Quantum Computing
Q-Day Just Got
A Lot Closer.
Three Papers. Twelve Months.
The Internet’s Encryption Is Running Out of Time.
In less than a year, researchers at Google, Caltech, Oratomic, and Iceberg Quantum slashed the number of qubits needed to break RSA encryption by a factor of 200. Researchers now measure the threat in years, not decades. This analysis explains exactly what happened and what every organisation must do about it.
For three decades, the conventional wisdom on quantum computing encryption was reassuring: yes, a quantum computer running Shor’s algorithm could theoretically break RSA encryption — but doing so would need 20 million qubits, and we were nowhere near that. The quantum computing encryption threat was real but distant, a problem for 2040 or 2050. In March 2026, three research papers arrived within days of each other and demolished that comfortable timeline. The number is no longer 20 million. It may be as low as 100,000. Q-Day — the day a quantum computer breaks the encryption protecting the internet — just got a lot closer.
Importantly, this is not a quantum computing encryption hardware story. No new quantum processor was built, and no new qubit technology was demonstrated. Instead, the entire shift came from algorithms — specifically, from researchers finding dramatically more efficient ways to run Shor’s factoring algorithm on hardware that already exists or will exist within years. Consequently, this is, in some ways, more alarming than a hardware breakthrough. While you can slow hardware development through export controls or funding restrictions, you cannot uninvent an algorithm once it is published.
Together, therefore, the three papers represent the most consequential shift in quantum computing encryption risk in a generation — what The Quantum Insider called “the most significant shift in quantum threat assessment since Peter Shor published his factoring algorithm in 1994.” In the sections that follow, we break down exactly what each paper found, why it matters, and what the combined picture means for every organisation that relies on digital encryption.
The Quantum Computing Encryption Threat That Is Already Active
The Harvest Now, Decrypt Later Threat Is Active Today
State actors and sophisticated adversaries are already collecting encrypted data today with the explicit intention of decrypting it once quantum computers arrive. Any communication or data that must remain confidential into the 2030s faces active risk right now — not in the future. This is not a theoretical concern. State actors are running this operation today.
What Google, Iceberg & Caltech Found About Quantum Computing Encryption Risk
Iceberg is already working with PsiQuantum, Diraq, IonQ, and Oxford Ionics — several of which project timelines to build systems at this scale within three to five years. However, QLDPC codes require qubit connectivity beyond simple nearest-neighbour grids, and researchers have validated the architecture through simulation only. Nevertheless, the direction is unambiguous.
Why These Quantum Computing Encryption Papers Hit Differently
Unlike previous advances, all three papers appeared within weeks of each other. Furthermore, they used completely different hardware approaches — superconducting qubits, QLDPC codes, and neutral atoms — yet arrived at the same conclusion. Together, they form a convergent signal that the field cannot dismiss.
How the Quantum Computing Encryption Threat Collapsed — The 14-Year Arc
The most important way to understand what happened in March 2026 is to see the quantum computing encryption threat in context of the full trajectory. The estimated number of physical qubits required to break RSA-2048 has not declined gradually — it has collapsed in steps, each driven by a new algorithmic insight:
Physical Qubits Required to Break RSA-2048 — Estimates Over Time
“`Surface codes
QLDPC Pinnacle
Neutral atoms (ECC)
The critical insight for quantum computing encryption risk is that this decline is algorithmic, not hardware-constrained. As a result, you cannot pause algorithmic progress by restricting chip exports or controlling fab access.
Furthermore, the code is written, the papers are published, and the knowledge is now distributed globally. Therefore, the race is between organisations completing post-quantum migrations and the hardware catching up to where the algorithms already are.
“It’s a real shock. We’ll need to speed up our efforts considerably.”
Bas Westerbaan, Cybersecurity Researcher, Cloudflare — responding to the March 2026 papersWhy Cryptocurrency Has the Most Urgent Deadline of All
Google’s March 2026 paper on elliptic curve quantum computing encryption contains a detail that has sent the cryptocurrency community into overdrive. Specifically, the paper presents two optimised quantum circuits for solving the 256-bit Elliptic Curve Discrete Logarithm Problem — the mathematical foundation of Bitcoin and Ethereum wallet security.
ECC requires roughly 100× fewer computational operations than RSA-2048. Consequently, the attack timeline collapses from a week to just minutes — a dramatic compression that changes the urgency of the threat entirely.
More specifically, Shor’s algorithm for ECC can be “primed.” The first half of the computation depends only on fixed curve parameters, so researchers can precompute it in advance.
Once a specific public key appears — which happens when Bitcoin broadcasts a transaction to the network — the remaining computation takes approximately nine minutes. Since Bitcoin’s average block confirmation time is ten minutes, this creates a dangerously narrow window. Under idealised conditions, Google estimates a roughly 41% probability that a primed quantum computer could derive a private key before a transaction confirms.
This is not an imminent threat, since the quantum hardware capable of running these circuits does not yet exist. Nevertheless, it establishes a clear engineering target. The reaction from the crypto community was immediate: Cloudflare accelerated its post-quantum deadline to 2029. Ethereum researcher Justin Drake — a co-author on the Google paper — called it “a momentous day for quantum computing and cryptography.” Starknet founder Eli Ben-Sasson called on the Bitcoin community to accelerate work on BIP-360 and quantum-resistant upgrades. Google itself has set a 2029 internal deadline for migrating away from RSA and ECC.
The Zero-Knowledge Proof Detail
Google made an extraordinary decision with its ECC paper: rather than publishing the actual quantum circuits, the team released a zero-knowledge proof — a cryptographic technique that lets anyone mathematically verify the result without accessing the attack details. This is unprecedented in quantum cryptanalysis research. The team engaged the US government prior to publication and published a responsible disclosure blog post. The fact that Google felt this level of caution was warranted tells you something about how serious the result is.
Quantum Computing Encryption Deadlines: Governments Are Moving — Is Your Organisation?
The policy framework for quantum computing encryption migration was already in motion before March 2026. These papers accelerated it significantly. The key deadlines every enterprise security and technology leader should know:
| Organisation | Requirement | Deadline |
|---|---|---|
| NIST (US) | Deprecate RSA-2048, ECDSA P-256 and quantum-vulnerable algorithms | After 2030 |
| NIST (US) | Disallow all quantum-vulnerable algorithms | After 2035 |
| NSA CNSA 2.0 | All new national security systems must be quantum-safe | January 2027 |
| Google (internal) | Full migration away from RSA and ECC | 2029 |
| Cloudflare | Full post-quantum security — deadline accelerated after March 2026 | 2029 |
| EU (18-nation joint statement) | PQC migration for high-risk use cases | 2030 |
| EU (Cyber Resilience Act) | Quantum-Safe-by-Design framework | Evolving |
| NIST Standards Available | ML-KEM, ML-DSA, SLH-DSA (finalised Aug 2024) + HQC (March 2025) | Now |
Fortunately, the standards organisations need are already published. NIST finalised its first three post-quantum cryptography standards in August 2024: ML-KEM, ML-DSA, and SLH-DSA. Researchers added a fourth standard, HQC, in March 2025 as a code-based backup to the lattice-based primary standards. The tools for migration exist. Organisations have finalised the standards. Governments have set the deadlines. The question is whether organisations are moving fast enough.
Five Quantum Computing Encryption Actions — Before the Window Closes
Start With Inventory: Know Your Quantum Computing Encryption Exposure
1. Conduct a cryptographic inventory. First and foremost, you cannot migrate quantum computing encryption vulnerabilities you have not mapped. Identify every system, service, and data store using RSA, ECC (including ECDSA and ECDH), and Diffie-Hellman key exchange. This includes TLS certificates, code-signing infrastructure, VPN configurations, authentication systems, and any API that uses public-key cryptography. For most large organisations, this inventory has never been done comprehensively.
