"Some physicists predicted that within the next 10 to 20 years quantum computers will be built that are sufficiently powerful to implement Shor’s ideas and to break all existing public key schemes. Thus we need to look ahead to a future of quantum computers, and we need to prepare the cryptographic world for that future.”

Prof Seth Lloyd of MIT, MIT Review 2008

"In the medium term, we need to be prepared for the eventuality that large quantum computers could be built: this would require an upgrade of most symmetric cryptographic algorithms and a completely new generation of public-key algorithms."

SecurIST, “D3.3 – ICT Security & Dependability Research beyond 2010: Final Strategy”, January 2007

"One often hears recommendations for key-sizes of public-key cryptosystems needed to obtain security for 30 years and even 50 years. Anyone wanting a real security of this magnitude should probably take the construction of the quantum computer into consideration."

ECRYPT, “D.PROVI.3 – First Summary Report on Unconditionally Secure Protocols”, January 2005

“Consider the use of smart cards ... for especially critical functions.  Although more costly than software, when properly implemented the assurance gain is great.  The form-factor is not as important as the existence of an isolated processor and address space for assured operations – an ‘Island of Security,’ if you will.  Such devices can communicate with each other through secure protocols and provide a web of security connecting secure nodes located across a sea of insecurity in the global net.”

Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need assurance!", 1999-2008

“Advances have often been done in steps, and beyond approximately 10 years into the future, the general feeling among ECRYPT partners is that recommendations made today should be assigned a rather small confidence level, perhaps in particular for asymmetric primitives.”

European ECRYPT Network of Excellence, “Yearly Report on Algorithms and Key Lengths (2007-2008)", 2008

"The future ability of quantum computers might be a decade or two away, their future ability to break public-key cryptography has important implications for the encryption of highly sensitive information today. For these applications, we must already design new public-key cryptosystems and one-way functions that are immune to quantum cryptanalysis."

ARDA, Report of the Quantum Information Science and Technology Experts Panel, 2004

"Even a relatively small quantum computer, one that had a few tens of thousands of qubits, could consider so many different values at once that it would be able to break all known [ed: RSA, D&H, ECC, AES-128] codes commonly used for secure Internet communication.”

Prof Seth Lloyd of MIT, MIT Review 2008

"My colleagues at MIT and I have been building simple quantum computers and executing quantum algorithms since 1996, as have other scientists around the world. Quantum computers work as promised. If they can be scaled up, to thousands or tens of thousands of qubits from their current size of a dozen or so, watch out!”

Prof Seth Lloyd of MIT, MIT Review 2008

Public key crypto key exchanges (RSA, D&H, ECC) would be ‘flat-lined’ under a quantum computer attack … "Open Problem”

Brian Snow, Former Technical Director of the US National Security Agency (NSA), Public Key Cryptography 30th Anniversary Conference, Dec 2006

“Systems built without requirements cannot fail; They merely offer surprises. Usually unpleasant!

Robert Morris, former Chief Scientist of the US National Security Agency (NSA), National Computer Security Center, 1995

“We are a cyber nation. The U.S. information infrastructure--including telecommunications and computer networks and systems and the data that reside on them--is critical to virtually every aspect of modern life. This information infrastructure is increasingly vulnerable to exploitation, disruption, and destruction by a growing array of adversaries.”

The National Coordination Office (NCO) for Networking Information Technology Research and Development (NITRD), Federal Register: December 30, 2008 (Volume 73, Number 250).

"The security of the digital world has become a fundamental stake for the citizen with respect to his individual freedom ..., for the company with respect to the protection of its computerized industrial assets, ..., and for the state with respect to the reliability of operations and the reduction in the vulnerability of large and critical infrastructures ...”

"Given their power to intercept and disrupt secret communications, it is not surprising that quantum computers have the attention of various U.S. government agencies.  The National Security Agency, which supports research in quantum computing, candidly declares that given its interest in keeping U.S. government communications secure, it is loath to see quantum computers built. On the other hand, if they can be built, then it wants to have the first one.”

Prof Seth Lloyd of MIT, MIT Review 2008

“New concepts for quantum computer implementations, algorithms, and advances in the theoretical understanding of the physics requirements for quantum computers appear almost weekly in the scientific literature.”

ARDA, Report of the Quantum Information Science and Technology Experts Panel

“It's not good enough to have a system where everyone (using the system) must be trusted, it must also be made robust against insiders!”

Robert Morris, former Chief Scientist of the US National Security Agency (NSA), National Computer Security Center, "Crypto '95 invited talks by R. Morris and A. Shamir", 1995

“Never underestimate the attention, risk, money and time that an opponent will put into reading traffic.”

Robert Morris, former Chief Scientist of the US National Security Agency (NSA), National Computer Security Center, "Crypto '95 invited talks by R. Morris and A. Shamir", 1995

“In the next five years we will counter many 'hacker' attacks but we will not be safe from Nation States and other large entities”

Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need assurance!", 1999-2008

"Many crypto-systems considered robust have been broken after a certain amount of time (between 10-20 years).  ... We need to build crypto-systems that offer long term security, for example for protecting financial and medical information (medical information such as our DNA may be sensitive information with impact on our children, our grandchildren and beyond)."