You probably don't think much about encryption when you check your bank balance or send an email. But right now, someone might be recording that encrypted traffic—not to read it today, but to crack it open a decade from now. Welcome to the strange world of quantum computing threats, where the future reaches back to compromise the present.
The Math That Keeps Secrets Safe (For Now)
Most internet security relies on a simple trick: multiplication is easy, but factoring is hard. Take two massive prime numbers, multiply them together, and you get a number so large that even supercomputers would need millions of years to reverse the process. This mathematical one-way street powers RSA encryption, which secures everything from online banking to digital signatures.
RSA-2048, the current standard, uses a 617-digit number. Breaking it means finding which two prime numbers, when multiplied, produce that enormous result. Classical computers must essentially guess-and-check, trying combinations until they stumble on the answer.
Quantum computers approach this differently. Using an algorithm Peter Shor published in 1994, they can solve factoring problems exponentially faster than any conventional machine. Instead of millions of years, we're talking days.
The Timeline Just Got Shorter
Here's where things get uncomfortable. In 2012, experts estimated you'd need a billion physical qubits—quantum computing's basic units—to break RSA-2048. By 2019, that estimate dropped to 20 million qubits.
Then in May 2025, Google Quantum AI researcher Craig Gidney published new calculations. His estimate: fewer than one million noisy qubits could crack RSA-2048 in under a week.
That's a 20-fold reduction in just six years.
What changed? Three technical breakthroughs made quantum attacks more efficient. First, researchers developed algorithms using approximate arithmetic rather than exact calculations, requiring far less computational overhead. Second, Google improved error correction by tripling the storage density of idle qubits through a second correction layer. Third, techniques like "magic state cultivation" reduced the workspace needed for basic quantum operations.
Today's quantum computers only have 100 to 1,000 qubits. We're still years away from the million-qubit threshold. But the gap is closing faster than anyone expected.
Store Now, Decrypt Later
Even if quantum computers capable of breaking encryption don't arrive for another decade, the threat is immediate. Intelligence agencies and sophisticated criminals are already collecting encrypted data in what security experts call "harvest now, decrypt later" attacks.
Medical records, financial data, government communications—anything that needs to stay confidential for years is at risk. Your encrypted email from today could be readable in 2035. For information with long-term sensitivity, the clock is already ticking.
This isn't speculation. Multiple security experts and government agencies have confirmed such collection efforts are underway.
The New Math of Security
In August 2024, after eight years of work, the National Institute of Standards and Technology (NIST) released three new encryption standards designed to withstand both conventional and quantum attacks.
NIST evaluated 82 algorithms submitted from 25 countries. The winners use entirely different mathematical foundations than current encryption. Instead of factoring prime numbers, they rely on problems involving lattice structures and hash functions—mathematical puzzles that would stymie quantum computers just as effectively as conventional ones.
The three standards serve different purposes:
ML-KEM (derived from an algorithm called CRYSTALS-KYBER) helps two parties establish a shared secret key over an insecure channel. This is what happens when your browser first connects to a secure website.
ML-DSA (from CRYSTALS-Dilithium) provides digital signatures to verify that messages haven't been tampered with and come from who they claim to.
SLH-DSA (from SPHINCS+) offers an alternative signature method using hash functions, providing a backup if lattice-based approaches encounter problems.
NIST is developing additional standards, including one based on FALCON, to ensure no single mathematical approach becomes a single point of failure.
The Migration Challenge
Understanding post-quantum cryptography is one thing. Actually deploying it across billions of devices and millions of websites is another.
NIST recommends organizations begin integration immediately, though they acknowledge full adoption will take years. Their draft timeline suggests vulnerable systems should be deprecated after 2030 and prohibited after 2035.
That might sound like plenty of time, but consider what migration involves. Every device, application, and protocol that uses encryption needs updates. Some older systems can't be updated at all and must be replaced. Organizations need to inventory their cryptographic systems, test compatibility, train staff, and coordinate changes across complex infrastructure.
Google has started the transition, encrypting Chrome traffic with post-quantum methods and using the new standards for internal communications. Other tech companies are following suit. But millions of smaller organizations haven't begun.
The good news: symmetric encryption—the kind used for encrypting stored data—isn't threatened by quantum computers. If you encrypt a file at rest using AES-256, quantum computing doesn't help attackers. The problem is specifically with asymmetric encryption used for key exchange and digital signatures.
What Happens Next
The quantum threat creates an unusual situation. We know roughly what the danger is and approximately when it might arrive. We have solutions ready to deploy. What we lack is urgency.
Many organizations treat this as a future problem. But with adversaries already collecting encrypted data and quantum capabilities advancing faster than predicted, "future problem" is rapidly becoming "current crisis."
The transition to post-quantum cryptography will be messy. Some implementations will fail. Attackers will target organizations that delay migration. We'll discover vulnerabilities in new algorithms that seemed secure in testing.
But the alternative—waiting until quantum computers can break current encryption—is worse. Once that threshold is crossed, years of supposedly secure communications become readable. Backdating that exposure is impossible.
The race isn't against quantum computers themselves. It's against the accumulated encrypted data sitting in servers around the world, waiting for the mathematical breakthrough that renders today's locks useless. Every day organizations delay migration, that pile grows larger.
The math that kept our secrets safe for decades is approaching its expiration date. The replacement math exists. Now comes the hard part: actually making the switch before time runs out.