Quantum Computing: the future of computation

·

Quantum computing has moved beyond the laboratory promise and become a discipline with hardware accessible via cloud, publicly available industry roadmaps, and — most importantly — a regulatory urgency that already affects the security decisions of any organisation. Unlike a classical computer, which manipulates bits that hold either 0 or 1, a quantum computer operates on qubits that can remain in a superposition of both states and become entangled with one another. That physical difference is not an academic detail: it changes the class of problems that can be solved efficiently and, in doing so, forces a rethink of the cryptography on which the internet depends.

Qubits, superposition and entanglement

A qubit is described mathematically as a linear combination of the basis states |0'' and |1'', with complex amplitudes whose squared moduli sum to one. While the qubit remains unmeasured it retains that superposition; upon measurement it collapses to a classical value with a probability determined by those amplitudes. Entanglement allows the state of one qubit to depend on the state of another, even when they are physically separated, so that a register of n qubits simultaneously represents 2n configurations. A 50-qubit processor spans, in superposition, more than one quadrillion states — a figure far beyond the memory capacity of any classical supercomputer.

The principal obstacle is decoherence: the fragility of those states in the face of environmental noise (vibrations, thermal radiation, electromagnetic fields). This is why the superconducting processors of IBM or Google operate at millikelvin temperatures, close to absolute zero, inside dilution refrigerators. Gate error rates today hover around 0.1–1%, still far from the threshold required for arbitrarily long computations without error correction.

Qubit technologies: superconductors, trapped ions and photonics

There is no single path to quantum advantage. The main technology families compete on different properties:

TechnologyCoherence timeGate speedMain challenge
Superconductors (IBM, Google)Tens to hundreds of µsVery high (ns)Cryogenic cooling and connectivity
Trapped ions (IonQ, Quantinuum)SecondsSlower (µs)Scaling the number of ions
Photonics (PsiQuantum, Xanadu)High, operates at room temperatureVariableOn-demand photon generation
Neutral atoms (Pasqal, QuEra)HighMediumIndividual control and addressing

Quantum error correction is the bridge between these noisy prototypes (the NISQ era, Noisy Intermediate-Scale Quantum) and the fault-tolerant computer. Codes such as the surface code group tens or hundreds of physical qubits to form a single reliable logical qubit. Conservative estimates place the cost of each logical qubit at thousands of physical qubits, which explains why roadmaps speak of millions of physical qubits for cryptographically relevant applications.

The underlying technical principle is the threshold theorem: if the error rate per physical operation remains below a critical value (around 1% for the surface code), then adding more physical qubits exponentially reduces the error probability of the logical qubit. Below the threshold, scaling improves reliability; above it, scaling makes things worse. A large part of the effort by hardware manufacturers in 2026 is focused on consistently staying below that threshold and demonstrating logical qubits whose error rate improves as the code distance increases. That is the milestone that separates academic demonstration from industrial utility.

It is also worth distinguishing between two paradigms of quantum computation. The gate-based model executes circuits of unitary operations on qubits and is general-purpose; this is the path of IBM, Google, IonQ and Quantinuum. Quantum annealing, associated with D-Wave, does not execute arbitrary circuits but instead searches for the minimum-energy state of a system, targeting optimisation problems. They are not equivalent or interchangeable: the gate-based model is the only one that can run Shor's algorithm, while annealing addresses a narrower class of combinatorial problems.

Algorithms that change the rules

The practical interest in quantum computing rests on specific algorithms with demonstrated advantages:

Post-quantum cryptography: the migration that cannot wait

The threat is not only future. The harvest now, decrypt later model describes an adversary who captures encrypted traffic today to decrypt it once a mature quantum computer is available. This is why migration to post-quantum cryptography (PQC) is already an IT governance project. In 2024 NIST published the first definitive standards: FIPS 203 (ML-KEM, based on CRYSTALS-Kyber for key encapsulation), FIPS 204 (ML-DSA, digital signature based on CRYSTALS-Dilithium) and FIPS 205 (SLH-DSA, hash-based signature). These algorithms resist both Shor's and Grover's algorithms because they rely on lattice problems and hash functions with no exploitable algebraic structure.

A realistic migration roadmap involves several phases: (1) inventorying where and how asymmetric cryptography is used (TLS, VPN, code signing, internal PKI); (2) classifying data by confidentiality lifespan; (3) deploying hybrid cryptography combining a classical algorithm with a PQC one during the transition; (4) verifying performance, since PQC keys and signatures are larger and affect the handshake; and (5) establishing cryptographic agility to replace algorithms without redesigning applications.

Numbers help to size the challenge. An RSA-2048 public key occupies around 256 bytes; an ML-KEM-768 key is about one and a half kilobytes, and an ML-DSA signature can exceed two and a half kilobytes compared with the few hundred bytes of an ECDSA signature. In a protocol such as TLS, this increase translates into heavier handshakes, greater bandwidth consumption, and, on memory-constrained devices, real limitations. The migration is therefore not a simple library swap: it requires end-to-end testing, reviewing maximum message sizes and planning the impact on infrastructure with long-lived embedded devices — meters, payment terminals or industrial equipment that will be in service for a decade or more.

Bodies such as ENISA at the European level and the Centro Criptológico Nacional in Spain have published guidelines recommending that the transition begin now and that hybrid approaches be prioritised during the coexistence phase. The regulatory consensus is unambiguous: cryptographic agility — the ability to swap algorithms without rewriting the application — is no longer merely good practice but a design requirement for any new system.

Real use cases beyond the hype

It is worth separating what already delivers experimental value from what remains speculative. In molecular simulation, quantum chemistry is the domain where the theoretical advantage is clearest, because simulating quantum systems on classical hardware scales prohibitively. Pharmaceutical and materials companies are already exploring ground-state energy calculations for small molecules as proof-of-concept. In optimisation (logistics, financial portfolios, production scheduling), variational algorithms such as QAOA and quantum annealing are being tested on pilot problems, though the advantage over the best classical solvers has not yet been demonstrated conclusively. In quantum machine learning, research is active but results are still preliminary. An honest summary for a board of directors: today the return on investment lies in training the team, prototyping on cloud hardware, and preparing for post-quantum cryptography. Broad operational transformation will follow when error correction matures at scale.

Common mistakes when planning adoption

The first is confusing media hype with real-world availability: as of today, no quantum computer exists that can break RSA-2048, and promising that milestone in the short term to a board destroys credibility. The second is postponing PQC migration on the grounds that "there is no machine yet"; sensitive data with decades-long confidentiality requirements is already at risk from traffic harvesting. The third is underestimating the impact on certificates, HSMs and embedded devices with long lifecycles. And the fourth is expecting quantum programming to resemble classical programming: it requires reasoning with probabilities, noise and a limited number of measurements, not line-by-line debugging.

Frequently asked questions

Will quantum computers replace classical ones? No. They are accelerators for specific classes of problems (factorisation, simulation, certain optimisation tasks). For office productivity, databases or serving web pages, classical hardware will remain more efficient and affordable.

When should I begin migrating to post-quantum cryptography? Now. With the FIPS 203/204/205 standards published, the prudent course is to start with a cryptographic inventory and long-lived data assets, without waiting for an operational threat to materialise.

What is "quantum advantage"? The point at which a quantum machine solves a useful problem faster or more cheaply than the best known classical method. Supremacy experiments have been demonstrated on artificial tasks, but advantage on problems with commercial value remains an open target.

Can I experiment without buying hardware? Yes. Cloud platforms such as IBM Quantum or Amazon Braket provide access to real processors and simulators, and SDKs such as Qiskit or Cirq enable circuit prototyping without any investment in cryogenic infrastructure.

Conclusion

Quantum computing confronts organisations with two distinct clocks. One moves slowly: the arrival of fault-tolerant machines with broad commercial utility is still measured in years and depends on solving error correction at scale. The other is already running: the obligation to protect data against harvest-and-decrypt-later attacks, which makes migration to post-quantum cryptography a task for today, not tomorrow. The sensible strategy for 2026 is not to purchase a quantum computer, but to audit the cryptographic inventory, adopt cryptographic agility and PQC hybrids, and train the team to understand a probabilistic paradigm. At Summum Sistemas we approach that preparation as a security continuity project, not as a speculative technology bet.