Quantum Computing and National Security: The Race That Will Define the Next Geopolitical Order

For most of the past three decades, quantum computing has occupied a peculiar space in the strategic imagination: perpetually important, perpetually imminent, perpetually not quite here. Researchers have promised transformative capabilities across drug discovery, materials science, financial modeling, and cryptography since the 1990s, and the technology has delivered meaningful scientific progress while stubbornly resisting the practical capability thresholds that would make it strategically decisive. That period of comfortable distance between promise and consequence is ending. The convergence of hardware progress, software development, and massive state-backed investment programs has moved quantum computing from the domain of theoretical concern to the domain of active strategic planning—particularly in national security, where the implications of quantum advantage in cryptography are not merely disruptive but potentially catastrophic for current information infrastructure. This analysis examines where quantum computing actually stands, what the genuine national security implications are, and how states and institutions are—or are failing to—prepare for a transition that may be the most consequential shift in information security in a generation.

The State of the Technology: Separating Signal from Noise

Quantum computing discourse is plagued by persistent misrepresentation from two directions simultaneously. Advocates systematically overstate current capabilities and compress timelines to maintain investment momentum and media attention. Skeptics, burned by decades of overpromised progress, dismiss the technology as perpetually five to ten years away from relevance. Neither characterization is analytically useful.

The honest assessment of where quantum computing stands in 2026 requires distinguishing clearly between what current quantum hardware can do, what it cannot do, and what the trajectory of development suggests about the next five to fifteen years.

Current Hardware Capabilities

The dominant architecture in current quantum computers—superconducting qubits—has achieved significant milestones over the past three years. Google's Sycamore processor demonstrated quantum supremacy in 2019 on a narrow computational task. IBM has progressively scaled its systems toward hundreds of logical qubits. Several other major platforms—ion trap systems from IonQ and Quantinuum, photonic systems from PsiQuantum, neutral atom systems from Atom Computing and QuEra—have achieved their own capability milestones.

What these milestones have not achieved is fault-tolerant quantum computing at scale. Current quantum computers are what the field calls Noisy Intermediate-Scale Quantum (NISQ) devices: they have a limited number of qubits, those qubits are error-prone (noisy), and the error rates are high enough that computations longer than a certain circuit depth become dominated by accumulated errors rather than useful computation. For the applications that matter most to national security—particularly the ability to run Shor's algorithm at scale to break public-key cryptography—NISQ devices are not sufficient.

Breaking RSA-2048 encryption using Shor's algorithm, for example, is estimated to require on the order of thousands to millions of logical, fault-tolerant qubits, depending on implementation choices. Current systems operate with tens to hundreds of physical qubits, and the overhead required to achieve a single fault-tolerant logical qubit from error-corrected physical qubits is estimated to require between hundreds and thousands of physical qubits per logical qubit. The gap between current hardware and the hardware required to break current encryption standards is measured in orders of magnitude.

"The common error in assessing quantum computing for national security purposes is to treat the question as binary: either we have cryptographically relevant quantum computing or we do not. The correct framework is probabilistic and temporal—what is the distribution of possible timelines to cryptographically relevant quantum computing, and how does that distribution shape the urgency of defensive action today?"

The Timeline Uncertainty Problem

The honest answer about when cryptographically relevant quantum computers will exist is: we don't know, and the range of informed estimates is wide. Credible projections from serious research groups span a range from approximately five years (aggressive, dependent on rapid hardware and error correction progress) to twenty or more years (conservative, emphasizing the depth of unsolved engineering and physics problems that remain).

This uncertainty is itself strategically important. For national security purposes, planning based on the most optimistic timeline—because that is the worst-case for defenders—is prudent even if it proves premature. The asymmetry between the cost of early preparation and the cost of late preparation is severe: investments in quantum-resistant cryptography made five years before they are needed are recoverable; investments not made five years after they were needed are potentially catastrophic.

Several factors could accelerate progress toward cryptographically relevant quantum computing beyond current expectations: a breakthrough in error correction methods, unexpected improvement in qubit coherence times, a new physical implementation that achieves better noise characteristics, or a discovery in algorithms that reduces the qubit requirements for cryptographically relevant computation. Conversely, progress could slow if fundamental physics limits prove more constraining than hoped, if the engineering challenges of scaling systems prove more difficult than projected, or if key research groups fail to translate laboratory results into reliable, reproducible systems.

The current expert consensus, to the extent one can be identified, clusters in the ten to fifteen year range for the moderate scenario, with meaningful probability weight on both the optimistic and conservative scenarios. For the purposes of national security planning, the relevant question is not "when will it happen?" but "what decisions do we need to make now that will still be correct across the entire range of plausible scenarios?"

The Cryptographic Vulnerability: What Is Actually at Risk

The specific national security concern that drives urgency in quantum computing policy is the vulnerability of current public-key cryptographic systems to Shor's algorithm. To understand why this matters, it is necessary to briefly characterize the role that public-key cryptography plays in current information infrastructure.

The Architecture of Current Cryptographic Security

Modern information security rests on two distinct categories of cryptographic systems. Symmetric encryption—exemplified by the Advanced Encryption Standard (AES)—uses the same key for encryption and decryption and is considered relatively quantum-resistant: Grover's algorithm, the relevant quantum attack, reduces effective key strength by roughly half, meaning that doubling key length (from AES-128 to AES-256) provides adequate quantum resistance. Symmetric encryption is used to protect data in transit and at rest, but it requires a secure mechanism to exchange keys.

Public-key (asymmetric) cryptography solves the key exchange problem by using mathematically related key pairs: a public key that can be freely shared and a private key that must remain secret. The security of current public-key systems—RSA, elliptic curve cryptography (ECC), Diffie-Hellman—rests on the computational hardness of specific mathematical problems: factoring large integers (RSA), computing discrete logarithms over finite fields or elliptic curves (ECC, DH). These problems are computationally infeasible for classical computers at relevant key sizes but are efficiently solvable by a sufficiently powerful quantum computer running Shor's algorithm.

Public-key cryptography underlies virtually every secure communication protocol in current use: TLS/HTTPS (the security of the internet), SSH (secure remote access), code signing (software integrity verification), digital certificates (identity verification), and the authentication mechanisms that underpin financial transactions, government communications, and military command and control. The exposure is not a narrow technical vulnerability—it is the foundational layer of trust for modern information infrastructure.

Harvest Now, Decrypt Later: The Present Threat

A dimension of the quantum cryptographic threat that is often underappreciated in policy discussion is that it is not purely future-tense. The "harvest now, decrypt later" (HNDL) threat is present and active: adversaries with the strategic foresight and storage infrastructure to do so are believed to be systematically intercepting and storing encrypted communications today, with the expectation that future quantum computers will be able to decrypt them retroactively.

"The harvest now, decrypt later threat fundamentally changes the calculus of quantum cryptographic risk. Data that is intercepted and stored today retains its sensitivity until it can be decrypted. For communications involving long-lived secrets—military capabilities, intelligence sources and methods, diplomatic plans, weapons programs—the relevant question is not when quantum computers will exist but how long the information remains sensitive. For many categories of national security information, the answer is decades."

The implications are direct and urgent: communications and data that are encrypted today using public-key cryptographic systems may be decrypted by foreign adversaries in the future, when quantum computers become available. For information with long-lived sensitivity—national security secrets, intelligence sources, weapons systems specifications, diplomatic communications—this means that effective exposure may have already occurred, even if decryption remains years away.

National security agencies, particularly in the United States, China, and likely other major powers, are believed to be operating HNDL programs at significant scale. The exact scope and capability of these programs is necessarily classified, but the strategic logic is compelling: the marginal cost of storing encrypted intercepted traffic is low relative to the potential value of future decryption, and any adversary that has correctly assessed the quantum computing trajectory would have strong incentives to begin HNDL collection well in advance of achieving cryptographically relevant quantum capability.

National Programs and the Quantum Race

The major powers have made large-scale, sustained investments in quantum computing research and development, framing the competition explicitly in strategic and national security terms. The characteristics and current status of the major national programs provide important context for assessing the geopolitical dimension of quantum computing development.

The United States Program

The United States maintains the largest and most diversified quantum computing program among Western states, distributed across federal agencies, national laboratories, and a large private sector ecosystem. The National Quantum Initiative Act of 2018 provided a legislative framework for coordinating federal quantum investments across the Department of Energy, the National Science Foundation, and NIST. Subsequent appropriations and executive orders have expanded the program and added explicit national security dimensions.

The primary centers of federal quantum research include the five Department of Energy National Quantum Information Science Research Centers, established in 2020 with over $600 million in initial funding, and extensive programs at national laboratories including Argonne, Oak Ridge, Lawrence Berkeley, Fermilab, and Sandia. The National Security Agency (NSA), Defense Advanced Research Projects Agency (DARPA), and the Intelligence Community maintain additional classified programs whose scope is not publicly known.

The private sector dimension of the U.S. quantum program is substantial and arguably more advanced in near-term hardware than most government programs: IBM, Google, Microsoft, Amazon, and a large number of startups—IonQ, Quantinuum, Rigetti, PsiQuantum, Atom Computing, QuEra, and others—are all active in quantum hardware and software development. The U.S. private sector quantum ecosystem is the most developed in the world by most measures.

The primary vulnerabilities in the U.S. program are arguably not technical but organizational: coordination between classified and unclassified programs is imperfect; the workforce pipeline for quantum specialists is insufficient relative to demand; and export control frameworks struggle to prevent the transfer of dual-use quantum technologies to adversarial states.

China's Quantum Program

China has made quantum computing a stated national strategic priority, with massive state investment coordinated through the National Development and Reform Commission and implemented through leading universities, research institutes, and state-affiliated companies. China's National Laboratory for Quantum Information Sciences in Hefei represents one of the largest single quantum research investments in the world. Alibaba, Baidu, and Huawei all maintain significant quantum computing programs, supported by substantial state funding and close integration with government strategic planning.

Chinese researchers have made genuine scientific contributions to quantum computing and communications—including meaningful work on quantum key distribution networks, where China has deployed the most extensive operational network in the world. The PanGu quantum processor series has demonstrated competitive performance on certain benchmarks, though direct comparison with U.S. systems is complicated by differences in architecture and benchmark methodology.

