Quantum Computing Threats to Cryptography: Projected Timeline

Bitcoin Faces Quantum Reckoning as Experts Warn of Imminent Security Crisis While Bitcoin conferences buzz with bullish optimism, behind closed doors, the tone among cryptographers and cybersecurity leaders is far more sober. At a private gathering during the Bitcoin 2025 event in Las Vegas, experts warned that quantum computing is no longer a distant threat—it is an approaching crisis that could undermine the very foundation of Bitcoin’s security model. Why Quantum Poses an Existential Threat • Bitcoin’s current cryptographic infrastructure—particularly its public-private key pairs—relies on algorithms like ECDSA (Elliptic Curve Digital Signature Algorithm), which are vulnerable to Shor’s algorithm, a quantum computing method capable of breaking them. • If a sufficiently powerful quantum computer emerges, it could reverse-engineer private keys from public addresses, enabling bad actors to seize control of any wallet ever used to send funds. • Such an attack could result in a flood of dormant or “lost” Bitcoin suddenly re-entering the market, causing trust to plummet and prices to collapse. Experts Sound the Alarm • Jameson Lopp, CTO of Casa, emphasized the urgency: “Timelines are getting compressed. It’s difficult to say that we have decades anymore.” • The concern is not just technical but organizational—Bitcoin’s decentralized governance means that reaching consensus on a quantum-safe transition may take years, potentially longer than the time left to act. How Much Time Does Bitcoin Have? • While estimates vary, many now believe Bitcoin has less than a decade, and possibly just five to seven years, before post-quantum threats become actionable. • This timeframe is based on recent projections that quantum computers could achieve the capacity (e.g., ~1 million physical qubits) necessary to break existing cryptographic defenses. What Can Be Done? • The Bitcoin community must agree on a protocol-level upgrade to transition from vulnerable algorithms to quantum-resistant cryptography, such as those under development by NIST’s post-quantum cryptography program. • Contingency plans include: • Upgrading wallet software to generate quantum-safe keys. • Implementing hybrid signature schemes that combine classical and post-quantum protections. A Decentralized Dilemma • The challenge is as much about consensus-building as it is about cryptography. Without centralized leadership, Bitcoin’s upgrade path depends on widespread agreement—a notoriously slow and contentious process. • The longer Bitcoin waits to act, the more exposed early wallets (and the network as a whole) become to catastrophic exploitation. Bitcoin was designed to be resilient—but not immutable. If it fails to evolve before quantum capabilities arrive, the very decentralization that fuels its strength could become its Achilles’ heel. Keith King https://lnkd.in/gHPvUttw

Three weeks ago, our Devsinc security architect, walked into my office with a chilling demonstration. Using quantum simulation software, she showed how RSA-2048 encryption – the same standard protecting billions of transactions daily – could theoretically be cracked in just 24 hours by a sufficiently powerful quantum computer. What took her classical computer billions of years to attempt, quantum algorithms could solve before tomorrow's sunrise. That moment crystallized a truth I've been grappling with: we're not just approaching a technological evolution; we're racing toward a cryptographic apocalypse. The quantum computing market tells a story of inevitable disruption, surging from $1.44 billion in 2025 to an expected $16.22 billion by 2034 – a staggering 30.88% CAGR that signals more than market enthusiasm. Research shows a 17-34% probability that cryptographically relevant quantum computers will exist by 2034, climbing to 79% by 2044. But here's what keeps me awake at night: adversaries are already employing "harvest now, decrypt later" strategies, collecting our encrypted data today to unlock tomorrow. For my fellow CTOs and CIOs: the U.S. National Security Memorandum 10 mandates full migration to post-quantum cryptography by 2035, with some agencies required to transition by 2030. This isn't optional. Ninety-five percent of cybersecurity experts rate quantum's threat to current systems as "very high," yet only 25% of organizations are actively addressing this in their risk management strategies. To the brilliant minds entering our industry: this represents the greatest cybersecurity challenge and opportunity of our generation. While quantum computing promises revolutionary advances in drug discovery, optimization, and AI, it simultaneously threatens the cryptographic foundation of our digital world. The demand for quantum-safe solutions will create entirely new career paths and industries. What moves me most is the democratizing potential of this challenge. Whether you're building solutions in Silicon Valley or Lahore, the quantum threat affects us all equally – and so does the opportunity to solve it. Post-quantum cryptography isn't just about surviving disruption; it's about architecting the secure digital infrastructure that will power humanity's next chapter. The countdown has begun. The question isn't whether quantum will break our current security – it's whether we'll be ready when it does.

