The computers that could shatter the encryption protecting every bank transaction, government secret, and private message in the world do not yet exist. But they are being built. And some of the damage may already be done.
What Quantum Computing Actually Is
Classical computers — every laptop, server, and smartphone in existence today — process information in bits: values that are either 0 or 1. Every calculation, every encrypted message, every financial transaction is ultimately a very long sequence of these binary switches being flipped on or off. The fundamental limitation of classical computing is that it can only evaluate one possibility at a time, even if it does so very fast.
Quantum computers work on entirely different principles drawn from quantum mechanics — the branch of physics that describes the behaviour of matter at the subatomic scale. Instead of bits, quantum computers use qubits, which exploit two quantum phenomena:
- Superposition — a qubit can exist as 0, 1, or any combination of both simultaneously, until it is measured. This means a quantum computer with 300 qubits can represent more states at once than there are atoms in the observable universe.
- Entanglement — qubits can be linked so that the state of one instantly determines the state of another, regardless of physical distance. This allows quantum computers to coordinate calculations across many qubits in ways classical machines fundamentally cannot replicate.
The practical consequence is that quantum computers can explore vast numbers of possible solutions simultaneously for certain types of problems — particularly mathematical problems involving factoring large numbers and computing discrete logarithms. Those two mathematical problems happen to be the foundations of virtually every major encryption system in use worldwide today.
Where Quantum Computing Stands Right Now
The quantum computing industry crossed a significant inflection point in 2025. The global quantum computing market reached USD 1.4 billion in revenues — part of a broader USD 1.9 billion quantum technology sector that grew 30 percent year over year. Private venture capital investment in quantum startups reached USD 4.9 billion in 2025, a 192 percent increase over 2024, while cumulative public funding commitments rose by more than USD 12.7 billion to an estimated USD 56.7 billion globally. [1]
The key technical development of 2025 was a shift in how progress is measured. The industry moved beyond raw qubit counts toward error-corrected logical qubits — qubits that produce dramatically fewer errors than their physical counterparts. Quantinuum reported logical qubits achieving 22 times lower failure rates than physical qubits. [2] Meanwhile, Oxford researchers achieved record-low quantum logic-gate error rates, and IBM delivered on its roadmap target of quantum advantage — the point at which a quantum computer outperforms any classical machine on a commercially meaningful task — by the end of 2025. [3]
Key Hardware Milestones
| Developer | Milestone | Date |
|---|---|---|
| Willow chip — 105 qubits, achieved below-threshold error correction; solved a benchmark problem in under 5 minutes that would take the fastest supercomputers 10 septillion years | December 2024 | |
| IBM | Nighthawk processor delivering 5,000+ two-qubit gates; targets fault-tolerant quantum computing by 2029; expects 7,500 gates by end of 2026 | November 2025 |
| Fujitsu / RIKEN | Launched 256-qubit superconducting quantum computer; targeting 1,000-qubit machine by 2026 | April 2025 |
| Pasqal | Neutral atom architecture targeting 10,000-qubit system with scalable logical qubits by 2026 | 2025 roadmap |
| Research (general) | Demonstrated that 1,399 logical qubits could factor RSA-2048 in under a week — a key cryptographic benchmark | 2025 |
Sources: Forrester Research, IBM Newsroom, QED-C State of the Global Quantum Industry 2026. [2][3][1]
Critically, the quantum resources needed to break modern encryption have dropped sharply. Three research papers published between mid-2025 and early 2026 reduced the estimated qubit count needed to break RSA encryption by an order of magnitude — from around 20 million qubits to fewer than one million, and potentially fewer than 100,000 under newer computational architectures. A related paper reduced the qubit requirement for breaking elliptic curve cryptography — which protects most digital signatures and every major cryptocurrency — to fewer than 500,000 qubits. One of these papers was considered so sensitive that its authors published a cryptographic proof that the attack circuits work, without releasing how they work. [4]
The trajectory is clear: the technical barriers between today’s quantum computers and encryption-breaking capability are falling faster than most security planners had anticipated.
How Encryption Works — and Why Quantum Breaks It
To understand the threat, it helps to understand briefly what today’s encryption actually does.
Modern digital security rests almost entirely on public-key cryptography — a system in which every user has two mathematically related keys: a public key anyone can see, and a private key only the owner holds. Encrypting a message with someone’s public key produces ciphertext that only their private key can unlock. The security of this system depends on one key asymmetry: it is computationally easy to multiply two large prime numbers together, but computationally infeasible for a classical computer to reverse the process — to factor the resulting number back into its original primes — when the numbers are large enough.
The three dominant cryptographic systems in global use today all depend on variations of this principle:
- RSA — used in HTTPS, VPNs, email encryption, software signing, and digital certificates. Its security rests on the difficulty of factoring large integers.
- Elliptic Curve Cryptography (ECC) — used in TLS, secure messaging, Bitcoin and other cryptocurrencies, and most modern digital signatures. Its security rests on the difficulty of the elliptic curve discrete logarithm problem.
- Diffie-Hellman key exchange — used to establish shared secret keys over insecure channels. Its security also rests on the discrete logarithm problem.
In 1994, mathematician Peter Shor published an algorithm — now known as Shor’s algorithm — that demonstrated a sufficiently powerful quantum computer could factor large integers and compute discrete logarithms exponentially faster than any classical machine. The implication was stark: once a quantum computer powerful enough to run Shor’s algorithm at scale exists, RSA, ECC, and Diffie-Hellman are all broken — simultaneously and completely. Not weakened, not slower, but broken. [5]
What protects this from being an immediate problem is that Shor’s algorithm requires a quantum computer with millions of error-corrected logical qubits — far beyond what any current machine delivers. Google’s Willow chip, for instance, operates with 105 physical qubits. Estimates from Google itself suggest that breaking RSA would require approximately 4 million physical qubits, and that timeline remains at least a decade away on current trajectories. [6]
That gap between current capability and the threshold for breaking encryption is called the cryptographically relevant quantum computer (CRQC) gap — and it is narrowing. The question is not whether it will close, but when.
“The issue is not whether such systems are available now, but how long it takes to change cryptography at scale.”— Nomios cybersecurity analysts, December 2025 [5]
The “Harvest Now, Decrypt Later” Threat — Already Active
Here is where the threat becomes immediate, not merely theoretical.
Sophisticated state-level adversaries do not need a quantum computer today to begin exploiting quantum vulnerabilities. They are almost certainly already doing so through a strategy known as “harvest now, decrypt later” (HNDL): systematically intercepting and storing encrypted communications today, with the intention of decrypting them when quantum computers mature sufficiently to do so. [7]
⚠ This threat is not future tenseData encrypted with RSA or ECC and transmitted over any network between approximately 2019 and 2025 has very likely already been intercepted and archived by well-resourced adversaries. That data cannot be retroactively re-encrypted. If it contains information that will still be sensitive in 2030 or beyond — government secrets, medical records, financial data, military plans — it is already at risk, regardless of whether the organisation has migrated to quantum-safe encryption since. [8]
The Federal Reserve published a research paper in September 2025 examining this exact risk for distributed ledger networks, noting that an adversary who obtains a copy of a blockchain’s transaction history today can hold it until quantum computers mature, then decrypt previously obfuscated data. Bitcoin’s entire transaction history is public, permanent, and secured with ECDSA signatures that quantum computers are expected to eventually break. [9]
At the Vanderbilt Quantum Forum in April 2026, Doug Adams of Vanderbilt’s Institute of National Security described the situation plainly: “They’re capturing the data and they’re waiting. They’re very patient.” [10]
A 2026 academic study published on arXiv formalised this threat, modelling HNDL attacks across TLS 1.2, TLS 1.3, QUIC, and SSH protocols. The researchers found that retaining intercepted traffic is economically trivial for a well-resourced adversary — meaning the question is no longer whether harvesting is happening, but how much data has already been collected. [11]
Mosca’s Theorem formalises the urgency mathematically: if X is the number of years data needs to remain protected, Y is the number of years it will take an organisation to migrate its cryptographic infrastructure to quantum-safe standards, and Z is the number of years until a cryptographically relevant quantum computer exists — then if X + Y > Z, that organisation’s data is at risk. For many government agencies, financial institutions, and healthcare systems, whose data has decades-long sensitivity requirements and whose cryptographic infrastructure can take five to ten years to migrate, that equation is already resolved in the adversary’s favour. [8]
The Geopolitical Dimension: The US-China Quantum Race
Quantum computing is not only a technical challenge. It is a strategic competition with significant national security implications — and the two primary players are the United States and China.