"China's approach to quantum computing reflects a broader pattern of civil-military fusion: research that appears commercial or academic is simultaneously available to military and intelligence users. The boundaries between civilian and defense applications of quantum technology are substantially more porous in China than in the United States or most of its allies, which has significant implications for how Western states should assess Chinese quantum capabilities."

The depth and breadth of China's quantum program make it the primary strategic competitor for the United States in this domain, and the genuine difficulty of assessing classified Chinese capabilities means that the uncertainty range around Chinese progress is wider than for U.S. programs.

European Programs

The European Quantum Flagship program, launched in 2018 with an initial billion-euro investment over ten years, represents the most significant coordinated European investment in quantum technologies. The program spans quantum computing, quantum communications, quantum sensing, and fundamental quantum science, distributed across research institutions across EU member states.

European quantum computing capabilities are distributed among several strong national programs—Germany, France, the Netherlands, and the United Kingdom maintain particularly active research programs—but are generally assessed as behind the leading U.S. and Chinese programs in hardware development. The European strength lies more in fundamental research and quantum communications, where significant work on quantum key distribution and quantum network protocols has been done.

The United Kingdom's post-Brexit National Quantum Strategy announced £2.5 billion in quantum investment through 2034, reflecting the government's assessment that quantum technology is strategically important enough to merit a dedicated major national program.

Other State Programs

Japan, Canada, Australia, India, and South Korea all maintain significant national quantum programs, though at smaller scale than the major powers. Japan's Quantum Innovation Strategy coordinates research at RIKEN, NTT, Fujitsu, and other leading institutions. Canada has a long history of leading academic quantum research and maintains significant private sector activity, particularly through the Perimeter Institute and Institut quantique. India's National Mission on Quantum Technologies and Applications launched in 2023 with a substantial investment mandate.

Post-Quantum Cryptography: The Migration Challenge

The primary strategic response to the quantum cryptographic threat is the migration from current public-key cryptographic algorithms to post-quantum cryptographic (PQC) algorithms—algorithms that are believed to be resistant to attack by both classical and quantum computers. This migration is already underway in policy terms, though the practical implementation challenge is enormous.

The NIST Standardization Process

The National Institute of Standards and Technology (NIST) conducted a multi-year process to evaluate and standardize post-quantum cryptographic algorithms, culminating in the publication of the first four PQC standards in 2024. The standardized algorithms are based on mathematical problems that are believed to be hard for both classical and quantum computers—specifically, problems related to lattice mathematics (CRYSTALS-Kyber for key encapsulation, CRYSTALS-Dilithium and FALCON for digital signatures) and hash-based signatures (SPHINCS+).

The selection of these standards represents a significant milestone in PQC migration, providing organizations with standardized, peer-reviewed algorithms to adopt. The NIST process involved extensive public scrutiny, cryptanalytic competition, and international participation—a process that provides reasonable confidence in the security of the selected algorithms, though not absolute certainty.

The technical limitations of the standardization effort are worth noting. Lattice-based cryptography, while currently believed to be quantum-resistant, has not been subjected to the decades of cryptanalytic scrutiny that has given confidence in RSA and ECC. The mathematical problems underlying lattice cryptography are newer, and while no classical or quantum attacks have succeeded against them, the cryptographic community would ideally have more time to develop confidence. This is one reason NIST has continued work on additional alternative algorithms.

The Implementation Gap

The existence of standardized post-quantum algorithms does not mean that systems are protected. The migration from current cryptographic standards to post-quantum standards requires identifying all the places where vulnerable algorithms are used—an inventory that is far more complex than it sounds in any large organization or government system—and implementing, testing, and deploying the replacement algorithms across all of those systems.

"The cryptographic migration challenge is not primarily a cryptography problem—it is a systems engineering and program management problem. The question is not whether post-quantum algorithms are technically sound; it is whether organizations have the visibility into their cryptographic dependencies, the technical capacity to implement the migration, and the organizational will to execute a multi-year transformation program for infrastructure that, when it works, is invisible."

For the United States government and military, the scope of the migration is staggering. The National Security Agency has issued guidance requiring the migration of National Security Systems—classified government systems—to quantum-resistant algorithms, with timelines that vary by system classification and data sensitivity. But the government's information infrastructure is vast, heterogeneous, and in many cases maintained by contractors or legacy systems that are difficult to update. The commercial sector faces similar challenges at comparable scale.

Several categories of systems present particular migration challenges. Legacy systems often cannot be updated to use new cryptographic algorithms without full replacement, which may require hardware procurement and software development cycles measured in years. Long-lived certificates and keys signed with vulnerable algorithms cannot simply be replaced retroactively for data that has already been transmitted. Embedded systems—in weapons platforms, critical infrastructure, industrial control systems—often have hard constraints on computational resources that may not accommodate the larger key sizes and computational overhead of some PQC algorithms. Supply chain dependencies—software libraries, hardware security modules, trusted platform modules—must themselves be updated before organizations that depend on them can complete their migrations.

The NSA and CISA (Cybersecurity and Infrastructure Security Agency) have both published guidance recommending that organizations begin their PQC migration now, prioritizing systems that handle the most sensitive data and that are most difficult to update. The recommendation to start immediately reflects the recognition that the migration timeline for large, complex organizations is likely to be measured in years, and that the HNDL threat means that data intercepted today may be at risk before the migration is complete.

