The question isn't if quantum computers will break today's encryption—it's when. This timeline matters enormously: organizations need years to migrate their cryptographic infrastructure, and sensitive data captured today could be decrypted tomorrow. Understanding the quantum threat timeline is essential for effective risk management and strategic planning.
This article examines current expert predictions, the technical milestones required for cryptographically relevant quantum computers (CRQCs), and why the urgency to prepare is far greater than the timeline alone suggests.
Current State of Quantum Computing
As of late 2024, quantum computing has made remarkable progress, but significant challenges remain before quantum computers can threaten cryptographic systems.
Key Metrics Progress
Target: ~4 million physical qubits for RSA-2048
Target: ~4,000 logical qubits for RSA-2048
Target: ~0.0001% for reliable computation
Recent Milestones
IBM Condor & Heron Processors
IBM achieves 1,121 qubits with Condor and demonstrates improved error correction with Heron architecture
Google Willow Chip
Google demonstrates below-threshold error correction, a critical milestone for scalable quantum computing
Microsoft Topological Qubits
Microsoft demonstrates progress toward topological qubits with inherently lower error rates
IBM Breaks 400-Qubit Barrier
IBM Osprey processor achieves 433 qubits, continuing aggressive scaling roadmap
Expert Predictions
Experts disagree on exactly when CRQCs will emerge, but most predictions fall within a 10-20 year window. Understanding the range of predictions helps organizations plan appropriately.
Optimistic View
Assumes breakthroughs in error correction and rapid qubit scaling. Some Chinese researchers and venture-backed startups suggest this timeline.
Moderate View
Most common expert prediction. Assumes steady progress with some breakthroughs. Aligns with major tech company roadmaps.
Conservative View
Assumes current technical challenges prove harder than expected. Some academics suggest cryptographic applications may take longer.
"Within 10 years, quantum computers will be able to break current encryption standards. The question is not if, but when—and organizations need 5-10 years to complete migration."— Consensus from Global Risk Institute Annual Survey (2024)
Key Prediction Sources
- Global Risk Institute: Annual survey of quantum experts shows ~25% probability of CRQC by 2030, ~50% by 2035
- NIST: Recommends deprecating vulnerable algorithms by 2030, complete transition by 2035
- NSA: Mandates post-quantum cryptography for national security systems by 2035
- IBM Roadmap: Projects 100,000+ qubit systems by 2033
- Google: Aims for error-corrected quantum computation within the decade
Technical Requirements for Breaking Encryption
Breaking RSA-2048 or equivalent elliptic curve cryptography requires running Shor's algorithm on a large-scale, fault-tolerant quantum computer. The requirements are substantial:
Breaking RSA-2048
- Logical Qubits: Approximately 4,000 stable logical qubits
- Physical Qubits: Millions of physical qubits (ratio depends on error correction code efficiency)
- Gate Operations: Billions of quantum gates with very low error rates
- Coherence Time: Hours of stable quantum computation
- Execution Time: Estimated 8-20 hours with optimized algorithms
Current vs. Required Capabilities
Why the Urgency Is Greater Than the Timeline Suggests
The naive interpretation of a "2030-2035 threat timeline" is that organizations have 5-10 years before they need quantum-safe cryptography. This dramatically underestimates the urgency for three critical reasons:
The Mosca Theorem
If your data needs protection for X years, your migration takes Y years, and quantum computers arrive in Z years, you need to start migrating when X + Y > Z. For most organizations, this means now.
1. Harvest Now, Decrypt Later
Adversaries are collecting encrypted data today with the expectation of decrypting it once quantum computers become available. This means:
- Data with 10+ year sensitivity is already at risk
- Historical communications and documents can be exposed
- Long-term secrets (trade secrets, government intelligence) are primary targets
- Key exchanges happening today are being recorded
2. Migration Takes Years
Cryptographic migration is notoriously complex and time-consuming:
- Discovery: 1-2 years to inventory all cryptographic assets
- Planning: 6-12 months to develop migration strategy
- Implementation: 3-7 years for large organizations
- Testing: Ongoing validation throughout the process
- Dependencies: Waiting for vendors, partners, and standards
3. Regulatory and Compliance Mandates
Regulations are not waiting for quantum computers to arrive:
- 2025: NIST PQC standards become mandatory for many federal systems
- 2027: NSA Commercial National Security Algorithm Suite 2.0 requirements
- 2030: NIST deprecation deadline for vulnerable algorithms
- Industry regulations: Financial services, healthcare, and critical infrastructure may face earlier mandates
What Organizations Should Do Now
Given the timeline uncertainties and migration complexity, organizations should begin preparations immediately:
Immediate Actions (0-6 months)
- Awareness: Educate leadership on quantum risks and timeline
- Assessment: Begin cryptographic inventory and risk assessment
- Strategy: Develop quantum readiness roadmap
- Monitoring: Track quantum computing progress and standards evolution
Near-Term Actions (6-18 months)
- Inventory: Complete comprehensive cryptographic asset inventory
- Prioritization: Identify highest-risk systems requiring early migration
- Pilot: Begin proof-of-concept implementations with new algorithms
- Vendor Engagement: Assess vendor PQC roadmaps and timelines
Medium-Term Actions (18-36 months)
- Migration: Begin systematic migration of priority systems
- Testing: Validate PQC implementations in production environments
- Training: Develop internal expertise in post-quantum cryptography
- Compliance: Align with evolving regulatory requirements
Use QRAMM to Track Progress
The QRAMM framework provides a structured approach to assess your quantum readiness across governance, technical capabilities, operations, and supply chain dimensions. Start your assessment today to understand your current maturity and plan your migration.
Frequently Asked Questions
When will quantum computers be able to break current encryption?
Most experts estimate that cryptographically relevant quantum computers (CRQCs) capable of breaking RSA-2048 and ECC will emerge between 2030 and 2040. Some optimistic predictions suggest as early as 2027-2030, while conservative estimates extend to 2035-2040 or beyond.
What is a Cryptographically Relevant Quantum Computer (CRQC)?
A CRQC is a quantum computer powerful enough to run Shor's algorithm to break RSA and ECC encryption in practical timeframes. Current estimates suggest this requires millions of physical qubits to create thousands of stable logical qubits with sufficient error correction.
Why should organizations prepare for quantum threats now if they're years away?
Three key reasons: 1) Harvest Now, Decrypt Later attacks mean sensitive data captured today can be decrypted once quantum computers arrive, 2) Cryptographic migration takes 5-15 years for large organizations, and 3) Standards and regulations are being implemented now, requiring early planning.
What is Y2Q or Q-Day?
Y2Q (Year to Quantum) or Q-Day refers to the predicted date when quantum computers will be able to break current public-key cryptography. It's analogous to Y2K but potentially more impactful, as it could compromise most of the internet's security infrastructure.
How many qubits are needed to break encryption?
Breaking RSA-2048 is estimated to require around 4,000 logical qubits, which translates to millions of physical qubits due to error correction overhead. Current quantum computers have hundreds to thousands of physical qubits but very few stable logical qubits.