting. It’s a question of being part of it and shaping it. Okay, a handful of algorithms have been created already to harness the potential, but just a handful, and we’re still looking for more, algorithms such as factoring of large numbers, searching of unsorted databases, Hamiltonian simulations, solving linear systems of equations or optimizations. And we’re looking for ways of applying these to applications that are beneficial to society. But we do know that to run these at the moment needs millions of qubits with low error rates and long coherence times. And we don’t have those in the current hardware. So we’re some years off exploiting. So people have said we have time and we’re talking of a year, five years, 10 years, but we don’t actually, because already we found ways of using hybrid techniques to use these already modest scale quantum computers that have been built, even if they have curtailed coherence as co-processors basically in a hybrid mode. So we’ve created these noisy intermediate state quantum computers with algorithms that can be used today, variational quantum algorithms, which alternately delegate the classically difficult parts to the co-processor quantum computer, and then perform some of the difficult, some of the steering on the sufficiently powerful classical devices. So we’re using quantum computers today already to make tough calculations. They’re not going to take over the world, they’re not going to replace all of classical computers, but they’re going to augment in the most difficult calculations by giving us new ways of doing things faster. So the question is, which calculations? Now, unfortunately, in today’s geopolitical context, the developments of these algorithms are being done with a focus on sovereignty, security, race for supremacy. But we learned to our peril from past tech waves like AI, that unless you do multilateral governance and international cooperation on R&D in advance, it will not land on society correctly.

Online moderator: So now is the time to shape global governance and explore impactful applications for society and our planet. And in this optic, we launched at CERN here, the Open Quantum Institute. It was conceived by JESDA and we’re now hosting at CERN, which focuses on exploring these future applications with a focus on the UN Sustainable Development Goals, on accelerating them. So we’re a novel science diplomacy instrument offering a neutral platform for international collaboration between researchers, diplomats, the private sector, philanthropy, because we believe humanity’s biggest challenges today are shared global challenges. So therefore, it necessitates transnational collaboration to ensure that it will be able to benefit and unlock the potential of quantum computing for everyone and not just a few. And we also think this is the only way to make solutions which reflect the genuine needs of diverse population. So not only are we looking for the applications, but if we want the. global population to be involved, we need to do capacity building. So we’re also trying to do capacity building in the underserved geographies, quantum hackathons, educational material and educational programs in quantum computing. But not just that, with the doers, but what about all the decision makers? So we’re trying to raise awareness as well with the lawmakers and the diplomats by getting them to play a serious game, the quantum diplomacy game, to understand the geopolitical implications of developing a new type of technology. So in summary, the quantum opportunities also bring risks. The rapid development is outpacing equitable access frameworks and exacerbating existing global inequalities. The infrastructure, supply chain, intellectual property is again being concentrated in just a few countries, just a few private corporations, creating yet again the risk of technological monopolization. So without anticipatory governance, this dual-use technology could undermine digital security and fuel even more geopolitical tensions. So if development is driven solely by strategic or commercial interests, it risks diverging from the potential impact on the SDGs and impact on society. As a little bit of hope, governance-oriented frameworks are already taking shape, such as the World Economic Forum’s quantum computing governance principles that define global guidelines to assess and manage the opportunities and risks of quantum computing, and the OQI itself. which exemplifies how quantum innovation can be guided by multilateral cooperation and SDG-focused governance. So we need more of these international collaborations and we hope that the OQI will provide the neutral platform where we can accelerate these dialogues and shape the effective governance. Thank you.

Wout de Natris-van der Borght: Thank you Tim and I think also from a hopeful point of view and that you see the first positive steps going but there’s also a strong warning coming with your hope and message so thank you for that. From the positive side we’re going to move to the dark side and we have Mark here sitting to my left. Mark Mattingley-Scott and as I said he’s Chief Revenue Officer at Quantum Brilliance and as he said in his introduction to me somebody has to deal with the bad side so Mark I give the floor to you and tell us how bleak our future is.