Intelligence Community Implications

The quantum computing transition has implications for the intelligence community that extend beyond the defensive challenge of protecting U.S. communications from adversary quantum attack.

Offensive Cryptanalysis

The ability to break adversary encryption would represent an intelligence windfall of extraordinary magnitude. Current intelligence collection operations collect vast quantities of encrypted adversary communications that are inaccessible without the encryption keys. A quantum computer capable of breaking current public-key encryption would potentially unlock decades of accumulated encrypted collection against priority targets—a retrospective intelligence capability that would be strategically transformative.

This offensive dimension creates a complex intelligence policy challenge. If the United States achieves cryptographically relevant quantum computing before adversaries and is able to decrypt adversary communications, the value of that capability is maximized by keeping the existence of the capability secret. But the existence of PQC standards and the public migration guidance from NSA and CISA effectively signals that the U.S. government believes the threat is real and urgent—which, depending on adversary assessment, may accelerate their own PQC migration and reduce the window in which a U.S. quantum cryptanalytic capability would be operationally valuable.

Intelligence on Adversary Quantum Programs

Assessing the progress of adversary quantum programs—particularly China's—is itself a significant intelligence challenge. The classification of military and intelligence quantum programs means that open-source information provides an incomplete picture of true capabilities. Signals intelligence collection on quantum research communications, human intelligence on research programs, and technical intelligence collection on quantum hardware development all inform this assessment, but the inherent difficulty of assessing technical programs in denied environments means that uncertainty ranges are wide.

"The intelligence challenge of assessing adversary quantum progress is compounded by the dual-use character of the technology. The same hardware and software developments that create commercial quantum computing value also advance military quantum capabilities, and the personnel and research flows between commercial and defense applications in China—and to a lesser extent in Russia—make it difficult to cleanly separate commercial from military progress."

Quantum Key Distribution and Secure Communications

A separate but related quantum technology—quantum key distribution (QKD)—offers in principle a different approach to communications security. QKD uses quantum mechanical properties to distribute cryptographic keys in a manner that is theoretically detectable if intercepted. China has deployed the most extensive operational QKD network in the world, spanning thousands of kilometers, and has demonstrated QKD over satellite links.

The practical limitations of QKD for national security applications are significant, however. QKD requires dedicated specialized hardware and optical fiber or satellite infrastructure—it cannot be implemented as a software upgrade to existing communications systems. It protects only the key exchange step, not the encryption itself. And the "information-theoretic security" claimed for QKD depends on assumptions about the physical implementation that are difficult to guarantee in practice. For these reasons, most Western national security agencies have approached QKD as a complementary technology rather than a replacement for strong post-quantum encryption.

Quantum Sensing and Its Strategic Implications

Cryptography dominates public discussion of quantum national security implications, but quantum sensing—the application of quantum mechanical effects to detect physical phenomena with extraordinary precision—may have security implications that are more immediate and in some ways more consequential.

Quantum Sensing Capabilities

Quantum sensors exploit the extreme sensitivity of quantum states to environmental disturbances. They include atomic clocks with precision exceeding current GPS references, gravity gradiometers that can detect subsurface structures including tunnels, bunkers, and geological formations, magnetometers sensitive enough to detect the magnetic signatures of submerged submarines, and accelerometers and inertial navigation systems that can maintain precise position without GPS signals.

Several of these capabilities have direct military relevance. Submarine detection via quantum magnetometry or acoustic sensing would fundamentally alter the strategic calculus of submarine-based nuclear deterrence—submarines derive their deterrent value largely from their ability to operate undetected. Detection of underground facilities via gravity or seismic sensing would significantly improve the ability to identify and target hardened military infrastructure. GPS-independent navigation using quantum inertial systems would maintain precision guidance capability in GPS-denied environments—an important capability as adversary anti-satellite and electronic warfare capabilities advance.

Strategic Implications of Quantum Sensing

The strategic implications of deployed quantum sensing capabilities are in some respects more near-term than quantum computing implications, because quantum sensing devices of military relevance are closer to practical deployment than fault-tolerant quantum computers.

"Quantum sensing may be the most strategically disruptive quantum technology in the near-to-medium term precisely because it does not require the same fault-tolerance threshold as quantum computing. A quantum magnetometer capable of reliably detecting submarines does not need to be a universal quantum computer—it needs to outperform classical sensors by a sufficient margin in a specific operational context."

The deterrence implications of quantum sensing breakthroughs are particularly significant. Second-strike nuclear deterrence relies on the survivability of nuclear forces—the ability of nuclear-armed states to maintain the capacity to retaliate even after absorbing a first strike. Sea-based ballistic missile submarines are the most survivable element of most nuclear triads precisely because of their ability to remain undetected while submerged. If quantum sensing technology were to make submarine detection significantly more reliable, it would erode the survivability of sea-based deterrence in ways that could destabilize the existing nuclear balance.

Export Controls and Technology Transfer

Managing the international dimension of quantum technology development—ensuring that adversaries cannot leverage Western research, talent, and supply chains to accelerate their own quantum programs—has become a significant policy challenge for the United States and its allies.