🛡️ The Quantum Clock is Ticking quietly: Is Your Financial Infrastructure Ready? The financial industry is built on a foundation of digital trust, currently secured by #cryptographic standards like RSA and ECC. However, the rise of Cryptographically Relevant Quantum Computers (CRQC) poses an existential threat to this foundation. As we navigate this transition, here are 3 key pillars from the latest Mastercard R&D white paper that every financial leader must prioritize: 1. Addressing the 'Harvest Now, Decrypt Later' (HNDL) Threat 📥 Malicious actors are already intercepting and storing sensitive #encrypted data today, intending to decrypt it once powerful quantum computers are available. Financial Use Case: Protecting long-term assets such as credit histories, investment records, and loan documents. Unlike transient transaction data (which uses dynamic cryptograms), this "shelf-life" data requires immediate risk analysis and the adoption of quantum-safe encryption for back-end systems. 2. Quantum Resource Estimation & The 10-Year Horizon ⏳ While a CRQC capable of breaking RSA-2048 in hours might be 10 to 20 years away, the migration process itself will take years. Financial Use Case: Developing Agile Cryptography Plans. Financial institutions should set "action alarms" for instance, once a quantum computer reaches 10,000 qubits, a pre-prepared 10-year migration plan must be triggered to ensure infrastructure is updated before the "meteor strike" occurs. 3. Hybrid Implementations: The Bridge to Security 🌉 The transition won't happen overnight. The paper highlights the importance of Hybrid Key Encapsulation Mechanisms (KEM), which combine classical security with PQC. Financial Use Case: Enhancing TLS 1.3 and OpenSSL 3.5 protocols. By implementing hybrid models now, banks can protect against current quantum threats (like HNDL) while maintaining compatibility with existing classical systems, ensuring a smooth and safe transition. The Bottom Line: A reactive approach is no longer an option. Early adopters who evaluate their data's "time value" and begin the migration today will be the ones to maintain resilience and protect global financial assets tomorrow. #QuantumComputing #PostQuantumCryptography #FinTech #CyberSecurity #DigitalTrust #MastercardResearch

Today was the most significant day for quantum cryptanalysis in years. Two papers published on the same day – same conclusion. Paper 1: Google Quantum AI showed that breaking the ECC protecting Bitcoin and Ethereum requires fewer than 500,000 superconducting qubits and approximately 9 minutes. A 10x reduction in spacetime volume over prior estimates. Verified by a zero-knowledge proof. My analysis: https://lnkd.in/ep2mHJte Paper 2: A team from Oratomic, Caltech, and UC Berkeley showed that the same algorithm runs on as few as 10,000 neutral atom qubits. Fifty times fewer qubits. But days instead of minutes. My analysis: https://lnkd.in/esrKWs56 The TL;DR: breaking cryptocurrency cryptography now has two credible paths. A fast one (superconducting, 500K qubits, minutes - threatens active transactions) and a small one (neutral atoms, 10K–26K qubits, days - threatens dormant wallets and exposed keys). The two papers are not independent. Oratomic's resource estimates build directly on Google's newly published circuit optimizations. Does this bring Q-Day closer? Honestly, not in an absolute sense. Nobody built a 500,000-qubit superconducting machine or a 26,000-atom neutral atom computer overnight. The hard engineering problems remain hard. But that's not the real story. The real story is that the million-qubit comfort margin is dead. A year ago, the standard mental model was "breaking crypto requires millions of qubits, we have decades." Today, we have four independent papers - Gidney (2025), Pinnacle (2026), Google (2026), and now Oratomic (2026) - showing credible paths ranging from 10,000 to 1,000,000 physical qubits across multiple hardware modalities. The diversity of viable architectures is itself the threat. And ECC falls before RSA on every architecture. Google needs half the qubits for ECC-256 that Gidney needs for RSA-2048. Oratomic needs 10,000 qubits for ECC versus 102,000 for RSA. Two papers. Two architectures. One conclusion: the migration to post-quantum cryptography is not a future planning exercise. It is an operational imperative. #PostQuantumCryptography #QuantumComputing #Bitcoin #Ethereum #Cybersecurity #PQC #PostQuantum #QuantumSecurity