Mark Mattingley-Scott: Well thank you for that introduction. I don’t quite know what to make of that other than the fact that in my circle of friends in Germany there are many people from the Balkans and they told me that if you slightly mispronounce my first name it means darkness so I guess that fits. So I want to talk about the quantum threat and the race for quantum safe security but I’m also posing the question of is it really a threat. So there is a real growing issue posed by quantum computing, quantum technologies that touches all of us working in security and engineering and Let’s go down the rabbit hole a little bit and look at what that means for encryption and digital security. Quantum computers, as Tim said, will one day be able to break today’s cryptographic methods. Cryptography, as we know it today, relies on mathematically hard computations, typically factoring a number, so it’s very easy to multiply 3 by 5 and understand that the answer is 15. We can also, we can all do the reverse operation, because we all know that 15 is 3 times 5, but for arbitrary large numbers, those two operations are highly asymmetrical. A lot of the cryptographic infrastructure we rely on today relies on that and other similar mathematical asymmetries. In quantum computing, one of the founders of quantum computing, a guy called Peter Shaw, who’s a professor at MIT, invented an algorithm which basically takes that problem of factoring a number and it makes it look a little bit like playing a chord on a piano. I’m oversimplifying here. And then you can use a quantum computer to essentially extract what amount to the notes, and those notes are then the factors of that number. And this algorithm is extremely high-performance if run on qubits. There is another algorithm called Grover’s algorithm. Lev Grover invented that, which has a similar effect on calculating checksum-based cryptography. And there are other approaches, compromises, approximations to both. Grover and Shor’s algorithm, which will one day pose a threat. So when I say will one day, where’s this technology right now? We are in the position that we can, depending on the hardware, underlying hardware, generate a handful of qubits up to maybe a hundred, hundred and fifty qubits, maybe a couple of hundred qubits, reliable, low error, sometimes low error qubits. Just to give you a feel for where we need to be, it’s a bit like saying we’ve just built a paper airplane, but we need to fly to Mars and build a colony. So we’re still a way away, but the principles have been established. Now the question comes, well why do we care if that’s first going to be a real threat in 10, 20, 30 years? And the problem here is called harvest now and decrypt later. So encrypted data is very often used in situations where it’s stored and becomes amenable or possibly attackable at some future point. Think of anything based on a blockchain, where essentially you’re signing each epoch in the blockchain. If you can in 20, 30, 40 years break that blockchain, break the encryption, you can essentially rewrite the entire blockchain. And if you’ve got a currency based on that, that might be a bit of a problem. Symmetric cryptography is also not immune. As I mentioned, Glover’s algorithm halves basically the key strength of any cryptographic key. So a 256-bit key becomes effectively 128-bit key, which is a very different problem to attack. We now have a thing called post-quantum cryptography. It’s based on what are called quantum-resistant problems. So there are some problems which are still computationally unfeasible even for quantum computers, and this new type of cryptography is based on such methods. Things, if you hear about things like lattice codes and hash-based codes, then that’s what we’re talking about. Additionally, the United States National Institute of Science and Technology recently published and recommended a series of methods for ensuring quantum robust cryptographic protocols, and if I look at the organization I’m representing or indirectly representing today, the IEEE, we have nine working groups working on quantum computing, two of which working specifically on quantum communication and quantum key distribution. The challenges we face in migrating from a pre-quantum world, in which we find ourselves at the moment, to a post-quantum world revolve around using those different methods, updating cryptographic and non-cryptographic protocols, so SSH, TLS, all the things we’re used to using today to ensure secrecy and confidentiality will need to be upgraded. There will be a lot of work to be done on changing and upgrading legacy systems. I think for those of you who remember it, the year 2000 bug, the year 2000 event, involved also upgrading a lot of systems. Quantum is going to be, at least an order of magnitude, have at least an order of magnitude more impact, and it’s also essential to be agile. Agile in the sense of from an organizational point of view. Quantum key distribution, a A key topic, short to medium term topic, using secure physics-based methods to exchange cryptographic keys is increasingly a focus. It’s still expensive and impractical at scale, but there’s a lot of money being invested and a lot of effort being made to change that. So the message I give to my customers, my investors, and the industry in general is start to understand where you use any kind of cryptography, and you’d be surprised by the list of places. Identify and mitigate any long-term data. Begin to start to use the new cryptographic methods as they become available. And of course, push your vendors to provide the technology to do that. From a policy point of view, all these changes represent both opportunities and risks in terms of ensuring that the methods and procedures and processes we use remain open and transparent and available to all. Finally, quantum is coming. It’s unavoidable. Actually, we shouldn’t think about avoiding it. We should embrace it. We don’t know exactly when, to what degree specific threats will become real threats. But we do know that we’re running out of time. There’s no time left to wait. We need to act now. And that means from a policy perspective, we also need to act now. Thank you.

Wout de Natris-van der Borght: Thank you, Mark. There’s some consternation here, as you see, because the three of us are in a different Zoom room than all of you. and that’s why you can’t see the presentations. So we’re trying to see if we can fix it very fast. The link that we’ve got is apparently a different one that the rest of the audience received. So that’s all I can give as an explanation. Elif is next, but I think it’s going to work. So let me introduce Elif Kiesow-Cortez to you. As I said, she is the chair of Working Group 9 on Emerging Technologies of DCISVC. And we’re doing a research at this moment into the social implications of quantum computing when that hits society. And with that, I give the floor to Elif to give a preliminary draft version of the report that will be published at the IGF in June in Lillestrøm in Norway. Elif, the floor is yours.

