The mathematics protecting your bank account, medical records, and classified government communications rests on a simple assumption: certain problems take too long to solve. Breaking RSA-2048 encryption with today's supercomputers would require thousands of years. A sufficiently powerful quantum computer could do it in hours.
On August 13, 2024, the National Institute of Standards and Technology released three new encryption standards specifically designed to survive the quantum era. The timing wasn't arbitrary. After an eight-year evaluation of 82 algorithms from 25 countries, NIST concluded that organizations needed to start protecting themselves now—not when quantum computers actually arrive.
The Clock Started Years Ago
The threat isn't waiting for quantum computers to mature. Nation-states and sophisticated adversaries are already harvesting encrypted data under a strategy called "harvest now, decrypt later." They're collecting everything—HTTPS traffic, VPN communications, encrypted emails—and storing it for the day when quantum machines can crack it open like a piñata.
This makes the timeline particularly uncomfortable. Gartner predicts RSA and elliptic curve cryptography will become unsafe by 2029 and potentially broken by 2034. NIST suggests cryptographically relevant quantum computers could appear within a decade. If you're transmitting sensitive information today that needs to stay secret for 10 years, you're already in the danger zone.
The mathematics behind this threat date back to the 1990s. Peter Shor developed an algorithm in 1994 that allows quantum computers to factor large numbers exponentially faster than classical computers—the exact problem RSA encryption depends on being hard. Lov Grover's 1996 algorithm effectively halves the security of symmetric encryption like AES, turning AES-128's security into something equivalent to a 64-bit key.
What changed isn't the theory. It's that quantum hardware is finally catching up to the algorithms.
When Theory Meets Silicon
Google achieved quantum supremacy in October 2019, solving a specific mathematical problem faster than the world's fastest supercomputer. The milestone was significant not because the problem mattered, but because it demonstrated quantum advantage was real, not theoretical.
As of 2025, IBM, Google, and IonQ operate quantum processors with a few hundred physical qubits—the quantum equivalent of bits that can exist in superposition, representing both 0 and 1 simultaneously. Breaking RSA-2048 requires millions or billions of error-corrected qubits, a threshold we haven't reached. The gap between current hardware and cryptographically relevant quantum computers remains substantial.
Then Chinese researchers reported in October 2024 that they'd successfully attacked RSA encryption using D-Wave quantum computers. Published in the Chinese Journal of Computers, the research represented one of the first practical demonstrations that quantum computers could threaten real encryption, not just theoretical constructs.
The technical details matter less than the trajectory. Quantum error correction remains the major bottleneck, but it's an engineering challenge, not a physics impossibility. The question isn't whether quantum computers will break current encryption, but when.
The New Mathematics of Security
NIST's three new standards—ML-KEM, ML-DSA, and SLH-DSA—rest on different mathematical foundations than RSA or elliptic curves. They're based on problems involving lattices and hash functions that appear resistant to both classical and quantum attacks.
The "appear" matters. Cryptography has a history of seemingly unbreakable systems falling to unexpected attacks. NIST selected these algorithms after extensive public review, but they're also keeping two additional sets of backup algorithms in evaluation. The agency knows it might be wrong.
Dustin Moody, a NIST mathematician, urged organizations to "start integrating [new standards] into their systems immediately." The transition won't be quick or cheap. Every system that currently uses RSA or elliptic curve cryptography—which is essentially everything that communicates securely on the internet—needs updating.
That includes HTTPS web traffic, digital signatures, email, VPNs, blockchain transactions, software updates, and authentication systems. Financial services, healthcare, government infrastructure, and national security systems all depend on encryption that quantum computers will eventually break.
The scope explains why President Biden issued National Security Memorandum 10 in May 2022, setting a goal to mitigate quantum risk by 2035. Even with a firm deadline and government mandate, the timeline stretches over a decade.
No Secret Weapons
One silver lining: we'll probably see it coming. Despite concerns about secret quantum breakthroughs, experts consider it extremely unlikely any organization will develop a cryptographically relevant quantum computer in secrecy. The commercial competition, supply chain requirements, and specialized workforce needed make stealth development nearly impossible.
When Google achieved quantum supremacy, a NASA employee accidentally posted the draft article a month early. The leak illustrates how difficult keeping quantum breakthroughs secret has become in an era of global collaboration and competition.
The National Security Agency stated that "the impact of adversarial use of a quantum computer could be devastating to National Security Systems and our nation." Coming from an agency not known for public alarm, the warning carries weight.
The Awkward Decade Ahead
We're entering a strange period where old encryption is doomed but still functional, and new encryption is available but not widely deployed. Organizations face a choice: spend resources now to protect against a threat that might materialize in five years, or wait and risk having their current communications decrypted retroactively.
For most data, the calculation is simple. Credit card numbers are useless after they expire. But state secrets, medical records, intellectual property, and personal communications have longer shelf lives. The data being encrypted today could still matter in 2035.
The transition to post-quantum cryptography will be long, complicated, and expensive. But it's already begun. The encryption standards designed to last decades are being replaced by standards designed to survive quantum computers that don't quite exist yet. It's a rare moment when we can see the technological cliff ahead and actually have time to change course before driving over it.