The US-China Economic and Security Review Commission’s 2025 annual report to Congress stated unambiguously that China is likely racing to build quantum computers that could threaten global cryptographic systems, and may be concealing the status of its most advanced projects. The Commission described this as one of the most significant strategic risks facing the United States, and called for a “Quantum First” national goal by 2030. [12]
China has identified quantum technology as a national strategic priority in its current Five-Year Plan (2026–2030), stating explicitly that the goal is to make quantum technology “a new economic growth point.” The country has deployed industrial-scale funding through a coordinated ecosystem linking universities, research institutes, and government-backed industry. [13]
America retains a research lead across most quantum domains, but that lead is narrowing. Between 2021 and 2025, China launched a significantly expanded nuclear submarine building programme while simultaneously investing in quantum sensing, quantum communication, and computing. The Royal United Services Institute noted in 2025 that US export controls on quantum-related components have had an unintended consequence: accelerating China’s development of a fully domestic quantum supply chain, reducing its dependency on Western technology. [14]
The US-China Economic and Security Review Commission was explicit about the stakes: “The country that achieves supremacy in quantum computing will play an oversized role in how the digital economy is encrypted; unlock transformative advances in materials science, energy production, and medical research; and secure disproportionate and likely enduring advantages in intelligence collection and precision targeting.” [15]
If China — or any other state actor — achieves a cryptographically relevant quantum computer before the rest of the world has migrated to quantum-safe encryption standards, the consequences would be immediate and severe: the ability to decrypt classified government communications, compromise financial systems, read diplomatic cables, and expose intelligence networks, retroactively, across years of previously collected data.
Which Encryption Systems Are Vulnerable — and Which Are Not
Vulnerable to Quantum Attack (via Shor’s Algorithm)
| Algorithm | Where It Is Used | Quantum Vulnerability |
|---|---|---|
| RSA | HTTPS, VPNs, email, digital certificates, software signing | Completely broken by Shor’s algorithm |
| Elliptic Curve Cryptography (ECC / ECDSA / ECDH) | TLS, secure messaging, cryptocurrencies, digital signatures | Completely broken by Shor’s algorithm |
| Diffie-Hellman key exchange | Establishing shared keys in VPNs, TLS, SSH | Completely broken by Shor’s algorithm |
| DSA (Digital Signature Algorithm) | Software authentication, government systems | Completely broken by Shor’s algorithm |
Resistant or Partially Resistant to Quantum Attack
| Algorithm | Where It Is Used | Quantum Status |
|---|---|---|
| AES-256 | Symmetric data encryption — files, databases, storage | Survives quantum attack with doubled effective security; still considered safe with 256-bit keys |
| SHA-256 / SHA-3 | Hash functions — data integrity, blockchain mining | Weakened but not broken; security roughly halved by Grover’s algorithm |
Sources: NIST Post-Quantum Cryptography project; Nomios cybersecurity analysis. [16][5]
The critical point is that the most widely deployed security infrastructure on the internet — everything that uses public-key cryptography — belongs in the vulnerable category. This includes every secure website (HTTPS), every VPN connection, every encrypted email, every digital signature on a software update, and every transaction in every major cryptocurrency. Symmetric encryption (AES-256) is not broken by quantum computing and remains safe — but it is used for encrypting data at rest, and the keys that protect it are exchanged using public-key methods, which are vulnerable. Fixing the key exchange is therefore essential even if the underlying encryption survives. [5]
The Response: Post-Quantum Cryptography (PQC)
The world’s cryptographic institutions have not been idle. The US National Institute of Standards and Technology (NIST) launched a post-quantum cryptography standardisation project in 2016, inviting cryptographers worldwide to submit and evaluate quantum-resistant algorithms. After nearly a decade of evaluation, on 13 August 2024, NIST published its first three finalised post-quantum cryptography standards: [16]
- FIPS 203 (ML-KEM) — based on Module-Lattice cryptography, the primary standard for general encryption. Originally submitted as CRYSTALS-Kyber; developed with IBM involvement.