Elif Kiesow: Thank you very much, Wout. I will just need everyone on Zoom to put on mute, including our room, if that’s possible. Otherwise, we are getting feedback. Okay, no, then we get feedback. Okay. I will just… Okay, is this good enough? It’s not… …or what you need to care about is… …to a level where they will achieve a… …to sell not the brain for a thing that sells. So that was your reviews and what we mean when… …to a level where they will achieve a… …to a level where they will achieve a… …to a level where they will achieve a… …to a level where they will achieve a… …to a level where they will achieve a… …to a level where they will achieve a… Karen Mulberry, Tim Smith, Elif Kiesow, Wout de Natris-van der Borght Karen Mulberry, Tim Smith, Elif Kiesow, Wout de Natris-van der Borght Karen Mulberry, Tim Smith, Elif Kiesow, Wout de Natris-van der Borght Susan. And if you wanted to take home something, Sorry, I’m getting echo again. Did anything change? Okay, yeah. I think… Am I only hearing it or are you guys also hearing some feedback? All good? Okay, it’s perfect. Okay, if it’s good, then let me continue. So the first thing that you can maybe take to your organization after this presentation when it comes to organizational needs can include the planning stage. Again, you will want to look at what algorithms are being used in your current encryption methods, but that is also called a cryptographic inventory. So even if maybe you won’t be able to convince the management yet to take steps towards post-quantum cryptography, I think it would be important to look into at least creating something like a cryptographic inventory. And then, of course, eventually these steps that we will be publishing in our research should lead to a migration roadmap also at the organizational level. So we will be creating it in a way that it’s building up on each other in steps. So that’s also the examples that I wanted to use here. Okay, so then I mentioned at the opening that I will say a few things about IoT security and PQC as well. There, what we see as a main issue is already IoT security is a big problem, right? Because there are many layered problems. I just use one here that there are legacy devices. So the security vulnerabilities that are being caused for legacy devices is going to be multiplied in the future if we are doing this migration to PQC. So that’s why we want to bring it forward in this research and say that let’s pay attention to it from the get-go this time. Let’s not make the same mistakes of forgetting that IoT devices are our main vulnerabilities in many aspects. So in that sense, we are also bringing together, they advised to put together the need for IoT security with this new migration to PQC policies. And of course, a part of it, an important part of it, is public procurement. Just a taster, we can mention that probably whomever is deciding on, of course, also using IoT devices, for example, for sensitive data, for public data, should also consider while at the procurement stage to purchase devices that at least have the capacity to migrate to post-quantum cryptography. That’s pretty much what I wanted to cover. Just maybe one note, one thing that was mentioned by Mark was QKD. What we like to differentiate is when we are talking about QKD, we are talking about more quantum encryption, but when we are talking about post-quantum cryptography, some of you maybe already caught the clues there, but this is something that can run on classical computers, so you do not need quantum computers to run PQC, and that’s why we are now already ready, if we make the necessary investment, to upgrade our systems to better algorithms. Thank you.

Wout de Natris-van der Borght: Thank you, Elif, and I think that the three presentations struck a sort of a balance about hope, about the dark side, what may be waiting us, but also the options that we have today to actually start protecting ourselves from what may come one day, what we call on quantum day. We just don’t know when quantum day is, and I suppose that even researchers working on it continuously today don’t know when quantum day is unless somebody is keeping some big surprises for the world, which is also an option, of course, because it gives you a major advantage. With that, I want to open the floor for comments or questions or a debate, and that’s all up to you. So, online, if there are any comments, then please let me know. Who would want to take the first question in the room? Yes, please introduce yourself first.

Audience: Can you hear me well? So my name is Isti Marta, I’m from the University of Warsaw. So my question is to Mark and also to Elif. So first question is about the quantum key distribution. What are the possible risks for dual use technology, both present and the future? And for Elif, for the PTC migration. So what do you think, what are the risks for this PTC migration to fail? And if it does fail, probability wise, what sort of dire consequences that will be faced by a country? So yeah, thank you.

Mark Mattingley-Scott: Okay, so if I understood your question correctly, you are interested in what are the risks associated with dual use of this technology and risks in the context of risks in the context of weaknesses or ways that the technology can be attacked or risks in the sense of the technology may not be up to it or risks in the sense of the technology may be misused. Can you clarify please?

Audience: I think three of them, if that’s possible. If you have any insights as for now, when it comes to dual use technology.

