quantum computing encryption
|

The Quantum Computer Is Coming: Why Today’s Encryption Could Soon Be Useless

ByImran Valiani

Quantum computing threatens RSA, banking, crypto wallets, and global security faster than most people think.

About the Author

Imran Valiani | Sales Director, PCB Electronics Manufacturing — 20+ years working with major Bay Area and global tech clients. Founder of Silicon to Software, where I write about the hardware layer — PCB fab, AI gear, autonomous systems, and cyber — the stuff most tech writers have never touched. Literally. Follow: X @SiToSoftware | LinkedIn

Quantum computing encryption is no longer a distant research problem — it’s an active threat to the systems protecting your money, your data, and your identity right now.

Let me start somewhere weird.

20 million. That’s how many noisy qubits researchers thought you’d need to break RSA-2048 back in 2021 (per Gidney & Ekerå, Quantum Vol. 5, p. 433). A big scary number. Everyone breathed out.

Then in May 2025, the same researcher — Craig Gidney — published a new solo paper (arXiv preprint 2505.15917) saying: actually, under a million. Same job. Less gear. Longer run time — under a week — but still. Twenty million to one million. In four years.

I think that’s the number people should be talking about. They’re not, really. Not enough.

Anyway. Let me back up.

The Basic Bet That Holds the Internet Together

quantum computing encryption
AI-generated illustration. Created using Google Flow

Here’s how it works right now — and I’ll keep this short.

TLS, RSA, ECC, ECDSA. These are the locks on everything. Your bank. Your email. Bitcoin in a cold wallet. The padlock in your browser tab. All of them lean on one idea: big numbers are hard to factor.

RSA-2048 specifically — the standard guarding most of banking, health, and government infrastructure — gives you 112 bits of security strength against classical machines, per NIST SP 800-57 Part 1 Rev. 5 (Table 2). In practice, brute force can’t touch it. Not now. Not with anything that runs today.

Key word: classical.

That’s the whole thing. That one word. The moment you swap in a quantum computer, the math breaks.

I know what you’re thinking — “yeah but that’s sci-fi, right?” And I get it. Honestly, three years ago I’d have agreed. But I’ve noticed, working in hardware, that the people most likely to wave this off are the furthest from the silicon. The closer you are to how chips actually get made and shipped and deployed, the less you wave it off.

How Quantum Computing Encryption Works — And Why It Breaks Everything

Classical chips: bits. One or zero. That’s it.

Qubits can be both at once — superposition. Pair that with entanglement and interference and you don’t get a faster chip. You get a different kind of machine. One that can crack specific math problems in ways classical gear just can’t.

The one that matters here: Shor’s Algorithm. Developed by Peter Shor in 1994 at AT&T Bell Labs. Published formally in the SIAM Journal on Computing (Vol. 26, No. 5, 1997). It breaks integer factorization — the math RSA runs on — exponentially faster than any classical method. And it breaks the elliptic-curve discrete log problem that ECDSA runs on. Same tool. Two kills.

One algorithm. Two problem classes. Game over for public-key crypto.

Then there’s Grover’s Algorithm — less dramatic but still worth knowing. It halves the effective strength of symmetric encryption. AES-128 goes from 128-bit to 64-bit effective security. Breakable. AES-256 drops to 128-bit — still fine. The point: if you’re running AES-128 anywhere, migrating to AES-256 is part of this same process. Not a side task. Part of it.

On the other hand, maybe I’m overstating Grover’s urgency — AES-256 does survive, and most serious systems already run it. But if you’re on 128? Don’t wait.

Where the Hardware Is Right Now — Honestly

Not there yet. I want to be straight about that.

IBM’s Condor crossed 1,000 qubits — 1,121 superconducting qubits, announced at the IBM Quantum Summit on December 4, 2023. Impressive. Also the wrong metric. Fault-tolerant logical qubits are what actually matter, and those need quantum error correction (QEC) at a scale nobody has hit yet. We’re still in the NISQ era — noisy intermediate-scale quantum. Useful for some research. Not for cracking RSA. Not yet.

But the direction of the resource estimates is what I keep coming back to. Twenty million down to one million. In four years. I think if you’re making long-horizon security decisions — and if you work in finance, defense, health, or infrastructure, you are — that trend line is the thing to watch. Not whether we’re there today.

The Attack That Doesn’t Need a Quantum Computer Yet

Okay, here’s the part that actually keeps me up.

You don’t need quantum hardware to start the attack. You need it to finish it.

Security agencies are increasingly operating on the assumption that adversaries are already harvesting encrypted traffic right now — storing it, waiting for the hardware to catch up. CISA and the NSA put this in their August 2022 joint advisory “Quantum-Readiness: Migration to Post-Quantum Cryptography.” The name for the strategy: harvest now, decrypt later (HNDL).

Grab the data. Sit on it. Crack it later.

Medical files. Legal docs. M&A talks. State comms. Anything that has to stay secret for the next ten to fifteen years is, in theory, already inside that window. Sitting in an archive. Waiting.

