Quantum Threats to Encryption Scalability

Right on the heels of RSAC from last week, this paper that dropped yesterday should be on everyone's radar. It accelerates the quantum threat timeline in a significant way. Breaking RSA or ECC encryption with a quantum computer requires running something called Shor's algorithm at scale. The biggest question has always been around how many physical qubits you need to run Shor’s. For years that number was in the millions, which made the threat feel distant. The 2021 Gidney-Ekera paper, the prior gold standard, put it at ~20 million qubits. Yesterday, a team from Caltech and Oratomic, including John Preskill, one of the architects of quantum error correction, published a paper bringing that number down to 10,000–14,000 physical qubits on a neutral-atom architecture. For context: some neutral-atom labs have already demonstrated arrays of 6,100 qubits. Which means that the gap between theory and practice just went from roughly 3,000x to about 2x. 2𝐗!! What happened? This is all due to better error-correcting codes that pack more logical qubits into the same physical hardware, combined with reconfigurable atomic architectures. The result is a 2,000x reduction in qubit requirements over the prior gold standard. Runtime for this is still ~10 days and not minutes. So this isn’t like “oh, RSA is broken today in real-time”. But there are 3 bullets that make this urgent: - The "harvest now, decrypt later" threat is now active and real. Adversaries are collecting encrypted traffic now, to decrypt once hardware catches up - and that horizon just moved much much closer. - ECC-256, the crypto that actually protects most live TLS, SSH, and PKI traffic today, is more quantum-vulnerable than RSA-2048 in this analysis. (Because, smaller keys mean simpler quantum circuits.) - Quantum computing and quantum networking hardware is improving fast. The 10-day runtime at 26,000 qubits will get shorter, and investment in this space is accelerating. All this to say, the timeline for deploying NIST-standardized post-quantum cryptography, PQC (ML-KEM, ML-DSA, SLH-DSA, just moved to now.

Quantum Computing Could Shatter Encryption Sooner Than Expected, Google Researcher Warns Introduction: A New Countdown for Cryptographic Security A new study by Google Quantum AI researcher Craig Gidney has dramatically reduced the estimated quantum computing power required to break RSA encryption, slashing previous projections by a factor of 20. While Bitcoin doesn’t use RSA, the breakthrough has serious implications for all public-key cryptography, including the elliptic curve algorithms used by cryptocurrencies. Key Findings and Implications • Quantum Cost of Breaking RSA Reassessed • Gidney’s paper shows that RSA encryption—used in securing data, digital certificates, and some crypto wallets—can be cracked with far fewer quantum resources than previously thought. • The update implies that quantum threats may arrive earlier than the cybersecurity community has prepared for. • Why It Matters for Crypto • While Bitcoin uses elliptic curve cryptography (ECC) rather than RSA, ECC is similarly vulnerable to Shor’s algorithm, which quantum computers could use to extract private keys from public ones. • This raises concerns for crypto holders, exchanges, and developers: if quantum computing advances faster than expected, today’s wallet protections may be obsolete. • No Immediate Threat—Yet • Current quantum machines still lack the millions of error-corrected qubits needed to execute these attacks. • However, the acceleration in theoretical research and hardware development means “crypto-agility”—the ability to switch to post-quantum encryption—should be a top priority. • Call to Action for Developers and Institutions • Security protocols across finance, healthcare, and defense rely on public-key cryptography. • Gidney’s findings reinforce calls for post-quantum cryptographic standards, already in development by agencies like NIST. • For crypto, it underscores the urgency of transitioning to quantum-resistant wallet and transaction structures before the risk becomes real. Why This Matters: The Quantum Clock Is Ticking This research represents more than a mathematical tweak—it’s a strategic warning. Quantum computing is progressing rapidly, and assumptions about how long existing encryption will remain safe may no longer hold. For crypto, finance, and digital infrastructure at large, proactive adaptation to quantum threats isn’t optional—it’s essential. Keith King https://lnkd.in/gHPvUttw