Mark Mattingley-Scott: So I think the quantum key distribution The design parameters of the methods that are being investigated are, obviously, to design systems and technologies that are robust to design against weaknesses from the start. Obviously, at a certain level, that’s a naive position because every technology always has some weaknesses somewhere, but I think that is happening out in public. That is a transparent process, at least as far as we can tell. I don’t see currently any issues there. The second point was potential misuse of the technology, and I guess there’s two ways to look at that. One is from the point of view of can an aggressor misuse this technology, can a defender use this technology, particularly in the situation in Europe and in Ukraine at the moment. I think the answer to that is we can theorize about that situation as much as we want without getting or trying to avoid being very political about it, but what we do see is every technology, or the potentials and the weaknesses of every technology, become glaringly obvious the moment it hits the battlefield. So for the dual use, in the sense of dual use, it’s impossible for me to predict. I think we just have to wait and see.

Panelist: Yes, and thank you for the question that is more focusing on the international aspect, I guess. I think maybe the main one that is most relevant also for our community is it can increase the risk of digital divide when we are thinking about PQC migration, right? Because now we are seeing already some countries coming up with roadmaps. They have maybe the resources to come up with the roadmaps, maybe they have the resources to develop the algorithms and then they will maybe have the resources to implement and make this migration happen. And then it can lead to a situation that we will be having, of course, the states that manage to do it and are in a much secure place maybe when it comes to cybersecurity, whereas those that could have been left behind. But since we are already able to discuss this at an earlier stage where the migration did not happen yet for any country, I think that our community has a chance to think about this further and definitely to advise, I think, also for further international cooperation and support so that we are not really running into a situation that we can pretty much predict. Thank you.

Wout de Natris-van der Borght: Another question? Yes, please.

Marijana Puljak: Hello. It’s maybe not a question but a comment. Please introduce yourself. Oh, sorry. Marijana Puljak. I’m a member of the Croatian Parliament and a member of the Parliamentary Assembly of the Council of Europe and I must say with 25 years of IT background, so maybe I will have an IT comment on all this. When talking about technology, about all these questions, can technology be used and misused? Of course. We have a fire so you can burn the house or you can cook dinner with the same tool. So every technology can be used and misused is the question of how fast are we with regulating it and how fast are we with, you know, who is the faster, bad guy or good guy? And also I must say my daughter is in research of quantum computing at CERN specifically and through her experience I see and I’m aware that there is still a significant gap between researchers and industry, especially in diplomacy, as you said. And so when trying to commercialize this technology. Maybe it’s hard, you also said about the funding, you are trying to find funding. Maybe the funding is hard to find because no one can predict how the return of investment will be in 5, 10, 20 years or maybe next week. That’s why the problem is with all of this. But I’m interested how do you see, you know, this is really new and fast development, fast new technology. How do you see this bridging this gap between researchers and industry? Thank you.

Panelist: Yes, so I can give a comment and I’m going to assume that maybe Tim would like to jump in as well because definitely the Open Quantum Institute is working on that. And for example, I’m working with industry associations that are both in the US and in the EU that are focused on quantum. And we are looking into these kind of governance issues as well. So I can say that there are different groups also, as far as I know, in Australia, as well as in the UK, that are looking at it from more responsible technology angle as well. And of course, even that research is not very easy to do, because exactly, correctly as you put it, when you say there is this technology which might be a problem in 10 years, it’s not something that people really feel like they should care about, right? So that is, I think, one of the main issues that we are still running into, even if there is work. And just before giving the floor to Tim, I can say that the difference with the PQC is I think now we are seeing government action. So then I think as long as we see, for example, government action, which is in form of policy, which is maybe even saying by this date we want to see these results, I think that really gives good support also to bridge that gap. Yes, Tim.

Wout de Natris-van der Borght: Thank you, Tim. And before I give the floor, I would like to expand the question a little bit. As you said, you’re working together with a lot of different organizations. organizations. What I would like to know also is the enthusiasm, let’s call it that, to cooperate larger in governments or in academia or in the industry. And secondly, do you think that we can afford to make it a voluntary action to deploy these post-quantum encryption beforehand, or can we leave it to industry just like we did with all the other techniques that came along online? So I think that expands the question a little bit. Over to you, Tim, thanks.

Tim Smith: Thanks very much, it’s a great question. Exactly, the fact that fire is both good and bad and every technology similarly is both good and bad shouldn’t be ignored in the sense that we should embrace the fact that we know this is happening and embrace the learning we’ve had from previous tech waves, is that exclusion from solutions, exclusion from discussions, causes even greater misuse, it causes even greater divides, the haves and the have-nots. So in fact, we see the best way of developing the technology responsibly is by having these conversations with all of the actors in the room to investigate all these different aspects simultaneously and to come to common understandings of how to steer it. It’s not clear up front that one entity can be doing the steering. I think there’s all these different perspectives have to be taken into account. So the way we’re doing it is having these multilateral workshops, multilateral discussions on responsible computing, responsible quantum computing, and also forming teams that are working on solutions that are also multi- multilateral. So bringing industry, bringing academia, bringing the funders, bringing the decision makers, bringing the domain experts all into the same teams that are trying to perform solutions to bring all these different aspects, because I think it’s only through common understanding that we can see a common way of beneficially developing this in the future.

