The clock on the internet’s encryption just sped up. New research from Google has slashed the estimate of how powerful a quantum computer needs to be to break the encryption that protects banking, communications and state secrets — bringing the feared ‘Q-Day’ closer and triggering a global race to replace cryptography before it is too late.
The breakthrough that shrank the threat
The alarm comes from the math. Craig Gidney of Google Quantum AI published a paper showing that a quantum computer with fewer than one million noisy physical qubits could factor a 2048-bit RSA integer in under a week — a dramatic revision of his own 2019 estimate of 20 million qubits. RSA-2048 underpins much of today’s secure communication, so cutting the requirement twentyfold makes the threat feel far more imminent.
What Q-Day means
‘Q-Day’ is the hypothetical moment a quantum computer can break widely used public-key encryption. When it arrives, secrets protected by RSA and similar schemes — financial records, trade secrets, classified communications — could be exposed. The danger is not purely future: adversaries are already harvesting encrypted data today, betting they can decrypt it later once quantum machines mature. It is an ongoing ‘harvest now, decrypt later’ intelligence campaign.
The race to go quantum-safe
The response is a scramble toward post-quantum cryptography (PQC). 2026 has been dubbed the ‘Year of Quantum Security,’ backed by the FBI, NIST and CISA, with the US, China and Europe refreshing national quantum programs. Google is baking PQC into its products — Android 17 is integrating the ML-DSA digital-signature algorithm alongside earlier post-quantum support in Chrome and Cloud — and has set a 2029 deadline to move to quantum-safe cryptography.
Deadlines with teeth
Governments are setting hard timelines. The NSA’s CNSA 2.0 framework mandates that all new national security systems be quantum-safe by January 2027. These deadlines reflect a sober assessment: migrating the world’s encryption is a years-long, enormous undertaking, and organizations that wait until Q-Day arrives will already be too late. The work of swapping out vulnerable algorithms must happen now.
Why it matters
This is a rare case of cryptographers racing a clock they cannot precisely see. The exact arrival of a cryptographically relevant quantum computer is uncertain, but the cost of being unprepared is catastrophic. Every bank, government and tech company faces a massive migration, and the ‘harvest now’ threat means data stolen today is already at risk. The transition to PQC is among the most consequential infrastructure projects of the decade.
The bottom line
Google’s research has brought Q-Day closer by showing encryption could fall to smaller quantum machines than expected — and the world is responding with deadlines, new algorithms and a ‘Year of Quantum Security.’ The race is on to replace vulnerable cryptography before quantum computers can break it, and the time to act, experts warn, is already here.
Photo: MDGovpics / BY via flickr