The U.S. Export Administration Regulations (EAR) and associated control lists have been updated to include controls on certain quantum computing hardware and software, though the dual-use character of the technology and the global nature of academic research make comprehensive controls extremely difficult to implement. Academic research controls—restricting the participation of foreign nationals from adversary states in sensitive quantum research programs—are controversial both on academic freedom grounds and because of their uncertain effectiveness, given the global publication norms of basic quantum science.

The talent dimension presents a particularly acute challenge. The quantum computing workforce is global and highly mobile, and the United States benefits enormously from attracting top quantum researchers from around the world—including from China and other adversary states. Restrictions on this talent flow would impose real costs on U.S. quantum research capability while providing uncertain security benefit.

The current policy consensus in the United States appears to favor targeted controls on the most sensitive applications and hardware—particularly quantum computers above certain capability thresholds and certain dual-use components—while maintaining relative openness for basic research and lower-sensitivity applications. The adequacy of this approach will depend in significant part on whether the most consequential quantum advances emerge primarily from classified military programs or from openly published academic research.

Institutional Preparedness: A Diagnostic Assessment

Assessing how well major institutions are prepared for quantum computing's national security implications requires distinguishing between what has been done in policy terms—which is substantial—and what has been accomplished in implementation terms—which is lagging.

The U.S. policy framework is reasonably well-developed. NSA has published quantum vulnerability guidance. NIST has completed the PQC standardization process. NSM-10 (National Security Memorandum-10) established a formal framework for quantum risk management across the federal government. CISA has issued guidance for critical infrastructure operators. The Department of Defense has included quantum readiness in its cybersecurity maturity frameworks.

What is substantially lagging is implementation. The cryptographic migration required by NSM-10 is proceeding, but the scope of the undertaking—across thousands of federal systems, defense contractors, and critical infrastructure operators—means that completion is years away. Budget resources for the migration have been inconsistently allocated. The quantum workforce required to execute the migration is insufficient for the task. And the private sector, which controls most critical infrastructure, has received guidance but limited binding requirements and uneven regulatory pressure to complete migrations on any particular timeline.

"The gap between quantum policy development and quantum implementation is the central preparedness challenge of the moment. Excellent policy frameworks that are not resourced and executed do not protect systems. The practical question is whether institutions will complete their cryptographic migrations before adversaries achieve cryptographically relevant quantum capability—and on current trajectories, that race is uncomfortably close."

Conclusion: The Urgency of Structural Preparation

Quantum computing's implications for national security do not fit neatly into the categories through which most security challenges are understood. It is not a threat that can be deterred or contained—it is a technology transition that will occur regardless of any particular state's preferences. It is not a discrete event—it is an evolving capability that will cross meaningful thresholds at uncertain times that can only be estimated probabilistically. And it is not a threat that conventional security responses address—it requires a fundamental transformation of the cryptographic infrastructure that underlies all modern secure communications.

The appropriate response to this situation is not panic—the timelines involved, while uncertain, are not so compressed that thoughtful preparation is impossible. But it is also not patience. The harvest now, decrypt later threat means that data intercepted today may be vulnerable to future quantum decryption, making the protection of long-lived sensitive information an immediate concern. The migration complexity means that preparation must begin now to complete on any timeline consistent with even moderate-scenario quantum progress. And the geopolitical stakes—including the possibility that an adversary achieves cryptographically relevant quantum computing before adequate defensive preparation is complete—are serious enough to justify treating this as a strategic priority rather than a long-horizon planning consideration.

The institutional architecture required to manage quantum computing's national security implications exists in outline: PQC standards are published, policy frameworks are in place, major research programs are funded. What remains is the harder work of implementation—the multiyear, resource-intensive, technically demanding execution of cryptographic migration across the vast, heterogeneous landscape of information infrastructure that modern societies depend on. That work is underway but not on track. Accelerating it, resourcing it adequately, and holding institutions accountable for completing it are the central quantum security tasks of the next several years.

The window for preparation is real. It should not be assumed to be unlimited.

Sources & references

National Institute of Standards and Technology (NIST) Post-Quantum Cryptography Standardization Documentation National Security Agency — Quantum Computing and Post-Quantum Cryptography FAQs National Security Memorandum-10 (NSM-10), Biden Administration CISA Post-Quantum Cryptography Initiative publications MIT Technology Review Nature — Quantum Information series Science Physical Review Letters IBM Quantum research publications Google AI Quantum team publications RAND Corporation — Quantum Computing: An Emerging Ecosystem and National Security Considerations Congressional Research Service — Quantum Computing: Overview and National Security Implications Center for Strategic and International Studies (CSIS) — Quantum Futures project Brookings Institution — Quantum Computing and the National Security Challenge Financial Times — Quantum Technology coverage The Economist — Quantum Computing coverage Belfer Center for Science and International Affairs — Quantum Geopolitics John Preskill — Quantum Computing in the NISQ Era and Beyond Peter Shor — original Shor's algorithm publication, SIAM Journal on Computing European Quantum Flagship Program publications China's National Laboratory for Quantum Information Sciences research publications

Quantum Networking and the Quantum Internet

Beyond quantum computing, a parallel technology development with significant national security implications is quantum networking—the creation of communication links that use quantum mechanical properties to transmit information. The most mature application of quantum networking is quantum key distribution (QKD), discussed briefly above, but the longer-term vision is a quantum internet: a network in which quantum states can be transmitted, stored, and processed across geographic distances, enabling applications that go beyond what classical networks can support.