🚨 Two major new research papers just dropped that dramatically accelerate the quantum threat to crypto. Google Quantum AI optimized Shor’s algorithm down to roughly 1K logical qubits, potentially allowing private keys to be cracked in minutes on advanced superconducting hardware. A follow-up from Oratomic then brought neutral-atom implementations down to just 26K physical qubits with a runtime of around 10 days. This makes Q-Day feel much closer, within just a few years of being reachable. This year at Satoshi Roundtable the mood around quantum computing wasn’t very enthusiastic. We openly discussed how a powerful enough quantum computer could break ECDSA signatures (secp256k1) used across Bitcoin, Ethereum, and most protocols, exposing massive on-chain value including dormant and early-mined coins. The big question was: how do we prepare, and prepare well? Crazy times to be living through. Honestly, teams working in encryption and blockchain should seriously consider stopping everything else and prioritizing this now. It’s time to start integrating quantum-resistant encryption algorithms into modern protocols. No matter if a cryptographically relevant quantum computer arrives in one year or in five, adversaries are likely already collecting encrypted traffic and on-chain data today waiting to decrypt everything the day quantum power crosses that threshold. The shift is real: migrating to post-quantum cryptography is no longer optional. It’s urgent infrastructure work for wallets, bridges, staking, exchanges, and every system holding long-term value. https://lnkd.in/dGUR24xH

Reading A Practitioner’s Guide to Post-Quantum Cryptography from the Cloud Security Alliance made me pause. It highlights something many organizations still underestimate very often: modern cryptography was not designed for a future with cryptographically relevant quantum computers (CRQCs). This threat is also not theoretical. The risk comes from Store Now, Decrypt Later attacks, where encrypted data can be harvested today and broken once quantum capabilities mature. Time, not just technology, becomes the critical risk factor. Key highlights from the guide • Shor’s and Grover’s quantum algorithms threaten most public-key cryptography in use today, including RSA, Diffie-Hellman, and elliptic-curve algorithms • CRQCs may emerge by the early 2030s, putting long-term-value data at risk even if systems are secure today • Data confidentiality and integrity are both impacted by Store Now, Decrypt Later attacks • NIST published post-quantum cryptography standards in 2024 (FIPS-203, FIPS-204, FIPS-205), but enterprise adoption will take time and investment • Risk assessment must begin by identifying which data assets still hold value at “Q-Day,” not by blanket cryptographic replacement Who should take note • Security leaders responsible for long-term data protection strategies • Architects managing encryption for data at rest, data in transit, and non-repudiation • Compliance and governance teams evaluating regulatory and sector-specific quantum readiness requirements • Engineering teams responsible for cryptographic libraries, TLS, VPNs, KMS, and certificate management Why this matters Unlike most cyber threats, quantum risk is driven by time. Data intercepted today may be compromised years later. If enterprises wait until CRQCs arrive, it will already be too late for data with long-term value. At the same time, mitigation is costly, complex, and not yet fully supported by mainstream products. The path forward The guide emphasizes starting with disciplined risk assessment, identifying vulnerable cryptographic functions, and mapping technology components before committing to mitigation. Enterprises should periodically reassess risk, track technology maturity, and align mitigation efforts with CSA Cloud Controls Matrix guidance rather than rushing into premature or unnecessary changes.