2. Prioritise by confidentiality horizon. Once you have your inventory, the next step is to sort by risk. Any data protected by quantum computing encryption standards that must remain confidential into the 2030s faces risk today from harvest-now-decrypt-later attacks. This includes medical records, financial transaction histories, legal communications, intellectual property, and classified information. Organisations should migrate these systems first, regardless of how far away Q-Day actually is.
Quantum Computing Encryption Migration: The Technical Steps
3. Begin pilot implementations of NIST-standardised PQC algorithms. In parallel with your inventory work, ML-KEM (key encapsulation), ML-DSA (digital signatures), and SLH-DSA (hash-based signatures) are finalised standards with reference implementations available. Start with non-critical systems to build operational experience before the deadline pressure intensifies.
4. Build crypto-agility into new system designs. Beyond existing systems, Any new system built today should be designed to swap cryptographic primitives without requiring architectural changes. Hardcoding RSA or ECC into new deployments in 2026 is an architectural debt that will become expensive very quickly.
The AI Connection: Quantum Computing Encryption and Project Glasswing
5. Follow the connection to AI cybersecurity. The Caltech/Oratomic paper was developed with AI as an “instrumental” tool in the algorithm discovery process. The same AI-augmented research capability that accelerated the attack timeline is also being deployed for defence — most notably in Anthropic’s Project Glasswing, which we covered in depth. AI is simultaneously compressing the threat timeline and expanding the defensive toolkit. Organisations that understand both sides of this dynamic will be significantly better positioned than those who treat them as separate problems.
The Honest Assessment
In summary, Q-Day is not tomorrow. The quantum hardware capable of running Gidney’s circuits, Iceberg’s Pinnacle architecture, or Oratomic’s neutral-atom arrays does not yet exist at the required scale. IBM, Google, IonQ, and others have published roadmaps targeting the necessary qubit counts by the late 2020s to early 2030s. There is still time for an orderly migration — but only just, and only for organisations that start now.
However, what changed in March 2026 is the confidence interval. For a decade, the quantum threat to encryption was real but plausibly distant enough to defer. Three papers in twelve months have compressed the uncertainty dramatically. The algorithmic path to breaking RSA-2048 is now mapped in granular detail. The hardware is being built by well-funded teams on published timelines. The remaining question is not whether — it is when.
As a result, the migration window is open. The NIST standards are published. The deadlines are set. Google is moving. Cloudflare is moving. The NSA has a mandatory deadline of January 2027 for new national security systems. The organisations that treat post-quantum cryptography as a future problem rather than a current project are accumulating a technical and security debt that will become increasingly expensive to resolve as the hardware timeline becomes clearer.
The question is not whether your encryption will be broken. It is whether you will have migrated before it happens.
Sources & References
- The Quantum Insider — “Q-Day Just Got Closer: Three Papers in Three Months”, March 31, 2026: thequantuminsider.com
- Quanta Magazine — “New Advances Bring the Era of Quantum Computers Closer Than Ever”, April 2026: quantamagazine.org
- ScienceNews — “Just 10,000 quantum bits might crack internet encryption schemes”, April 2026: sciencenews.org
- Cloudflare — “Post-Quantum Roadmap: Cloudflare targets 2029 for full post-quantum security”, April 2026: blog.cloudflare.com
- CoinDesk — “A quantum computer may need just 10,000 qubits to empty your crypto wallets”, March 2026: coindesk.com
- TIME — “AI Helped Spark a Quantum Breakthrough. The World Is Not Prepared”, April 2026
- ScienceAlert — “Quantum Computers Could Break Encryption Far Sooner Than We Realized”, April 2026: sciencealert.com
- NIST Post-Quantum Cryptography Standards — ML-KEM, ML-DSA, SLH-DSA (August 2024), HQC (March 2025)
- Straithead — Project Glasswing: AI Cybersecurity and the Zero-Day Vulnerability Arms Race
- Straithead — AI’s Missing Economic Impact: What Goldman Sachs Got Right — And What It Missed