Technical Foundations of Quantum Networking

Quantum networking exploits two quantum mechanical properties that have no classical analogues: entanglement and quantum teleportation. Quantum entanglement refers to correlations between quantum states at separated locations that are stronger than any classical correlation—measuring the state of one particle instantaneously determines the state of its entangled partner, regardless of distance. Quantum teleportation uses entanglement to transfer the complete quantum state of a particle from one location to another, consuming the entanglement in the process.

These properties enable, in principle, a class of cryptographic and communication protocols that offer security guarantees based on fundamental physics rather than computational hardness assumptions. The most practically developed of these protocols is quantum key distribution, which uses quantum states to generate encryption keys that cannot be copied without detectable disturbance—an eavesdropper who attempts to intercept the key exchange introduces measurable errors that alert the communicating parties.

The practical challenge of building quantum networks at useful scale is formidable. Quantum states are extremely fragile: they decohere (lose their quantum properties) through interaction with the environment, and this decoherence limits the distance over which quantum states can be transmitted. Current fiber-based QKD systems are limited to roughly 100-200 kilometers without quantum repeaters—devices that can extend quantum communication distances by storing and re-transmitting quantum states. Quantum repeaters remain an active area of research and have not yet been deployed at operational scale.

Satellite-based quantum communication, pioneered by China's Micius satellite program, circumvents the fiber distance limitation by using free-space optical links between satellites and ground stations. China demonstrated satellite-mediated QKD between stations separated by over 1,000 kilometers in 2017, and has subsequently expanded its quantum satellite program significantly. This represents a genuine capability lead over other nations in this specific technology application.

National Security Implications of Quantum Networking

The national security implications of quantum networking extend in several directions. For communications security, operational quantum networks that are genuinely deployed—as opposed to research demonstrations—would provide a layer of cryptographic protection that is qualitatively different from classical cryptography: the security derives from physical laws rather than computational assumptions, and a future quantum computer cannot retroactively break quantum key distribution in the way it could break classical public-key encryption.

The intelligence collection implications are also significant. A foreign adversary that deploys operational quantum networking for its most sensitive communications would substantially reduce the value of classical intercept collection operations—encrypted communications secured by QKD are immune to the harvest now, decrypt later strategy that makes classical encryption vulnerable. Understanding the extent of adversary quantum networking deployment is therefore an important intelligence requirement.

"The distinction between a nation that has deployed operational quantum communication networks and one that has only demonstrated them in laboratory settings is strategically significant. Demonstration and deployment are very different—the transition from proof-of-concept to operational system requires engineering, integration, logistics, and maintenance capabilities that are often as demanding as the underlying physics."

The Financial Sector and Quantum Security

The financial sector has among the highest concentrations of cryptographically protected sensitive data in the world—and among the most complex technical environments to migrate to post-quantum cryptographic standards. Financial institutions are among the primary targets for both current cyberattacks and future quantum cryptanalytic threat, given the value of financial transaction data, customer information, and the systemic importance of financial infrastructure.

Cryptographic Exposure in Financial Infrastructure

Financial sector cryptographic exposure spans several categories. Payment networks use cryptographic authentication to verify transaction integrity and prevent tampering. Online banking and financial applications use TLS to protect communications between customers and institutions. Internal systems use cryptographic authentication for identity management and access control. Digital signatures protect the integrity of financial documents and regulatory filings. And increasingly, blockchain and distributed ledger systems use cryptographic foundations that are themselves vulnerable to quantum attack in some implementations.

The migration challenge in the financial sector is compounded by several factors specific to the industry. Legacy core banking systems—which in many financial institutions run on software written decades ago and cannot be readily updated—may use cryptographic implementations that are deeply embedded in the system architecture. International interoperability requirements mean that migration cannot occur unilaterally: a financial institution's cryptographic upgrade is only complete if its counterparties have also migrated, creating coordination challenges across global correspondent banking networks. And regulatory requirements in some jurisdictions may require specific cryptographic standards that have not yet been updated to reflect post-quantum standards.

Financial sector regulators—including the Federal Reserve, the Office of the Comptroller of the Currency, the European Central Bank, and others—have begun to issue guidance on quantum cryptographic risk management, but binding requirements and specific migration timelines vary significantly across jurisdictions, creating compliance ambiguity for internationally active institutions.

Nuclear Command and Control: The Most Consequential Quantum Risk

Among the specific national security applications where quantum computing's implications are most consequential—and most carefully classified—is nuclear command and control. The communications systems through which nuclear-armed states exercise command and control over their nuclear forces rely on cryptographic protections that, in some implementations, may be vulnerable to quantum cryptanalytic attack.

The Command and Control Vulnerability

Nuclear command and control systems are among the most carefully protected communications in any national security architecture, and the specific cryptographic implementations used in these systems are classified. However, the general principle applies: if communications related to nuclear command and control are protected by classical public-key cryptography that is vulnerable to Shor's algorithm, a state that achieves cryptographically relevant quantum computing capability could potentially compromise the integrity of adversary nuclear command and control systems.