Wout de Natris-van der Borght: Thank you, Tim. I’m getting to use our focal point first and then I’ll come to you. Jörn has helped us tremendously to make this session happen and he has a comment to one of the questions.

Jörn Erbguth: You ask whether it is mandatory and we have current laws that make it mandatory. GDPR makes it mandatory to use quantum proof encryption because it makes it mandatory to use secure encryption and once the standard is out and it is state-of-the-art to use quantum proof encryption, it is mandatory and it’s a GDPR violation if you don’t use it for relevant data. So it is mandatory and we don’t need to change any law to make it mandatory.

Wout de Natris-van der Borght: Thank you, Jörn. I think that is a very clear statement. Should people from industry be in the room? I saw your hand up, please introduce yourself first.

Audience: Biljana Zaslova-Friedrich, do you hear me? Biljana Zaslova-Friedrich from the European Centre of Quantum Sciences, based here in Strasbourg, not far away from the Council of Europe. I’m a senior project manager working on different European projects on AI, machine learning and quantum. Our centre is a transdisciplinary, transnational centre, working on the Rhine Valley but also with the whole region contest. And we have a lot of programmes actually, not only of course training, research, but also innovation because we are also an innovation hub with one start-up for a quantum simulator. And we also now dwell more into the governance and the policy making issues because we have understood that there is a huge problem in making quantum relevant and interesting. for policy makers, but also for overall, for the population. We have huge problems in training younger generations. They are not so interested in sciences, so that’s one of our first fight. The second fight that we have in the near and middle term process is to try to make the industry in the Grandes, but also in France, to try to adapt their solutions and include quantum. It’s quite a risk actually for industry makers. Their R&D are not trained into looking into quantum solutions when it comes to training them is also quite a big deal. So what we try to do is really to find user cases that will make our quantum computer and our simulators work, so that we have more experience and try to correct the errors and try to find out how we can manage to develop this, to better develop, to improve our technology. By the way, for Mark, it’s a neutral atoms, ion traps technology. It’s quite different from the diamond, for your diamonds. So my question is, do you think that we should target only the industry or should we target also policy makers and what the European Union could do in this in this perspective? Because now that I know that they have a new quantum strategy that is launching, there’s a consultation process, by the way, about the quantum strategy and my center will definitely try to contribute to this new quantum strategy. Thank you.

Panelist: So I think It’s definitely great that you already mentioned both the great work and also what’s happening right now. Maybe we can also highlight that it is true that right now there is a call for evidence from also the EU that is looking into feeding their quantum strategy with more feedback from the citizens. What we highlight is exactly on the point that you are mentioning. One point is of course to look into future workforce and to make sure that there are trainings that are targeted so that we can get more quantum talent. But the other part is how are we going to make sure that we are also informing citizens as well as policymakers in time so that they can be a part of this discussion in an informed way. And I think that would be something that we are definitely looking into solving in the recent or in the coming years. So I would say that’s definitely one key point. And I’m going to again mention that for Tim, for example the Open Quantum Institute’s role is I think exactly for looking at bringing together different stakeholders, but we think that IGF can also be an important power in this. So we started our working group in the Dynamic Coalition Internet Safety Security Standards, so IS3C as you know our common name. So we started this working group nine that is looking at quantum already two years ago. So we started reaching out actually to policymakers saying that this is going to be an important issue, would you like to work with us? So let’s also use this platform then to make our call that we think that IGF is also perfectly positioned to bring together different stakeholders and look at it from more adoption and governance angles because we need those voices as well. Yeah, thank you.

Wout de Natris-van der Borght: Thank you, Edith. And looking at the time, we have to start wrapping up unfortunately, but I suggest that we exchange cards in a moment and with you as well, Tim, and see what we can do in the future because this is hopefully not the end, the presentation of this report. We have now to go to the messages, to discuss the messages. I’m going to ask, how much time do we have left? Can we do five minutes extra? Yeah. We have five minutes extra. Okay, then I’m going to ask Tim and Mark and Elif to say in one sentence. In one sentence, what it is they think the next step should be right now. So, in one sentence, Tim.

Tim Smith: Building on the previous question, public awareness. I think demand-driven, demanding the solutions, expecting the integrations is perhaps the biggest thing that we should do now. Awareness-raising so that people ask for the right things and get inspired to help create the right solutions to be part of the future workforce.

Wout de Natris-van der Borght: Thank you, Tim. Mark.