- FIPS 204 (ML-DSA) — a lattice-based digital signature standard. Originally CRYSTALS-Dilithium; also IBM-developed.
- FIPS 205 (SLH-DSA) — a stateless hash-based digital signature standard (formerly SPHINCS+), based on entirely different mathematics to FIPS 204, providing a backup in case ML-DSA proves vulnerable.
In March 2025, NIST added a fifth algorithm: HQC, selected specifically as a backup standard using code-based cryptography — a different mathematical approach to ML-KEM — to ensure that if ML-KEM is eventually found to be vulnerable, a fallback exists. [17]
NIST’s transition timeline (IR 8547) sets clear deadlines: quantum-vulnerable algorithms are to be deprecated after 2030 and disallowed after 2035, with widely used schemes including RSA-2048 and ECDSA with P-256 explicitly in scope. The US National Security Agency has already mandated quantum-resistant algorithms for all national security systems under the CNSA 2.0 framework, requiring that all new national security systems be quantum-safe by January 2027. [4]
The G7 nations declared 2026 the “Year of Quantum Security”, and the European Union has mandated that member states develop post-quantum cryptography migration plans by 31 December 2026, with critical infrastructure required to be quantum-safe by 2030. [8]
The Migration Challenge
Publishing new standards is the easy part. Migrating the world’s cryptographic infrastructure is a different order of problem entirely. Consider what needs to change:
- Every web server and browser supporting HTTPS needs updated TLS implementations
- Every VPN gateway needs updated key exchange protocols
- Every code-signing certificate and certificate authority needs updating
- Every hardware security module (HSM) — the physical devices that store cryptographic keys in banks, government agencies, and data centres — may need hardware replacement
- Every Internet of Things device with hardcoded cryptography needs either firmware updates or physical replacement
- Legacy industrial control systems and operational technology (OT) networks — many of which run software that hasn’t been updated in decades — present the hardest problem of all
A 2026 analysis estimated that retrofitting post-quantum encryption into large enterprises — particularly where cryptography is hardcoded into legacy applications — could cost over £100 million per organisation. [18] A survey found that 56 percent of mid-sized organisations admitted they are not prepared for the quantum transition, and nearly 50 percent had not yet integrated quantum computing into their security strategy at all. [8]
The transition also introduces new technical complications: post-quantum algorithms typically produce larger key sizes and larger signatures than current algorithms. ML-KEM keys are roughly 1.5 to 3 kilobytes versus RSA-2048’s 256 bytes. This increases bandwidth consumption and latency — a material concern for high-frequency trading systems, real-time communications, and constrained IoT environments. [18]
The Timeline: When Does the Threat Actually Arrive?
Experts remain divided on the precise timeline, but the range of estimates has narrowed significantly since 2025. The most authoritative assessments:
| Source | Estimate for Cryptographically Relevant Quantum Computer (CRQC) |
|---|---|
| Forrester Research (March 2026) | Practical quantum utility feasible within five years; CRQC a distinct but near-term milestone |
| Global Risk Institute Quantum Threat Timeline Report 2024 | Meaningful probability of CRQC by the mid-2030s; risk begins earlier due to HNDL |
| IBM (official position) | Fault-tolerant quantum computing by 2029; encryption-breaking capability dependent on subsequent scaling |
| Google (official position) | Breaking RSA requires ~4 million physical qubits; at least a decade away on current trajectories |
| Cloudflare (May 2026) | Q-Day pulled forward significantly from earlier 2035+ estimates; neutral atom architectures accelerating timelines |
| NIST / US Government planning horizon | Deprecating vulnerable algorithms by 2030; disallowing by 2035 — implying CRQC feasible in this window |
Sources: Forrester, Global Risk Institute, IBM, Google, Cloudflare, NIST. [2][3][6][19][16]
The consistent theme across expert assessments is that the window for comfortable, orderly migration is closing. The three 2025–2026 research papers that dramatically reduced qubit requirements for breaking encryption have shifted expert opinion toward earlier timelines. As Cloudflare noted in May 2026, neutral atom quantum architectures — which allow far greater qubit connectivity than superconducting designs — have advanced further and faster than expected, compressing the timeline toward Q-Day. [19]
What This Means for Security Professionals
Quantum computing may seem like a concern for governments and technology companies. For security professionals in any sector — including physical security — the implications are more direct than they might appear.