This is not merely a theoretical concern. The ability to interfere with nuclear command and control—to introduce false orders, to deny communications, to compromise the authentication systems that verify the authority of nuclear launch commands—would represent one of the most strategically destabilizing capabilities that any state could possess. It would undermine the integrity of nuclear deterrence by creating uncertainty about whether launch commands are authentic, whether communications between political authorities and military forces are secure, and whether the nuclear forces of an adversary are under reliable command and control.

"The intersection of quantum computing and nuclear command and control is probably the most sensitive and consequential domain of quantum national security risk, and consequently the one about which the least is publicly known. What can be said with confidence is that the governments most seriously engaged with quantum computing policy are treating this intersection as a priority concern, and that the migration of nuclear command and control communications to quantum-resistant cryptographic standards is an urgent national security requirement."

The United States has publicly acknowledged the need to migrate nuclear command and control communications to quantum-resistant standards, and the Department of Defense's quantum computing policy documents reference the protection of nuclear-related systems as a priority. The specific timelines and implementation status of these migrations are not publicly disclosed.

Allied Quantum Cooperation Frameworks

The strategic importance of quantum technology, combined with the complexity and cost of the research required to advance it, has created strong incentives for allied cooperation in quantum programs. Several multilateral and bilateral frameworks for quantum cooperation have emerged among Western states.

The AUKUS partnership—established in 2021 among Australia, the United Kingdom, and the United States—includes quantum technology as one of its eight advanced technology pillars, alongside artificial intelligence, hypersonic weapons, and other strategic capabilities. AUKUS quantum cooperation includes joint research, technology sharing, and coordinated investment in quantum computing, quantum sensing, and quantum communications capabilities.

The Quad—the quadrilateral security dialogue among the United States, Japan, Australia, and India—has identified quantum technology as a priority for technological cooperation, with a focus on developing common standards, workforce development, and supply chain resilience. The European Union's Quantum Flagship program provides a framework for pan-European quantum cooperation that extends to some partner countries.

These multilateral frameworks serve several functions beyond pooling research resources. They help establish common technical standards for quantum technologies that are interoperable among allies and that can be distinguished from adversary systems. They create mechanisms for export control coordination that reduce the risk of technology transfer to adversary states through third-country intermediaries. And they build the shared understanding of quantum risks and capabilities that is necessary for coordinated defensive action.

The Quantum Workforce Challenge

Across all national quantum programs, the most consistently identified constraint is the availability of qualified quantum scientists, engineers, and technicians. The specialized knowledge required to work at the frontier of quantum computing—deep expertise in quantum mechanics, quantum error correction, control systems, cryogenic engineering, and quantum algorithms—requires extended training that the existing educational pipeline is not producing at the scale national programs require.

The workforce challenge has several distinct dimensions. At the research frontier, world-class quantum physicists and computer scientists are a genuinely scarce resource globally, and every major national program competes for the same small pool of talent. At the engineering level, the translation of quantum research results into reliable, manufacturable systems requires quantum engineers who combine physics knowledge with systems engineering capability—a profile that is even rarer than pure quantum researchers. At the technician and operator level, the specialized skills required to operate and maintain quantum systems are not widely taught.

The United States has the advantage of attracting international talent to its research universities, which host some of the world's leading quantum research programs and draw students and postdoctoral researchers from around the world—including from China. But this talent pipeline is subject to the national security tensions noted above: restrictions on foreign national access to sensitive quantum research reduce the talent pool available to U.S. programs.

Federal and state programs to expand the domestic quantum workforce—including investments in undergraduate quantum education, graduate fellowship programs, and workforce training initiatives for transitioning workers—are beginning to scale up, but the pipeline between educational investment and research capability is measured in years to decades. The workforce gap is not a problem that can be quickly solved regardless of investment levels.

International Governance and Arms Control Considerations

The arms control and international governance dimensions of quantum computing remain substantially underdeveloped relative to the strategic importance of the technology. Unlike nuclear weapons—where an elaborate architecture of treaties, verification mechanisms, and international institutions has been built over decades to manage the risk—quantum computing and quantum weapons technologies operate in an almost entirely ungoverned international space.

Several factors complicate quantum governance. The dual-use character of quantum technology is extreme: the same hardware and algorithms that enable quantum computing for civilian applications also enable military applications, and it is genuinely difficult to design governance frameworks that constrain the latter without impeding the former. The verification challenge is severe: assessing whether a state has achieved specific quantum computing capabilities requires access to highly classified technical programs, which states are unlikely to grant. And the strategic incentives for maintaining quantum capability secrecy—particularly the value of concealing whether cryptographically relevant quantum computing has been achieved—work directly against the transparency that arms control verification requires.

"The absence of international governance frameworks for quantum computing is not primarily a result of insufficient attention—it reflects genuinely difficult substantive challenges. The technology is too dual-use to control effectively, too dynamic to regulate with fixed specifications, and too strategically sensitive for the major powers to accept meaningful verification. What governance can realistically accomplish is norms-building, communication mechanisms, and incident-prevention frameworks rather than capability limits."

The most realistic near-term governance objective may be the development of norms and communication mechanisms that reduce the risk of miscalculation during the quantum transition period—particularly around the cryptographic vulnerability that will characterize the period between when quantum computers become capable of breaking current encryption and when post-quantum cryptographic migration is complete. Managing that transition period without catastrophic intelligence failures or defensive overreaction will require some degree of bilateral communication between major powers that does not currently exist in any structured form.