Quantum computing is moving from "science fiction" to "business reality" faster than most predicted. Two recent papers have fundamentally shifted the timeline for when we need to care about Quantum-Safe security: 1️⃣ The "10,000 Qubits" Milestone: New research shows that we can execute Shor’s algorithm—the math that breaks today’s encryption—with far fewer resources than previously thought. By using reconfigurable atomic qubits, the hardware requirements for cracking RSA-2048 have dropped by nearly 20x. 2️⃣ The "9-Minute" Crypto Warning: Google’s latest whitepaper highlights a terrifying reality for digital assets. Under advanced quantum scenarios, the encryption protecting a cryptocurrency wallet could be cracked in under 10 minutes. This puts billions in "dormant" assets at immediate risk of "at-rest" attacks. The Bottom Line: The "Q-Day" window is shrinking. It’s no longer about if a quantum computer can break your encryption, but when your current migration timeline will run out. How do we respond? We can't just flip a switch on "Q-Day." For many organizations, becoming quantum safe is a multi-year journey. This is where Palo Alto Networks Quantum-Safe Security comes in. Instead of a manual, multi-year overhaul, we provide a path to Agentic Resilience: - Continuous Discovery: It automatically maps your "cryptographic bill of materials" (CBOM), identifying exactly where vulnerable RSA and ECC algorithms are hiding in your network. - Risk Prioritization: It correlates your encryption strength with business criticality, telling you exactly which high-value assets need to move to Post-Quantum Cryptography (PQC) first. - Real-Time Remediation: For legacy systems that can’t be easily upgraded, a "Quantum-Safe Proxy" re-encrypts vulnerable traffic into post-quantum algorithms (like ML-KEM) at the network edge. The transition to a quantum-safe future is a marathon, but the starting gun has already fired. Learn how to take your first steps at the link in the comments.

From a friend... 'Today, almost all data on the Internet, including bank transactions, medical records, and secure chats, is protected with an encryption scheme called RSA (named after its creators Rivest, Shamir, and Adleman). This scheme is based on a simple fact—it is virtually impossible to calculate the prime factors of a large number in a reasonable amount of time, even on the world’s most powerful supercomputer. Unfortunately, large quantum computers, if and when they are built, would find this task a breeze, thus undermining the security of the entire Internet. Luckily, quantum computers are only better than classical ones at a select class of problems, and there are plenty of encryption schemes where quantum computers don’t offer any advantage. Today, the U.S. National Institute of Standards and Technology (NIST) announced the standardization of three post-quantum cryptography encryption schemes. With these standards in hand, NIST is encouraging computer system administrators to begin transitioning to post-quantum security as soon as possible... ...Most experts believe large-scale quantum computers won’t be built for at least another decade. So why is NIST worried about this now? There are two main reasons. First, many devices that use RSA security, like cars and some IoT devices, are expected to remain in use for at least a decade. So they need to be equipped with quantum-safe cryptography before they are released into the field. Second, a nefarious individual could potentially download and store encrypted data today, and decrypt it once a large enough quantum computer comes online. This concept is called “harvest now, decrypt later“ and by its nature, it poses a threat to sensitive data now, even if that data can only be cracked in the future.' https://lnkd.in/gxsczMAY

🔐 A cryptography wake-up call! Last week brought a reality check for quantum computing timelines. Two research groups announced advances that could enable machines capable of breaking RSA and elliptic curve cryptography much sooner than expected. Google Quantum AI announced updated resource estimates for breaking 256-bit elliptic curve cryptography, the backbone of Bitcoin, Ethereum, and much of modern blockchain security. Their new circuits require fewer than 500,000 physical qubits on superconducting architectures, offering roughly a 20x improvement over previous estimates. Impressively, the team estimates a superconducting computer could derive a private key in under 9 minutes, fast enough to intercept a Bitcoin transaction before it's recorded on-chain. Separately, researchers from Oratomic and Caltech showed that Shor's algorithm could run at cryptographically relevant scales with as few as 10,000 reconfigurable neutral-atom qubits, two orders of magnitude below earlier estimates for such platforms. At ~26,000 qubits, they project 256-bit elliptic curve cryptography could be broken in about 10 days. Neither paper claims a cryptographically relevant quantum computer exists today, and both acknowledge that significant engineering challenges persist. Nonetheless, both advances signify genuine algorithmic and architectural progress beyond small, incremental updates. What I find most notable is the convergence of better error-correcting codes, more efficient logical operations, and optimized circuit design, each improving simultaneously. As a result, resource requirements for cryptographic relevance continue to shrink. This phenomenon should serve as a call to action for the post-quantum cryptography transition. I am curious to hear from others in the community: What is your read on the current quantum cryptographic timeline and where do you see the biggest bottlenecks in a full PQC transition? Google Oratomic #Physics #Cryptography #Quantum #QuantumComputing #Science

