Two independent research papers published in the last week of March have forced the cybersecurity world to rethink how quickly quantum computers could break the encryption that protects your data. The answer: much sooner than anyone expected.
Google’s quantum team and a Caltech-backed startup called Oratomic both concluded that breaking modern encryption will require far fewer quantum resources than previous estimates suggested. Google has responded by moving its internal migration deadline to post-quantum cryptography forward to 2029. If you store private data online — and you do — this directly affects you.
The Numbers That Changed Everything
In 2012, researchers estimated that breaking standard public-key encryption would require roughly one billion precise qubits — the fundamental units of quantum computing. That number put the threat comfortably far in the future.
Those estimates have collapsed.
Google’s research, published on March 25, showed that a quantum computer with one million “noisy” qubits — imperfect, error-prone qubits that current machines already use — could factor a 2048-bit RSA integer in less than a week. RSA-2048 is the encryption standard protecting most of the internet’s secure connections right now.
A week later, Oratomic dropped even more aggressive numbers. Their paper, authored in collaboration with Caltech scientists, claims a system with just 10,000 reconfigurable atomic qubits could run Shor’s algorithm — the quantum method for cracking public-key encryption. With 26,000 qubits, an attacker could break ECC-256, the elliptic curve cryptography that secures Bitcoin, Ethereum, and countless other systems, in roughly 10 days.
To put this in perspective: Oratomic co-founder Manuel Endres has already demonstrated trapping arrays of 6,000 atomic qubits. The gap between what exists in a lab and what’s needed to break encryption has narrowed from astronomical to alarmingly small.
What “Q-Day” Means for Your Privacy
The security community calls it Q-Day — the theoretical point when a quantum computer becomes powerful enough to break current cryptographic protections. When Q-Day arrives, the encryption guarding your emails, cloud storage, bank accounts, medical records, and private messages becomes meaningless.
But the threat isn’t limited to the future. Intelligence agencies and state-backed hackers are already running “store now, decrypt later” operations — harvesting encrypted data today with the expectation that quantum computers will let them read it later. Every encrypted file, message, or backup that has been intercepted and stored becomes readable the moment a sufficiently powerful quantum computer comes online.
If your cloud provider holds your encrypted data and that encryption isn’t quantum-resistant, everything stored there has an expiration date on its privacy.
Who’s Responding (and Who Isn’t)
Google has shortened its internal timeline for migrating all its systems to post-quantum cryptography, targeting 2029. The company stated: “As a pioneer in both quantum and PQC, it’s our responsibility to lead by example and share an ambitious timeline.”
NIST finalised its first three post-quantum cryptography standards in August 2024: ML-KEM (FIPS 203) for key encapsulation, ML-DSA (FIPS 204) for digital signatures, and SLH-DSA (FIPS 205) as a backup signature scheme. These algorithms are designed to resist quantum attacks and are ready for deployment now.
Several governments have published quantum readiness strategies. The European Commission aims to have operational quantum communication infrastructure by 2027. The UK, France, Germany, the Netherlands, and the US all have published national strategies.
But adoption is slow. Most websites, cloud services, and applications haven’t started their migration. Global guidelines target a full transition to post-quantum encryption by 2035 — which now looks dangerously relaxed given the accelerated research timeline.
A Note on Oratomic’s Incentives
It’s worth flagging: all nine authors on Oratomic’s paper are shareholders in the company, with six of them employed there. Their research positions Oratomic as a company building the very machines that will force the world to upgrade its encryption. That doesn’t mean their findings are wrong — the research was reviewed by Nature and builds on established quantum computing theory — but the company has a financial interest in making the threat seem imminent.
Google’s findings, published independently with different methodology, largely corroborate the direction. The threat is real. The exact timeline is debatable.
What You Should Do
Ask your cloud provider about post-quantum encryption. Most major providers haven’t migrated yet. If your provider can’t explain their quantum readiness plan, they don’t have one.
Use services with end-to-end encryption and zero-knowledge architecture. Even if the encryption type isn’t yet quantum-resistant, providers that never hold your keys are in a far better position to upgrade their encryption without exposing your data. Services where the provider holds your keys — like most of Google Drive, Dropbox, and iCloud — mean your historical data sits on their servers waiting for Q-Day.
Start paying attention to PQC support. Signal began testing post-quantum encryption protocols in September 2023. Apple added PQ3 to iMessage in early 2024. When choosing tools and services, quantum readiness is now a meaningful differentiator.
Treat anything you upload today as potentially readable in 5-10 years. If a document would still be sensitive in 2035, think carefully about where you store it and how it’s encrypted. Zero-knowledge cloud storage, where only you hold the decryption keys, gives you the ability to rotate encryption as standards evolve.
The window between “quantum computers can’t break encryption” and “quantum computers already have” may be shorter than the security industry assumed. The organisations preparing now will protect their users. The ones waiting for Q-Day to act will have waited too long.