That’s not fearmongering. That’s the formal planning assumption of two major U.S. security agencies. At the end of the day, if CISA and NSA are building their playbooks around this — maybe take it seriously.

What’s Actually at Risk — Let Me Be Real With You

The Whole Web’s Trust Chain

Every HTTPS connection goes through an X.509 cert from a certificate authority. That cert runs on RSA or ECC. A quantum computer running Shor’s doesn’t just break one site. It breaks the system that lets you know any site is what it says it is. Code-signing certs. S/MIME email. All of it.

Not a patch. A rebuild. Full stop.

Crypto — And There’s a Nuance Here Most People Miss

In my experience this is the one people get most wrong. Bitcoin and Ethereum both use ECDSA on the secp256k1 curve. Yes, Shor’s could derive private keys from public keys — eventually. But Bitcoin addresses aren’t public keys. They’re HASH160 digests — RIPEMD-160 of SHA-256 of the public key. If a wallet has never sent funds, the public key isn’t even on-chain yet. It shows up when you broadcast a transaction. That’s the window.

What’s already exposed? Reused addresses. Address signed a transaction before? Public key is on-chain. Permanently. That’s your real risk right now. Not theoretical future threat — current exposure, future exploit. Use each address once. Done.

Banking

SWIFT moves trillions a day. Same crypto assumptions. Same exposure. The BIS called it out in its 2023 Annual Economic Report. The plumbing of global finance has the same problem as your browser lock. Not great.

Enterprise VPN

IKEv2 — runs most enterprise VPN — uses Diffie-Hellman key exchange. Shor’s breaks both classical DH and ECDH via the discrete log problem. The NSA deprecated both classical DH and RSA for national security systems in CNSA 2.0 (September 2022). I’ve found that fact moves conversations faster than anything else I can say in a meeting. When the NSA stops using something — draw your own conclusions.

NIST Did Their Part. August 2024.

Three standards. Done.

  • ML-KEM (FIPS 203, formerly CRYSTALS-Kyber) — key encapsulation
  • ML-DSA (FIPS 204, formerly CRYSTALS-Dilithium) — digital signatures
  • SLH-DSA (FIPS 205, formerly SPHINCS+) — stateless hash-based sigs

Not drafts. Ratified. The which-algorithm question is closed. The only open question is why you haven’t started.

For migration, hybrid key establishment is the move — run X25519 or ECDH P-384 alongside ML-KEM in the same handshake. One breaks, the other holds. NIST IR 8547 (2024 initial public draft) backs it; NIST SP 800-56C Rev. 2 handles the key derivation underneath.

I keep coming back to Signal. They shipped PQXDH — Post-Quantum Extended Diffie-Hellman — in 2023. A messaging app. Beat most banks to it. If you’re in finance and you don’t have a migration plan yet — I’m not going to say you should feel bad. But. You know.

What to Do — In Order

Here’s what I actually tell people.

Step one: inventory. Not your software stack — your components. Every chip running RSA, ECC, or DH. Every HSM. Every secure enclave. Every embedded device. I go deep on why this gets complicated in [Part 2], because crypto baked into hardware doesn’t get swapped with a patch. Some stuff needs physical replacement. Find out which stuff before you’re at a deadline, not after.

Step two: sort by shelf life. What has to stay secret for a decade or more? That data is already inside the HNDL window. Start there.

Step three: start evaluating ML-KEM and ML-DSA now. Don’t sweat the learning curve — that’s what your team is for. But don’t wait either. TLS 1.3 took years to get real adoption after RFC 8446 in August 2018, and that migration was simpler than this one. Way simpler. History says start early.

Step four: stop reusing crypto addresses. Free. Takes minutes. Just do it.

No Date. But a Clear Direction.

I think — and I could be wrong — that the people most surprised when this becomes urgent will be the ones who read pieces like this and thought “yeah, eventually.” Eventually has a way of arriving faster than the slide decks suggest.

The NCSC’s March 2025 roadmap has milestones at 2028, 2031, and 2035 for full migration. NSA targets the 2030s. RAND’s 2023 ICS/OT assessment (RR-A2427-1) says quantum will eventually break public-key crypto across critical infrastructure. Nobody gives you a date. But nobody serious is saying don’t worry about it either.

Two decades in hardware. Here’s what I know: the harvest may already be running. Standards are on the desk. Every month this sits on the backlog is another month of ciphertext piling up in archives that will one day be readable.

The quantum computer is coming. What’s protecting most of the world’s systems right now wasn’t built with it in mind.

Start the inventory. This week.

Hardware side of this? Read Part 2: [Your Embedded Hardware Has a Quantum Problem Nobody Is Talking About] — ML-KEM memory constraints on ARM Cortex-M chips, TPM realities, FPGA bitstream gaps, and what a quantum-aware board design actually takes.

About the author: Imran writes Silicon to Software — covering AI infrastructure, hardware, and the electronics industry from a practitioner’s perspective. Follow on X @SiToSoftware and LinkedIn.

This post was written with AI assistance. See my full AI disclosure.

Sources & Further Reading

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *