Y2Q Lessons to be Learned from the Y2K Experience
In the late 1990’s there were many fears that our computing infrastructure would break down at the turn of the Century and that mass chaos would ensue for many systems that depended upon computer control and management. The cause of this concern was a programming bug dubbed Y2K. Today, much is made of Y2Q, the supposed point in time when quantum computers develop to the point where they can break widely used encryption schemes. Inside Quantum Technology believes that an what happened with Y2K should educate any analysis of Y2Q.
The Y2K Story
Y2K resulted from the usage of early computer programmers to only use two bytes of data to denote the last two digits of the year and assume that the prefix would always remain “19”. This seemed reasonable when some of these programmers were initially created in the 1960’s and 1970’s. Not only were memory bytes expensive at that time, but no one expected that their programs would still be used 30 or 40 years hence. Even the famed economist Alan Greenspan admitted to doing this when he wrote economic modeling programs in the early part of his career.
The problem with using two bytes would supposedly manifest itself at midnight on December 31, 1999 when the year 2000 came along. People would fear that all these old programs would get confused and cause major problems. For example, a person making a bank deposit in 1999 and withdrawing it in 2000 would not collect one years’ interest, but be penalized for taking a loan of the money for 99 years. Even more frightening, were concerns that computer systems controlling important infrastructure such as the power grid, air traffic control, natural gas and water plants and communications networks would go haywire and break down.
During this time, many folks were predicting the worst. Survivalists stocked up on food, sporting goods and other supplies. Insurance companies sold insurance policies to cover business failures due to Y2K. And attorneys prepared class action lawsuits to be served upon anyone who did not adequately prepare for Y2K.
In the end, there were almost no failures that resulted from this Y2K issue. In the preceding years, both government and industry had staffed up to attack the problem. The U.S. government passed the Year 2000 Information and Readiness Disclosure Act, a Y2K.gov web site was set up, every federal agency established its own Y2K task force, and they even established a Center for Year 2000 Strategic Facility as a joint operation with the Russian Federation. Similarly, private industry stepped up and either fixed or replaced all of their software to use four bytes for the date. (Note that there still may be a problem when the year 10,000 comes along, and perhaps we will write about that 7,900 years from now!)
However, the cost of achieving this minimal level of problems was not cheap. Worldwide, it has been estimated that $300 billion was spent in fixing or replacing the old programs that were susceptible to the Y2K bug.
Y2Q Follows Y2K
Inside Quantum Technology believes that there will be significant parallels between Y2K and Y2Q, the time when a quantum computer becomes available that can break the commonly used public key cryptographic algorithms used on the Internet. The problem has already become very well recognized and several organizations, including the U.S. National Institute of Standards and Technologies (NIST), which is already working on a solution. And there is still plenty of time left. The U.S. National Academies of Science released a report in December 2018 titled Quantum Computing: Progress and Prospects where they said “it is highly unlikely that a quantum computer that can compromise public-key cryptography – a basis for the security of most of today’s computers and networks – will be built within the next decade”.
Even though some people are forecasting major problems when the bad guys obtain a quantum computer and gain access to all of the world’s secret communications, it is IQT’s belief that government and industry will step up to the challenge and convert the world’s digital communication infrastructure to use quantum resistant cryptographic techniques and prevent significant problems.
Like Y2K, finding a solution to the Y2Q problem will not come cheap. IQT is forecasting that by the year 2029, there will be 10 – 20 billion systems that will either need to be upgraded or replaced. The vast majority of these will either be mobile phones or PC’s and they will be automatically upgraded when a new version of operating system is installed. There will also be many IOT devices that will require attention as well as many special purpose systems in the cloud or elsewhere that will need to be upgraded. So for the next ten years there will be a lot of activity and “grunt work” on the part of the information technology community to implement these quantum resistant solutions.
There is one key difference between Y2K and Y2Q, though. In Y2K, there was a concrete deadline of December 31, 1999 to have the problem fixed. At this time, no one can precisely say when a solution for Y2Q will be needed. So our recommendation to readers is to start thinking about this transition and put the necessary activities of upgrading their public key cryptography on their planning map. It would not be wise to wait until the last minute because no one really knows when that will be.
To learn more about quantum resistant cryptography and quantum technology in general, visit the Inside Quantum Technology Conference, which will be held at the Hynes Convention Center, Boston, March 19-21. Also note that Inside Quantum Technology has reports on Post Quantum Cryptography (PQC) and Quantum Key Distribution (QKD) which are now both available.