🛡️ The Quantum Clock is Ticking quietly: Is Your Financial Infrastructure Ready? The financial industry is built on a foundation of digital trust, currently secured by #cryptographic standards like RSA and ECC. However, the rise of Cryptographically Relevant Quantum Computers (CRQC) poses an existential threat to this foundation. As we navigate this transition, here are 3 key pillars from the latest Mastercard R&D white paper that every financial leader must prioritize: 1. Addressing the 'Harvest Now, Decrypt Later' (HNDL) Threat 📥 Malicious actors are already intercepting and storing sensitive #encrypted data today, intending to decrypt it once powerful quantum computers are available. Financial Use Case: Protecting long-term assets such as credit histories, investment records, and loan documents. Unlike transient transaction data (which uses dynamic cryptograms), this "shelf-life" data requires immediate risk analysis and the adoption of quantum-safe encryption for back-end systems. 2. Quantum Resource Estimation & The 10-Year Horizon ⏳ While a CRQC capable of breaking RSA-2048 in hours might be 10 to 20 years away, the migration process itself will take years. Financial Use Case: Developing Agile Cryptography Plans. Financial institutions should set "action alarms" for instance, once a quantum computer reaches 10,000 qubits, a pre-prepared 10-year migration plan must be triggered to ensure infrastructure is updated before the "meteor strike" occurs. 3. Hybrid Implementations: The Bridge to Security 🌉 The transition won't happen overnight. The paper highlights the importance of Hybrid Key Encapsulation Mechanisms (KEM), which combine classical security with PQC. Financial Use Case: Enhancing TLS 1.3 and OpenSSL 3.5 protocols. By implementing hybrid models now, banks can protect against current quantum threats (like HNDL) while maintaining compatibility with existing classical systems, ensuring a smooth and safe transition. The Bottom Line: A reactive approach is no longer an option. Early adopters who evaluate their data's "time value" and begin the migration today will be the ones to maintain resilience and protect global financial assets tomorrow. #QuantumComputing #PostQuantumCryptography #FinTech #CyberSecurity #DigitalTrust #MastercardResearch

What Google’s latest quantum experiment means for digital security right now Google’s new Quantum Echoes experiment confirms progress in verifying quantum behaviour using the 65-qubit Willow processor. This development has sparked many discussions about whether Q-day is now closer. Q-day refers to the moment when a quantum computer can break widely used encryption standards like RSA-2048 and ECC. The foundation for this concern comes from Shor’s algorithm, which shows that a sufficiently capable quantum system could factor large numbers faster than classical methods, undermining the mathematics behind public key encryption. Today’s quantum devices operate with only 100s of noisy qubits, far below the millions of logical qubits needed to threaten encryption. The concept of “harvest now, decrypt later” is central to security planning. This means that encrypted data gathered today could be decrypted once quantum capability reaches the threshold. Organisations must move toward quantum safe cryptography such as CRYSTALS-Kyber for encryption and Dilithium for digital signatures. These algorithms are now standardised and recommended. For banks, cloud services, government agencies, and critical infrastructure providers, this clarity is an urgent reminder to review security roadmaps. Taking early steps in post-quantum readiness will strengthen long-term data protection and maintain trust in digital systems. If your security strategy does not yet include post-quantum planning, now is the time to start defining that roadmap.

BREAKING: Two new papers just dropped that suggest Q-Day is closer than we thought. Is Bitcoin toast? Tl;dr: Two research teams independently showed that breaking the encryption behind Bitcoin, Ethereum, and most of the internet requires far fewer quantum resources than previously estimated — and those resources are approaching engineering reality. Yesterday, Google published a whitepaper with updated estimates for cracking the elliptic curve cryptography (ECC), which secures virtually all major blockchains. Their finding: a superconducting quantum computer with fewer than 500,000 physical qubits could derive a Bitcoin private key in about 9 minutes. A quantum attacker could intercept a transaction in progress, crack the key, and submit a fraudulent replacement before the original is recorded. Today, a team from startup Oratomic and Caltech showed that a neutral atom quantum computer could do the same thing with as few as 10,000 physical qubits — but in days, not minutes. Labs have already demonstrated neutral atom arrays with 6,100+ qubits. Google also published a zero-knowledge proof that their circuits work without revealing the circuits themselves. Think of it as telling the world "we can pick this lock" while refusing to publish the instructions. But cryptocurrency is only part of the story. The same math that secures Bitcoin also secures TLS (every HTTPS website), SSH (remote administration), firmware signing, electronic passports, encrypted messaging, and IoT authentication – among other things. The quantum threat to blockchain is a specific instance of a much, much broader problem. NIST finalized post-quantum cryptography standards in 2024 and migration is underway for some systems. But it's slow, expensive, and for dormant crypto assets, impossible. The time to start moving to post-quantum cryptography...is NOW. Google paper: https://lnkd.in/eUMbf78u Oratomic/Caltech paper: https://lnkd.in/emn7ihf7