Mark Mattingley-Scott: Europe is in a unique position as far as quantum technologies is concerned. In addition to having the largest pool of skills and talents in quantum technologies, a critical mass of consumers, ultimate consumers, industrial consumers of quantum technologies. And also in terms of the technologies themselves, we need to enable investment. I’m speaking as a startup here. Investment, critical growth capital will fuel that system. If we bring quantum technologies to Europe as a core key technology, then the decisions we make, the policy decisions we make, will have corresponding weight globally. And I think that’s key.

Wout de Natris-van der Borght: Mark, Elif.

Elif Kiesow: I will just echo the comments of Tim and Mark, but let me just also make it a bit more specific on what we discussed on PQC. And let me just say that I really loved what you mentioned. So if this will become the new industry standard, we have to make sure that we are not leaving any actor behind. So that would be, I think, one message from me.

Wout de Natris-van der Borght: Thank you, Elif. And before we wrap up, I would like to give the floor to Jörn Erbguth, who will share the messages of this session with you. Jörn.

Jörn Erbguth: Thank you, Wout. I share the draft of the messages. So I took from your presentation, your comments, that… It cannot be read. It’s too small? Yes. Better? Much better, yes. No, too big? Yes. Okay. So the first message is quantum computers at scale are not there yet. However, they start to be able to solve some problems faster than classical computers. We need to open quantum computing to everyone, not only a few countries and corporations. And then second, quantum computers will be able to break current cryptography. Quantum computers, quantum technology is unavoidable. There is no option to stop it. And we should not try to prevent it, but embrace it. We need to raise awareness. And concerning encryption, current risk is harvest now, decrypt later. So nobody can, as we know, can decrypt current encrypted texts, but if you store them, you can decrypt them later. We need to do the migration to quantum proof encryption now, because it will take years to do it. Countries need to take an inventory of the cryptography used and include all devices as, for example, IT devices as well. So migration to quantum proof encryption could create a new digital divide if some countries do it and some other countries don’t. And it’s an avoidable digital divide. It’s not something that is dependent on some countries not being able to do it. It is possible, but we need to roll it out. But so these are the messages they will be taking into consideration. If you have a strong disagreement with one of the messages, please raise it now. If you have editorial concerns, we can do that in the later process. Thank you.

Wout de Natris-van der Borght: Does anybody has a very strong objection? I see one finger, please. No, no.

Audience: Maybe not an objection, but maybe we can talk about hybrid computers, classical plus quantum, because there is a huge hybrid technology that is on the way that could fasten the quantum advantage actually. When you talk about the first one, quantum computers or hybrid computers.

Jörn Erbguth: I agree that hybrid computers can be an issue, but we didn’t discuss them, so I didn’t include them in the messages. I think Tim mentioned them. Okay, okay, sorry.

Wout de Natris-van der Borght: Unless you disagree, Tim, but I was very, very clearly thought I got that.

Tim Smith: Exactly, they’re the ones that are most practical now.

Jörn Erbguth: Thank you. Where would you include them?

Wout de Natris-van der Borght: Yes, they should be in the first one, Björn.

Tim Smith: I would say about steering hybrid developments collaboratively. Because I’m always hoping to push towards the good rather than the bad.

Wout de Natris-van der Borght: While Jörn is typing, is there another strong objection? I don’t see any hands up, so I take it that the draft version is accepted. Thank you very much, Jörn. That brings us to the end of this first session of this morning in this room. Just to promote the Dynamic Coalition again a little bit, if you’re interested in our work, you can join it by going to the IGF website and join the mailing list. And if you go to Dynamic Coalitions, you’ll see Internet Standards, Security and Safety Coalition. and you can join there. We have our own website, is3coalition.org, where results and reports are published. What I can announce is that we will present the second draft of our reports to the AFNIC organization about two weeks from now. And after that, if they agree, then we’ll have a short public consultation on the report that will be announced on our website and in other places around the internet. And you have about two weeks to respond to our findings. And then we publish the report at the IGF and present it there, probably on the day zero. That ends my part of making publicity for our own coalition. I would like to thank first our key participants. Tim in Geneva, thank you very much for your hopeful contribution to this discussion. And I think that it would be good if we discussed further in the near future. Mark Mattingley-Scott to show to us what the threats are, but also what the future holds for us and what could be a positive outcome and Elif for presenting the draft report to us. But I’d also like to mention the other org team mentioned people because we got together as a team to make this session happen. And the first is our focal points, Karen Mulberry and Jörn Erbguth, but also Konstant Weisse, who coordinated a lot in the background for us and made it possible for us to meet. I’d like to thank our rapporteur, who’s also Jeroen, thank you very much. But also the people at EuroDIG here in the room, but also especially behind the scenes who make everything possible that we do, Sandra and the team and Rainer. So without them, there would be no EuroDIG. And I think that gives a round of applause for them as well. So thank you very much. And then I’ll hand over to you to wrap up.