Conclusion Revisited: The Imperative of Structural Adaptation

The quantum computing transition is unusual among national security challenges in that the primary response—migrating cryptographic infrastructure to post-quantum standards—is technically well-defined, not dependent on any additional scientific breakthrough, and within the capability of all major institutions to undertake. The obstacle is not knowledge about what needs to be done; it is the organizational, financial, and political will to do it on a timeline that matches the risk.

The harvest now, decrypt later threat makes this urgency real today, not in some future scenario. Data that is being intercepted now—by adversaries who have correctly assessed the quantum computing timeline and who have invested in storage infrastructure to match—may be decrypted in the future when quantum computers become available. For long-lived sensitive information, the window for protection has already partially closed.

The most consequential institutional response to this situation is not the dramatic action of secret quantum programs or classified technology breakthroughs—it is the unglamorous, resource-intensive, technically demanding work of systematically migrating cryptographic infrastructure across the vast heterogeneous landscape of modern information systems. That work is the genuine strategic imperative of the quantum computing transition, and it requires the same disciplined, long-term institutional commitment that any major infrastructure transformation demands. The organizations and states that make that commitment now, before the capability gap closes, will have protected their most sensitive information. Those that do not will have made a strategic choice whose consequences they will live with for decades.

Quantum Computing and Artificial Intelligence: Convergence Implications

A dimension of quantum computing's national security implications that is attracting increasing analytical attention is the potential interaction between quantum computing and artificial intelligence. Both technologies are maturing simultaneously, and their convergence—if and when it occurs at operationally relevant scales—could amplify the capabilities of each in ways that are difficult to characterize precisely but strategically significant to consider.

The most discussed potential interaction is the possibility of quantum acceleration of machine learning training. Training large AI models—the computationally intensive process of adjusting billions of parameters to improve performance—currently requires massive classical computing resources. Quantum algorithms have been proposed that could theoretically accelerate certain aspects of machine learning training, though the practical realization of quantum speedup for real-world AI workloads remains an active research area with no demonstrated operational results at scale.

The strategic implication is not that quantum computing will revolutionize AI training in the near term—that outcome is speculative and probably decades away if achievable at all. Rather, it is that states investing in both quantum computing and AI simultaneously are positioning themselves to take advantage of synergies between the two technologies as they mature, and that the convergence of quantum and AI research programs is a meaningful indicator of long-term strategic ambition.

A more near-term and concrete interaction is the use of AI tools to accelerate quantum computing research itself. Machine learning approaches have already been applied to problems in quantum error correction, quantum circuit optimization, and quantum materials discovery, with results that have meaningfully advanced research progress in each area. This AI-assisted quantum research is occurring across leading programs globally and represents a genuine acceleration of the quantum development timeline relative to what would be achievable through human research alone.

Regulatory and Policy Landscape Evolution

The policy and regulatory landscape for quantum computing is evolving rapidly but unevenly across jurisdictions, creating a complex compliance environment for organizations with global operations and creating opportunities for regulatory arbitrage that adversarial actors may exploit.

In the United States, the primary quantum policy frameworks include the National Quantum Initiative Act, NSM-10, and the various export control regulations covering quantum hardware and software. The Biden administration built out substantial institutional capacity for quantum policy coordination across federal agencies, and the subsequent Trump administration has maintained the broad contours of this framework while emphasizing commercial development and private sector leadership.

In the European Union, the EU Quantum Flagship program provides a research funding framework, but a comprehensive regulatory approach to quantum computing—equivalent to the EU AI Act's approach to artificial intelligence—has not yet been developed. Discussions within EU institutions about quantum standards, security requirements, and export controls are ongoing but have not yet produced binding frameworks.

China's quantum policy is coordinated through national strategic planning mechanisms that integrate civilian, commercial, and military priorities—the civil-military fusion model that characterizes Chinese technology policy more broadly. The absence of independent regulatory institutions in China means that Chinese quantum policy reflects state strategic priorities directly, without the friction of regulatory independence that characterizes Western policy development.

The result of this uneven regulatory development is a global quantum policy landscape in which different jurisdictions have very different rules about quantum technology export, foreign investment in quantum companies, participation of foreign nationals in quantum research, and requirements for quantum security in regulated industries. Navigating this landscape requires legal and policy expertise that most quantum technology organizations are only beginning to develop.

"The regulatory landscape for quantum computing is where the technology meets the governance challenge directly. Organizations that invest in understanding and shaping this landscape—through engagement with regulatory bodies, participation in standards development, and sophisticated legal and policy capacity—will have advantages over those that treat regulation as a constraint to be managed reactively. The rules that govern quantum technology over the next decade are being written now, and the organizations that participate in writing them will be better positioned in the world those rules create."

The development of international quantum standards—for post-quantum cryptography implementation, for quantum device performance characterization, for quantum network protocols—is occurring through bodies including ISO, IETF, and ITU, as well as through national standards bodies including NIST. These standards will shape the interoperability of quantum systems across national borders and will influence which national approaches become global defaults. The participation of national standards bodies and their affiliated research institutions in international standards development is therefore a significant dimension of quantum strategic competition, in addition to the hardware, software, and talent dimensions more commonly discussed.