Quantum Software Security

Abstract

The rapid advancement of quantum computing poses an unprecedented and existential threat to the cryptographic foundations underpinning modern software systems. Classical asymmetric cryptographic primitives — including RSA, Elliptic Curve Cryptography (ECC), and the Diffie-Hellman key exchange — are provably vulnerable to Shor's algorithm, executable on sufficiently powerful quantum hardware. This data analysis study presents a comprehensive investigation of quantum computing security threats across the software design lifecycle, employing a Fuzzy Analytic Hierarchy Process (Fuzzy-AHP) to systematically quantify and prioritize eight critical security dimensions: confidentiality, integrity, availability, authentication, non-repudiation, key management, side-channel resistance, and forward secrecy. Data were collected through structured expert surveys involving 47 domain specialists, supplemented by empirical performance benchmarks of six post-quantum cryptographic (PQC) algorithms standardized or under consideration by the National Institute of Standards and Technology (NIST) in 2024. Our Fuzzy-AHP analysis yields a global Consistency Ratio (CR) of 0.047, well within the acceptable threshold of 0.10, validating the reliability of expert judgments. Results demonstrate that confidentiality (weight: 0.920) and integrity (weight: 0.880) are the highest-priority security dimensions in the quantum threat context. Comparative data analysis of classical, hybrid, and full post-quantum deployments reveals that quantum attack resistance improves by 9,300% under full PQC adoption relative to classical cryptography alone, while introducing a 663% increase in key exchange latency. A five-phase quantum-safe software design framework is proposed and validated against the SDLC. The study concludes with actionable guidance for software architects, security engineers, and organizational decision-makers navigating the transition to quantum-resilient software infrastructure.