One of the global leaders in quantum computing is urging governments, companies, and critical infrastructure operators to expedite preparations for the quantum computing era. The warning highlights that today’s encryption systems could be compromised sooner than anticipated, alongside outlining the company's commitments to post-quantum security. This call to action is detailed in a new blog post by Kent Walker, president of global affairs at Google and Alphabet, and Hartmut Neven, founder and lead of Google Quantum AI. They emphasize that quantum computing serves as both a transformative scientific tool and a potential cybersecurity threat. The same machines that are expected to enhance drug discovery, materials science, and energy could also jeopardize the public-key cryptography that safeguards financial transactions, private communications, and classified data. “To put that plainly: The encryption currently used to keep your information confidential and secure could easily be broken by a large-scale quantum computer in coming years,” they state. Google is advocating for the swift adoption of post-quantum cryptography, warning that advancements in quantum computing could soon undermine the encryption securing today’s digital systems. The company has been preparing for a post-quantum world since 2016, implementing quantum-resistant protections across its infrastructure and aligning its migration plans with NIST standards set to be finalized in 2024. Google calls on policymakers to foster society-wide momentum through cloud modernization, global alignment on standards, and closer collaboration with quantum experts to prevent security surprises.

Quantum computing is set to change everything — promising breakthroughs in medicine and science that were once thought impossible. But this power comes with a deadline: it will eventually make our current encryption obsolete. The risk isn't just in the future. Because attackers can "harvest" encrypted data today and wait for quantum computers to unlock it later, we have to act now. At Google, we’re urging organizations to start these three steps: 1️⃣ Move to Post-Quantum Cryptography (PQC): Start adopting the new NIST standards to protect your data for the long haul. 2️⃣ Build "Crypto Agility": Make sure your systems are flexible enough to swap out security standards easily. 3️⃣ Prioritize the Cloud: It’s the most efficient way to roll out these new, quantum-resistant defenses at scale. We’re building for a future where we can enjoy the benefits of quantum without sacrificing our security. https://lnkd.in/e-rJKPwi #QuantumComputing #Cybersecurity #Google #PQC #TechInnovation #SaferWithGoogle

QKD vs Post-Quantum Cryptography — which one actually wins? As quantum threats become more real, two approaches are getting a lot of attention: - Quantum Key Distribution (QKD) - Post-Quantum Cryptography (PQC) Both aim to secure communication in a future with quantum computers. But they take very different approaches. QKD - QKD distributes encryption keys using quantum states. - Security is information-theoretic under ideal assumptions - Eavesdropping introduces detectable disturbances (via higher error rates) - Requires specialized infrastructure (quantum + classical channels) Today, it is mostly limited to pilot deployments and high-security environments. PQC - PQC uses classical cryptographic algorithms designed to resist quantum attacks. - Security is based on computational hardness assumptions - Believed to be resistant to quantum attacks - Works on existing infrastructure It is already moving toward standardization and real-world adoption. The real question. This isn’t just about security. It’s about what actually scales in practice. Likely outcome: QKD may be used in: - defense and government networks - critical infrastructure - highly controlled environments PQC is more likely to: - scale across industries - integrate into existing systems - become the default standard Final thought!! The future is probably not QKD vs PQC. It’s: PQC for scale, QKD for specialized use cases. Curious to hear your view. Which approach will dominate? - QKD - PQC - Both (different use cases) - Too early to tell Comment 1 / 2 / 3 / 4 #QuantumComputing #CyberSecurity #PostQuantumCryptography #QuantumCommunication #DeepTech