Agreement points

Quantum computing is already here and being used

Speakers

– Tim Smith
– Mark Mattingley-Scott

Arguments

Quantum computing is already here and being used in hybrid systems

Quantum computers at scale are not there yet. However, they start to be able to solve some problems faster than classical computers.

Summary

Both speakers agree that while large-scale quantum computers are not yet available, quantum computing technology is already being used in some capacity, particularly in hybrid systems.

Need for global governance and collaboration in quantum computing

Speakers

– Tim Smith
– Elif Kiesow
– Panelist

Arguments

Need to shape global governance and explore impactful applications for society

IGF can play important role in bringing stakeholders together

Need for international cooperation and support on quantum computing

Summary

The speakers emphasize the importance of developing global governance frameworks and fostering international collaboration in the field of quantum computing.

Importance of raising awareness about quantum computing

Speakers

– Tim Smith
– Panelist

Arguments

Need to raise awareness and public demand for quantum solutions

Importance of informing citizens and policymakers about quantum computing

Summary

Both speakers stress the need to educate the public and policymakers about quantum computing to drive demand and informed decision-making.

Similar viewpoints

Both speakers acknowledge the threat that quantum computers pose to current cryptography and the need for post-quantum cryptographic solutions.

Speakers

– Mark Mattingley-Scott
– Elif Kiesow

Arguments

Quantum computers will one day break current cryptography

Post-quantum cryptography can run on classical computers

Both speakers highlight the potential for a new digital divide in quantum computing capabilities and the need for international cooperation to prevent it.

Speakers

– Elif Kiesow
– Panelist

Arguments

Risk of increasing digital divide if some countries migrate to PQC and others don’t

Need for international cooperation and support on quantum computing

Unexpected consensus

Mandatory use of quantum-proof encryption

Speakers

РJ̦rn Erbguth
– Wout de Natris-van der Borght

Arguments

Current laws like GDPR already mandate use of quantum-proof encryption

Question of voluntary vs. mandatory deployment of post-quantum encryption

Explanation

While Wout de Natris-van der Borght raises the question of whether post-quantum encryption should be voluntary or mandatory, Jörn Erbguth points out that existing laws like GDPR already effectively mandate it. This unexpected consensus suggests that the transition to quantum-proof encryption may be driven by existing regulatory frameworks rather than new legislation.

Overall assessment

Summary

The main areas of agreement include the current relevance of quantum computing, the need for global governance and collaboration, the importance of raising awareness, and the necessity of addressing cybersecurity challenges posed by quantum computing.

Consensus level

There is a moderate to high level of consensus among the speakers on the key issues surrounding quantum computing. This consensus suggests a shared understanding of the challenges and opportunities presented by quantum technologies, which could facilitate more coordinated efforts in development, governance, and implementation of quantum computing solutions.

Different viewpoints

Timing and readiness of quantum computing

Speakers

– Tim Smith
– Mark Mattingley-Scott

Arguments

Quantum computing is already here and being used in hybrid systems

Quantum computers at scale are not there yet. However, they start to be able to solve some problems faster than classical computers

Summary

While Tim Smith argues that quantum computing is already being used in hybrid systems, Mark Mattingley-Scott suggests that quantum computers at scale are not yet available, though they are beginning to solve some problems faster than classical computers.

Unexpected differences

Overall assessment

Summary

The main areas of disagreement revolve around the current state of quantum computing readiness and the specific approaches to governance and collaboration.

Disagreement level

The level of disagreement among the speakers is relatively low. Most speakers agree on the importance of quantum computing, the need for preparedness, and the importance of collaboration. The disagreements are mainly about nuances in approach or emphasis, rather than fundamental differences. This suggests a generally aligned perspective on the challenges and opportunities of quantum computing, which is positive for addressing the topic at hand.

Partial agreements

Similar viewpoints

Both speakers acknowledge the threat that quantum computers pose to current cryptography and the need for post-quantum cryptographic solutions.

Speakers

– Mark Mattingley-Scott
– Elif Kiesow

Arguments

Quantum computers will one day break current cryptography

Post-quantum cryptography can run on classical computers

Both speakers highlight the potential for a new digital divide in quantum computing capabilities and the need for international cooperation to prevent it.

