Right now, your online data is protected by encryption so robust that all the world’s supercomputers working together for thousands of years couldn’t crack it. That security rests on a simple mathematical fact: certain problems — like factoring enormous numbers — are effectively impossible for classical computers to solve in any reasonable timeframe.
Quantum computers could change that. And according to recent research, the moment they become capable of doing so — a milestone grimly nicknamed “Q-Day” — may be arriving sooner than anyone previously expected.
Two Races Running in Parallel
The threat to encryption is advancing on two fronts simultaneously, and it’s the combination of both that makes the situation urgent.
The first is hardware. IBM and Google are locked in a race to build ever-larger, ever-more-stable quantum computers. IBM recently unveiled a 120-qubit chip and is targeting a fully fault-tolerant system by 2029. Meanwhile, newer approaches are gaining ground — light-based qubits, neutral-atom systems — with laboratory demonstrations already reaching thousands of qubits.
The second front is arguably more alarming: the algorithms used to attack encryption are getting dramatically more efficient, even before the hardware catches up.
The Numbers Are Shrinking Fast
For decades, the comfortable assumption was that breaking real-world encryption would require a quantum computer with millions of physical qubits — far beyond anything we could build for the foreseeable future. That assumption is crumbling.
In early 2026, Google’s Quantum AI team published research showing that elliptic-curve cryptography — the mathematical foundation of Bitcoin, Ethereum, and many secure communications protocols — could potentially be cracked by a quantum computer with fewer than half a million physical qubits. That’s roughly ten times fewer than earlier estimates suggested.
Separately, a collaboration between Caltech, Berkeley, and a quantum startup proposed designs suggesting Shor’s algorithm — the quantum method for breaking encryption — could run on as few as 10,000 to 20,000 atomic qubits. One of their designs estimated that a system of around 26,000 qubits could crack Bitcoin’s encryption in a matter of days.
To be clear, even these reduced figures are well beyond what any current quantum computer can do. But the direction is unmistakable: every algorithmic improvement lowers the bar, bringing the required hardware closer to what is actually being built.
What’s Actually at Risk
The most immediately vulnerable systems are those built on elliptic-curve cryptography — which includes most cryptocurrencies and a significant proportion of secure internet traffic. RSA encryption, which underpins much of the rest of the internet’s security infrastructure, requires more resources to break but is not immune.
Perhaps most unsettling is the “harvest now, decrypt later” problem. Nation-state actors and sophisticated adversaries can — and almost certainly do — intercept and store encrypted communications today, with the intention of decrypting them once quantum computers are powerful enough. Sensitive data that seems safely locked away right now may already be sitting in someone’s archive, waiting.
The Defences Exist — But Migration Takes Time
The good news is that quantum-resistant cryptography already exists. The US National Institute of Standards and Technology has standardised several post-quantum algorithms believed to be secure against quantum attacks, and has set a target of completing the transition away from vulnerable systems by 2035. Australia’s cybersecurity agency has set an even tighter deadline of 2030.
Some companies are already moving. Google Chrome and Cloudflare have begun supporting post-quantum protections in certain protocols. But the scale of the migration challenge is enormous — encryption is woven into virtually every layer of digital infrastructure, from banking to healthcare to government communications, and replacing it takes years of planning, testing, and rollout.
The Takeaway
There is no immediate crisis. Today’s encryption is not going to break tomorrow. But the comfortable assumption that Q-Day was safely decades away has been quietly eroded by a steady stream of algorithmic advances that rarely make front-page news.
The honest message from experts in the field is straightforward: the window for an orderly, planned transition to quantum-safe cryptography is open now, but it won’t stay open indefinitely. Waiting for quantum hardware to actually pose a demonstrated threat before beginning to act is not a strategy — it’s a gamble with the security of everything.