Access Control and Physical Security Systems
Modern access control systems — smart card readers, biometric systems, key fob-based entry, and networked door controllers — communicate using encrypted protocols. Many of these systems rely on the same public-key cryptography that quantum computers will eventually break. If the back-end servers managing an access control system are compromised via a cryptographic break, the physical security of every building that system controls is compromised. A CRQC would allow an attacker to forge the digital credentials used to authorise access without physically cloning a card or badge.
CCTV and Video Surveillance Networks
IP camera networks transmit video over encrypted connections. Management credentials for networked surveillance systems are protected by the same cryptographic protocols at risk. Organisations whose surveillance footage is of long-term value — government facilities, financial institutions, critical infrastructure sites — should consider that footage intercepted today could eventually be decrypted, exposing sensitive operational information captured on camera.
Encrypted Communications Used by Security Teams
Radio communications, secure messaging applications, and encrypted email used by security operations teams all rely on the same vulnerable cryptographic foundations. HNDL attacks against communications from security-sensitive organisations are not hypothetical — they are an assumed feature of high-capability adversary intelligence collection. [7]
Supply Chain and Vendor Risk
Security technology vendors — manufacturers of access control hardware, video management software, and guard management platforms — face the same cryptographic migration challenge as any other software company. A vendor that has not committed to a post-quantum migration roadmap represents a supply chain risk for any organisation that relies on their products through the 2030s.
What Organisations Should Be Doing Right Now
NIST, NSA, the European Union, and the G7 have all arrived at the same conclusion: migration must begin now, not when quantum computers actually threaten encryption. The migration timeline is measured in years; the threat arrival window is measured in years. There is no margin for waiting. The recommended steps: [16][8]
- Cryptographic inventory — identify every system in your organisation that uses public-key cryptography. This is harder than it sounds; cryptography is embedded in firmware, vendor software, and communications infrastructure that organisations often don’t realise they depend on.
- Prioritise by data sensitivity and longevity — systems handling data that needs to remain confidential beyond 2030 should be migrated first.
- Adopt hybrid cryptography during transition — running classical and post-quantum algorithms in parallel provides immediate protection while maintaining backward compatibility.
- Evaluate vendor quantum readiness — ask every technology vendor what their post-quantum migration roadmap is and when quantum-safe versions of their products will be available.
- Stop generating long-lived RSA/ECC key pairs for sensitive applications — new key material generated today that will remain in service through 2030 or beyond creates HNDL exposure.
- Monitor NIST and national cybersecurity agency guidance — the standards environment is still developing; FIPS 206 (FALCON-based digital signatures) is still being finalised, and new algorithms continue to be evaluated.
Key Terms Explained
Qubit — The basic unit of quantum information, analogous to a classical bit. Unlike a bit, which is either 0 or 1, a qubit can exist in a superposition of both states simultaneously until measured.
Superposition — The quantum mechanical property that allows a qubit to be in multiple states at once. This enables quantum computers to explore many possible solutions simultaneously.
Shor’s Algorithm — A quantum algorithm published in 1994 by Peter Shor that can factor large integers and compute discrete logarithms exponentially faster than any classical algorithm. Its existence means a sufficiently powerful quantum computer would completely break RSA, ECC, and Diffie-Hellman encryption.
Grover’s Algorithm — A quantum algorithm that speeds up searching through unsorted data. It halves the effective security of symmetric encryption (like AES) but does not break it — AES-256 remains safe.
Cryptographically Relevant Quantum Computer (CRQC) — A quantum computer powerful enough to actually break currently deployed encryption standards. No CRQC exists today. The debate is about when one will exist.
Q-Day — The hypothetical future date on which a cryptographically relevant quantum computer first breaks widely used encryption. Unlike Y2K, Q-Day may not be immediately obvious — it could occur in a classified programme before any public announcement.
Harvest Now, Decrypt Later (HNDL) — A strategy in which an adversary intercepts and stores encrypted communications today, intending to decrypt them once quantum computing matures. This threat is considered active now.
Post-Quantum Cryptography (PQC) — A new generation of cryptographic algorithms designed to be resistant to quantum computer attacks. Based on mathematical problems — such as lattice problems and hash functions — that quantum computers cannot solve efficiently.
