Preparing For Q-day: The Cat and Mouse Race to Break Encryption

Attackers are stealing encrypted data in preparation for the day when quantum decryption breaks through. Danny Bradbury questions how, and when, ‘q-day’ will come

A quiet race is underway that could determine the fate of secrets around the world. It involves a new kind of computing with the power to unlock all of your secrets. Unfortunately, many organisations have already lost the race, and more frightening still, they don’t even know it yet.

Quantum computing is the technology in question, and it promises to change the fundamentals of computation in ways we haven’t seen since the introduction of the ENIAC.

Regular computers work with bits that represent a 0 or 1. They must flip these bits to calculate numbers sequentially, solving problems one step at a time. Quantum computers utilise a quantum version of these, known as qubits. They exploit the peculiarities of quantum physics to represent both a 0 and a 1 simultaneously (a concept known as ‘superposition’). This allows them to tackle certain kinds of mathematical problems very quickly, by joining these bits together and calculating lots of numbers simultaneously.

Goodbye, factorisation

Extracting data from these computers is tricky, making it suitable only for certain mathematical challenges. One of these is determining which two prime numbers were multiplied to create a very large number.

“While it is trivial for classical computers to generate a number by multiplying two sufficiently large numbers together, factorising that number back into the original prime numbers is extremely challenging,” says Rob Clyde, past ISACA chair and chairman of cryptography firm Crypto Quantique.

That’s why factorisation has been the linchpin for the asymmetrical encryption that underpins the RSA algorithm. For almost 50 years, it created pairs of public-private keys that people can use to communicate with each other, even if they’ve never met. It protects everything from your email to your cryptocurrency.

Quantum computers promise to unseat factorisation. While today’s supercomputers would take longer than the age of the universe to factorise a sufficiently large number, the Shor algorithm, revealed in 1994, proved that quantum computers could do it in minutes.

The race for qubits

In practice, that algorithm relies on a computer with enough qubits. Luckily for any of us with digital assets to protect, a good qubit is hard to find these days.

Qubits are fragile, existing only at temperatures near absolute zero, and even then, only for milliseconds before they break. Superposition is a difficult state to maintain. It collapses in response to most things, including minute vibrations, magnetic changes, and fluctuations in temperature.

“We’re now at the stage where much of the science behind quantum computers is being solved” Rob Clyde

Many companies are attempting to combine numerous physical qubits to create a single logical qubit that remains stable long enough to do its job. However, the more physical qubits you put together, the more susceptible they are to error due to the interference around them.

Error correction is a big problem for quantum computing research. Nevertheless, the area is advancing quickly. For example, last year Google demonstrated its Willow chip, which contains logical qubits whose errors decreased as the size of the logical qubit increased.

Ongoing developments are reducing projected physical qubit requirements. Six years ago, experts believed that breaking RSA-2048 would need 1 billion physical qubits. Google’s latest estimates suggest fewer than 1 million could suffice.

“We’re now at the stage where much of the science behind quantum computers is being solved, and nobody suspects anymore that quantum computers will not actually come in the next couple of years,” Clyde warns.

So the question isn’t whether quantum computers will break encryption. Schor already settled that. The question is when.

How soon is ‘when’?

The ‘when’ question is a source of contention. In 2024, researchers at Shanghai University announced they’d factored a 50-bit RSA integer, a significant leap from previous quantum factoring attempts that maxed out at much smaller numbers. However, getting from 50-bit to 2048-bit quantum decryption is a mammoth challenge.

In its 2024 Quantum Threat Timeline Report, the Global Risk Institute’s sample of experts predicted a 39-62% chance of a “cryptographically relevant” quantum computer within 15 years. The mid-point was 50%. On average, experts saw a 41% probability that a quantum computer would crack 2048-bit RSA within that time frame.

Preparing for q-day

Mathematicians have been preparing for the advent of powerful quantum computers that can decrypt today’s asymmetric keys. Post-quantum cryptography (PQE) uses new encryption algorithms based on problems other than factorisation that are more difficult for quantum computers to break. The US National Institute of Standards and Technology (NIST) has published various standards for PQE.

“Getting from 50-bit to 2048-bit quantum decryption is a mammoth challenge”

Some institutions are forging ahead. For example, the BIS Innovation Hub organised Project Leap, a project to create quantum-safe communications between central banks using PQE for payment purposes. It is now expanding its initial successes to support broader network architectures and more hardware, supporting more central bank processes.

Concerted institutional efforts notwithstanding ISACA’s 2025 Quantum Computing Pulse Poll revealed a worrying lack of preparation. Of the 2,685 global digital trust professionals it surveyed, 62% worry that quantum computers will break today’s encryption. Yet only 5% consider it a high priority for near-term planning. A full 95% lack any kind of quantum roadmap.

The expertise problem compounds the issue. Only 7% of cybersecurity professionals have a strong understanding of NIST’s post-quantum standards, while 44% have never heard of them.

The other problem facing organisations is the cost of moving to PQE. “Most importantly, they are significantly more expensive, at least in terms of storage and transmission,” says Yevgeniy Dodis, professor of computer science at New York University. ML-KEM, NIST’s standard for general PQE, has a relatively high storage and transmission overhead compared to other encryption mechanisms, he warns.

Dark harvest

Organisations might have other priorities, but the threat of quantum decryption is already here. Attackers are already stealing encrypted data on the assumption that they will unlock its secrets when powerful enough quantum computers become available. This strategy, known as “harvest now, decrypt later” (HNDL), is a concern for 56% of respondents to the ISACA survey.

Clyde points out that some of the stolen data has a long lifespan. “A typical example would be health records. They actually are considered sensitive until, I think, 25 years after your death, so those have very long shelf life.” Research data and government intelligence is likely to still have plenty of value to the right nation state when it can finally decrypt it.

Michele Mosca, author of the Global Risk Institute’s report and co-founder of evolutionQ Inc, warns that HNDL is a pivotal threat to businesses because digital key signatures are so foundational to security.

“If you can fake signatures, if you can get people’s private keys, the attacks can really lead to the shutdown of your infrastructure,” he says.

Mosca advises starting to address the problem immediately: “At the very least, start planning, figuring out where your cryptographic assets are, figure out where your most sensitive ones are and start with those,” he says, “much like we did for Y2K years ago.”

He also advocates for agility (the ability to switch between cryptographic technologies as needed), along with defence in depth. The latter means using extra technologies to help protect more critical assets. Those extra mechanisms include symmetric keys, which are more secure than asymmetric keys and provide longer-term security. In the future, he also suggests quantum key distribution, which uses specialised quantum-capable hardware to manufacture symmetric keys that can be exchanged over a distance. Such technologies are already available today, but they’re far from mainstream.

Don’t look up?

Unlike Y2K’s fixed deadline, no one knows when the day of reckoning will come for quantum decryption. In that way, it’s somewhat similar to climate change; we know it’s coming and we know that the implications will be severe. But for many people, there always seems to be something more pressing and easier to think about right in front of them.