Speakers

– Elif Kiesow
– Panelist

Arguments

Risk of increasing digital divide if some countries migrate to PQC and others don’t

Need for international cooperation and support on quantum computing

Key takeaways

Quantum computing is already being used in hybrid systems and will have major impacts in the future

There is a need to shape global governance and explore societal applications of quantum technologies

Quantum computers will eventually break current cryptography, posing security risks

Post-quantum cryptography can run on classical computers and should be implemented proactively

There is a risk of increasing the digital divide if some countries/organizations migrate to post-quantum cryptography while others do not

Raising awareness and public demand for quantum solutions is crucial

Europe is well-positioned to lead in quantum technologies

International collaboration is needed to ensure equitable access and benefits

Resolutions and action items

Organizations should create a cryptographic inventory as a first step towards post-quantum migration

Need to train younger generations and industry professionals in quantum technologies

IGF to play a role in bringing stakeholders together on quantum issues

Present draft report on quantum computing social implications at IGF in June

Unresolved issues

Exact timeline for when quantum computers will break current cryptography

How to fully bridge the gap between quantum researchers, industry and policymakers

Specific steps for countries/organizations to avoid being left behind in quantum advancements

How to balance innovation with security concerns in quantum technology development

Suggested compromises

Using hybrid quantum-classical systems as an interim step

Steering hybrid quantum-classical developments collaboratively to balance progress and responsible development

Targeting both industry and policymakers in quantum strategies to address various stakeholder needs

The second quantum revolution is already underway. It’s already here. It’s not a question of waiting. It’s a question of being part of it and shaping it.

Speaker

Tim Smith

Reason

This comment challenges the common perception that quantum computing is a future technology and emphasizes the urgency of engagement.

Impact

It set a proactive tone for the discussion and emphasized the need for immediate action rather than just preparation for a distant future.

Without anticipatory governance, this dual-use technology could undermine digital security and fuel even more geopolitical tensions.

Speaker

Tim Smith

Reason

This highlights the potential risks of quantum computing and the need for proactive governance.

Impact

It shifted the conversation towards the importance of international collaboration and governance frameworks.

Harvest now and decrypt later. So encrypted data is very often used in situations where it’s stored and becomes amenable or possibly attackable at some future point.

Speaker

Mark Mattingley-Scott

Reason

This introduces a critical security concept that many may not have considered before.

Impact

It deepened the discussion on security implications and highlighted the urgency of addressing quantum-resistant encryption.

I think maybe the main one that is most relevant also for our community is it can increase the risk of digital divide when we are thinking about PQC migration.

Speaker

Elif Kiesow

Reason

This comment broadens the discussion beyond technical aspects to include social and global equity considerations.

Impact

It introduced a new dimension to the conversation, prompting consideration of the societal impacts of quantum computing advancements.

GDPR makes it mandatory to use quantum proof encryption because it makes it mandatory to use secure encryption and once the standard is out and it is state-of-the-art to use quantum proof encryption, it is mandatory and it’s a GDPR violation if you don’t use it for relevant data.

Speaker

Jörn Erbguth

Reason

This comment provides a concrete legal perspective on the implementation of quantum-resistant encryption.

Impact

It shifted the discussion towards practical implications and regulatory requirements, emphasizing that action may be mandatory rather than optional.

Overall assessment

These key comments shaped the discussion by broadening its scope from purely technical considerations to include governance, social implications, and regulatory aspects. They emphasized the urgency of action, highlighted potential risks and opportunities, and underscored the need for international collaboration. The discussion evolved from an abstract future concept to a pressing current issue with immediate practical and policy implications.

How can we bridge the gap between researchers, industry, and diplomacy in quantum computing?

Speaker

Marijana Puljak

Explanation

This is important to ensure effective commercialization and responsible development of quantum technology.

What are the risks for post-quantum cryptography (PQC) migration to fail, and what consequences would countries face if it does fail?

Speaker

Audience member (Isti Marta)

Explanation

Understanding these risks is crucial for countries to prepare and mitigate potential negative outcomes.

What are the possible risks for dual-use technology in quantum key distribution, both present and future?

Speaker

Audience member (Isti Marta)

Explanation

Identifying these risks is important for developing appropriate safeguards and policies.

Should the deployment of post-quantum encryption be mandatory or voluntary?

Speaker

Wout de Natris-van der Borght

Explanation

This question is crucial for determining the approach to implementing quantum-safe security measures.

How can we target both industry and policymakers to increase awareness and adoption of quantum technologies?

Speaker

Biljana Zaslova-Friedrich

Explanation

This is important for ensuring widespread understanding and responsible development of quantum technologies.

How can we address the potential new digital divide that could be created by the migration to quantum-proof encryption?

Speaker

Elif Kiesow

Explanation

This is crucial for ensuring equitable access to quantum-safe security measures across different countries and regions.

How can we improve public awareness and demand for quantum computing solutions?

Speaker

Tim Smith

Explanation

This is important for driving the development of beneficial applications and creating a future workforce in quantum technologies.