Logical Qubit — An error-corrected qubit formed by combining multiple physical qubits. Logical qubits are far more reliable than physical qubits and are necessary for running complex algorithms like Shor’s algorithm at scale.
Fault-Tolerant Quantum Computing — The ability to perform long, complex quantum computations without errors accumulating to the point where the result is meaningless. Considered the key milestone between current NISQ-era machines and cryptographically relevant quantum computers.
ML-KEM (FIPS 203) — The primary post-quantum encryption standard published by NIST in August 2024, based on the difficulty of solving problems in high-dimensional mathematical lattices. The recommended replacement for RSA in key exchange applications.
Mosca’s Theorem — A framework for calculating post-quantum migration urgency: if the time data needs to remain secure (X) plus the migration time (Y) exceeds the estimated time until a CRQC exists (Z), the organisation’s data is already at risk.
Sources and References
- Quantum Economic Development Consortium (QED-C) — State of the Global Quantum Industry 2026 Report, April 14, 2026. Covered by The Quantum Insider. Available at: thequantuminsider.com
- Forrester Research — Practical Quantum Computing By 2030 Is Likely — And So Is Q-Day, March 12, 2026. Available at: forrester.com
- IBM Newsroom — IBM Delivers New Quantum Processors, Software, and Algorithm Breakthroughs on Path to Advantage and Fault Tolerance, November 12, 2025. Available at: newsroom.ibm.com
- The Quantum Insider — Q-Day Just Got Closer: Three Papers in Three Months Are Rewriting the Quantum Threat Timeline, March 31, 2026. Available at: thequantuminsider.com
- Nomios — What Is the Quantum Computing Threat to Today’s Encryption?, December 17, 2025. Available at: nomios.com
- CNBC — What Google’s Quantum Computing Chip Willow Means for Bitcoin’s Future, December 22, 2024. Available at: cnbc.com
- Guptadeepak.com — Quantum Computing Threat 2026: Harvest Now Decrypt Later Explained, March 24, 2026. Available at: guptadeepak.com
- Citi Institute — The Trillion-Dollar Security Race Is On: The Quantum Threat, January 2026. Available at: citigroup.com (PDF)
- Federal Reserve Board — “Harvest Now, Decrypt Later”: Examining Post-Quantum Cryptography and the Data Privacy Risks for Distributed Ledger Networks, September 2025. Available at: federalreserve.gov
- The Quantum Insider — Quantum Security: Threats, Solutions, and the Race to Protect Data (Vanderbilt Quantum Forum, April 2026), April 27, 2026. Available at: thequantuminsider.com
- Blanco-Romero et al. — On the Practical Feasibility of Harvest-Now, Decrypt-Later Attacks, arXiv, March 3, 2026. Available at: arxiv.org
- The Quantum Insider / US-China Economic and Security Review Commission — U.S. Commission on China Calls for ‘Quantum First’ National Goal by 2030, November 18, 2025. Available at: thequantuminsider.com
- CKGSB Knowledge — China’s Quantum Computing Strategy, December 2, 2025. Available at: english.ckgsb.edu.cn
- Royal United Services Institute (RUSI) — Export Controls Accelerate China’s Quantum Supply Chain, 2025. Available at: rusi.org
- US-China Economic and Security Review Commission — Vying for Quantum Supremacy: U.S.-China Competition in Quantum Technologies, November 18, 2025. Available at: uscc.gov
- National Institute of Standards and Technology (NIST) — NIST Releases First 3 Finalized Post-Quantum Encryption Standards, August 13, 2024. Available at: nist.gov
- National Institute of Standards and Technology (NIST) — NIST Selects HQC as Fifth Algorithm for Post-Quantum Encryption, March 2025. Available at: nist.gov
- Integrity360 — Quantum Computing and Encryption: How Q-Day Could Redefine Cyber Security, November 10, 2025. Available at: insights.integrity360.com
- Cloudflare Blog — Post-Quantum Roadmap: Cloudflare Targets 2029 for Full Post-Quantum Security, May 2026. Available at: blog.cloudflare.com
Published on pakguard.online — Malaysia’s independent portal for private security industry professionals.
This article is for informational and analytical purposes. All figures and statistics are sourced from publicly available reports and have been verified as of May 2026.
