In 1994, Peter Shor wrote down a series of equations that would eventually threaten every secure transaction on the internet. The mathematician had discovered an algorithm that, if run on a quantum computer, could crack the encryption protecting your bank account, your medical records, and classified government communications. Thirty-two years later, we're finally close enough to quantum computers powerful enough to execute Shor's algorithm that governments and tech companies are scrambling to rebuild the internet's security infrastructure before it's too late.

The Math Problem That Protects Your Credit Card

RSA encryption, the security backbone of online banking and e-commerce, relies on a deceptively simple premise: multiplying two large prime numbers is easy, but working backwards to find those original primes is absurdly difficult. Take the number 15. You can quickly figure out it's 3 times 5. Now try the same with a 617-digit number. A conventional computer would need longer than the age of the universe to factor it.

This mathematical asymmetry is why you can safely enter your credit card number on Amazon. When your browser creates a secure connection, it uses RSA encryption with 2048-bit keys—numbers so large that Google's calculator rounds 2^2048 to "infinity." No traditional computer can crack these keys in any reasonable timeframe.

Quantum computers don't play by the same rules. Shor's algorithm exploits quantum mechanics to test multiple factorization possibilities simultaneously. What would take classical computers millennia becomes theoretically achievable in hours.

Where Quantum Computing Actually Stands

The gap between theory and practice remains enormous. In 2001, IBM successfully used a 7-qubit quantum computer to factor 15 into 3 times 5—demonstrating the concept but hardly threatening global security. By May 2024, researchers at Shanghai University managed to factor 50-bit integers using quantum-classical hybrid systems. Modern RSA uses 2048-bit keys. The difficulty increases exponentially with each additional bit.

Today's most powerful quantum computers have just surpassed 1,000 qubits, and they can only maintain stable operation for one or two milliseconds before quantum decoherence—essentially quantum noise—destroys their calculations. Breaking a single 2048-bit RSA key would require an estimated 20 million qubits running for eight hours.

That estimate dropped dramatically in February 2026 when new research reduced the requirement tenfold. Suddenly, "only" 100,000 qubits stood between current quantum computers and breaking RSA. The word "only" does heavy lifting here—that's still roughly 100 times more qubits than exist in today's most advanced machines. But the direction of travel is clear.

The Data Someone's Collecting Right Now

The most insidious threat isn't about cracking today's encrypted communications today. It's about cracking them tomorrow.

Intelligence agencies and sophisticated cybercriminals are already executing "harvest now, decrypt later" attacks. They're vacuuming up encrypted data transmissions and storing them, betting that quantum computers will eventually decrypt everything. Your encrypted message to your doctor about a sensitive health condition might be secure today. In 2035, it might not be.

This threat particularly endangers information with long shelf lives: government secrets, corporate research, financial records, and anything personally compromising. The encryption protecting that data needs to outlast its sensitivity. For some secrets, ten years isn't long enough.

NIST's Eight-Year Race Against Time

The National Institute of Standards and Technology saw this coming. In 2016, they launched a global competition to develop quantum-resistant encryption algorithms. The challenge: create cryptographic systems based on mathematical problems that would stymie both conventional and quantum computers.

Eighty-two algorithms from 25 countries entered the competition. After eight years of rigorous testing, NIST released the first three finalized post-quantum encryption standards on August 13, 2024: FIPS 203, 204, and 205. Unlike RSA's reliance on prime factorization, these algorithms use different mathematical structures that Shor's algorithm can't crack.

NIST immediately urged system administrators to begin transitioning to the new standards, acknowledging that full integration across the internet would take years. Google set an internal deadline of 2029 to complete its migration. The message was clear: start now, before quantum computers arrive.

When the Threat Actually Arrives

Most experts predict a cryptographically-relevant quantum computer—one capable of breaking RSA—could emerge within a decade, by the mid-2030s. NIST states that 2048-bit RSA keys should remain secure through at least 2030. As an interim measure, modern browsers already support 4096-bit RSA keys, which would require even more quantum computing power to crack.

The timeline contains considerable uncertainty. Quantum error correction remains a massive technical obstacle. The qubits that perform calculations are different from the qubits needed to correct errors, and current estimates suggest millions of physical qubits will be necessary to create enough error-corrected "logical" qubits to run Shor's algorithm effectively.

But uncertainty cuts both ways. Classical computers factored a 330-bit RSA key more than 30 years ago. Quantum computing has been progressing faster than many anticipated, and breakthroughs in error correction or algorithm efficiency could accelerate the timeline dramatically.

Rebuilding the Internet Before It Breaks

The transition to post-quantum cryptography represents one of the largest coordinated technical migrations in internet history. Every secure website, every encrypted messaging app, every VPN, every banking system needs updating. The cryptographic libraries embedded in billions of devices need replacing.

This isn't a problem that gets solved with a software update. Many embedded systems—industrial controllers, medical devices, infrastructure components—will never receive updates. They'll remain vulnerable or need physical replacement. The cost runs into trillions of dollars globally.

NIST continues evaluating roughly 15 backup algorithms, preparing for the possibility that someone discovers a quantum algorithm that cracks the newly standardized encryption. The fourth and final standard arrived in late 2024, but the work of hardening the internet against quantum attacks will continue for decades.

Shor's algorithm hasn't broken the internet yet. But the fact that it exists—that we know with mathematical certainty that quantum computers will eventually break RSA—has already changed how we build digital security. The race isn't to beat quantum computers. It's to finish rebuilding before they arrive.