The UK’s National Cyber Security Centre just issued a quiet but critical wake-up call: quantum computing isn’t science fiction anymore — it’s a looming reality with the power to break today’s encryption standards. As someone who follows cybersecurity and tech trends closely, this stood out to me. The NCSC is urging large organisations — especially in energy, transport, and other critical sectors — to start preparing now to migrate to post-quantum cryptography. Why the urgency? Because once quantum machines mature, they’ll be able to crack public key encryption at a speed today’s systems aren’t built to defend against. Their guidance outlines a 10-year roadmap, with milestones in 2028, 2031, and full readiness by 2035. That sounds far off — until you consider how long it takes to upgrade legacy infrastructure and secure bespoke IT systems. We don’t know the exact timeline for a quantum breakthrough, but waiting for it to happen before acting would be a mistake. Is your org already thinking about this shift? How are you preparing for a post-quantum world? #cybersecurity #quantum #technology https://lnkd.in/d-jUCRPS

By 2035, quantum computers could break today’s RSA/ECC, threatening everything from over-the-air updates to payments, V2X, charging, telematics, and dealer systems. And “harvest-now, decrypt-later” means data we encrypt today may be readable tomorrow. Thankfully, there’s a path forward with Post-Quantum Cryptography (PQC). So here's what we’re doing (and what I recommend): 1️⃣ Prioritize what matters: Classify apps/data by sensitivity & lifespan (vehicles, keys, firmware, contracts). Tackle the critical 10% first. 2️⃣ Start pilots now: Stand up PQC for key exchange and signatures (NIST picks: CRYSTALS-Kyber, Dilithium, plus FALCON/SPHINCS+ where appropriate). Wrap legacy with interim controls where upgrades aren’t yet feasible. 3️⃣ Engineer for the edge/IoT: Plan for constrained ECUs and long service lives; align PQC with model year cycles and sunset plans to avoid hardware rip-and-replace. 4️⃣ Educate & govern: A cross-functional council (CISO, engineering, legal, procurement) to drive roadmap, metrics, and auditability. Quantum risk isn’t a future storm; it’s a countdown. Organizations that move now will secure their platforms and earn customer trust in the next digital economy. #Cybersecurity #PQC #RiskManagement 📸: BCG

Reading A Practitioner’s Guide to Post-Quantum Cryptography from the Cloud Security Alliance made me pause. It highlights something many organizations still underestimate very often: modern cryptography was not designed for a future with cryptographically relevant quantum computers (CRQCs). This threat is also not theoretical. The risk comes from Store Now, Decrypt Later attacks, where encrypted data can be harvested today and broken once quantum capabilities mature. Time, not just technology, becomes the critical risk factor. Key highlights from the guide • Shor’s and Grover’s quantum algorithms threaten most public-key cryptography in use today, including RSA, Diffie-Hellman, and elliptic-curve algorithms • CRQCs may emerge by the early 2030s, putting long-term-value data at risk even if systems are secure today • Data confidentiality and integrity are both impacted by Store Now, Decrypt Later attacks • NIST published post-quantum cryptography standards in 2024 (FIPS-203, FIPS-204, FIPS-205), but enterprise adoption will take time and investment • Risk assessment must begin by identifying which data assets still hold value at “Q-Day,” not by blanket cryptographic replacement Who should take note • Security leaders responsible for long-term data protection strategies • Architects managing encryption for data at rest, data in transit, and non-repudiation • Compliance and governance teams evaluating regulatory and sector-specific quantum readiness requirements • Engineering teams responsible for cryptographic libraries, TLS, VPNs, KMS, and certificate management Why this matters Unlike most cyber threats, quantum risk is driven by time. Data intercepted today may be compromised years later. If enterprises wait until CRQCs arrive, it will already be too late for data with long-term value. At the same time, mitigation is costly, complex, and not yet fully supported by mainstream products. The path forward The guide emphasizes starting with disciplined risk assessment, identifying vulnerable cryptographic functions, and mapping technology components before committing to mitigation. Enterprises should periodically reassess risk, track technology maturity, and align mitigation efforts with CSA Cloud Controls Matrix guidance rather than rushing into premature or unnecessary changes.