Q-Day Moved Closer: PQC Migration Timelines Just Shifted Left

For years, information security practitioners have viewed Q-Day – the moment quantum computers become powerful enough to break modern encryption – as a medium-term milestone. However, the events of the past 48 hours, coupled with the rapid theoretical advances of 2025, may have fundamentally shifted the landscape to a near-term threat.

The window for migration to Post-Quantum Cryptography (PQC) has potentially been moved from 2035 to 2029, as existing quantum computers are now at a relatively small jump from being able to become cryptographically relevant.

Our critical national infrastructure depends on RSA and other security protocols. Once these are broken there is fundamental breakdown of the banking network, the telco network, e-commerce, government secrets and other key functions. In addition, all blockchain and cryptocurrencies depend on the hardness of cracking RSA, ECC and related security protocols.  All these will fall once quantum computers achieve the scale needed to crack them. 

How PQC qubit requirements dropped from 20 million to 1 million in 2025

Let us first look at where we stood before. In 2024/2025, a line of work proposed significant improvements to Shor’s algorithm, the quantum algorithm capable of factoring integers and solving discrete logarithms, and thus capable of breaking today's public key cryptography. Factoring integers would break RSA signatures, finding discrete logarithms  would break elliptic-curve cryptography securing most of Internet traffic today. The two cost dimensions for Shor’s algorithm are space (the number of qubits) and time (how long we have to wait for an answer).

Previously, it was estimated that factoring a 2048-bit RSA integer would require roughly 20 million noisy qubits. This was a decent security margin for many, as hardware was (and is) in the 100-1,000+ qubit range. 

However, several key theoretical advances lowered that target by a factor of 20 by using better algorithms on the factoring level and better error correction on the qubit level. It was estimated that a quantum computer with less than 1 million noisy qubits could break RSA-2048 in roughly one week. The engineering challenge was becoming an operational reality, but still represented an engineering challenge to scale to 1 million qubits. 

‍The new approach: 10,000 qubits could break modern cryptography

That buffer might now have mostly vanished. A major new proposal is promising to redefine the requirements for running Shor’s algorithm.

• For breaking elliptic-curve cryptography (P-256) these new estimates are between 10,000 and 26,000 qubits with a running time in the order of a week. 
• For factoring RSA-2048 with between 11,000 and 14,000 qubits, the runtime would be between 10 and 100 times longer, with roughly 100,000 qubits the runtime is estimated to be roughly 100 days.

However, it is worth noting that these 10,000 qubits are for a rather different architecture compared to the 1,000,000 qubit estimates discussed above. Still, if these results are confirmed, this is no longer a distant theoretical threat; current quantum hardware is already remarkably close to this threshold.

The results highlight that neutral-atom systems are a promising platform for fault-tolerant quantum computing. While substantial engineering challenges remain, the theoretical analysis suggests that transitioning to post-quantum cryptographic standards is urgent, as these systems could break widely used encryption (RSA-2048, ECC-256) within days or months rather than years.

The quantum gap appears to have narrowed so significantly that we can no longer rely on the slow, linear scaling of hardware to protect us. Algorithms and architectures are evolving fast.

Neutral-atom architecture and LDPC codes: why the timeline shifted

The proposal is for fundamental improvements in both architecture and error correction:

• Neutral-Atom (Rydberg) Architecture: Unlike alternative approaches, this architecture allows us to move atoms and reconfigure connectivity between any qubit pair on the fly.
• Low-Density Parity Check (LDPC) Codes: Because the Rydberg architecture removes the need for local-only connectivity, the new proposal drops traditional surface codes in favor of LDPC codes. These codes offer a much higher ratio of logical to physical qubits. 
• Hardware Readiness: Experimental, and not yet usable, hardware milestones have already demonstrated 6,000+ coherent neutral atoms (though without computation). With a requirement of only 10,000, the target seems to be now within short-term reach.

These advances could have implications far beyond breaking cryptography. For years, surface codes were the standard for converting noisy physical qubits into reliable logical qubits. However, they suffer from a significant overhead-to-noise ratio, which necessitates a massive number of physical qubits for almost any computation.

To coding experts, the inefficiency of surface codes is logical; they are limited by physical constraints where bit correction is only influenced by immediate neighbors. This limitation is a product of traditional quantum hardware, which is restricted to local coherence and local operations.

However, developing a quantum architecture that allows qubits to be moved and their connectivity to be reconfigured is revolutionary. If we can facilitate interactions between any pair of qubits, the constraints of surface codes disappear, allowing us to utilize the most efficient codes available. This innovation introduces new theoretical challenges, such as balancing qubit movement with code performance. These improvements may not only reduce qubit requirements but also enhance computation speeds and reduce the duration a quantum system must remain stable – advancements that are both theoretically significant and practically vital.

The industry response: Google’s aggressive 2029 target

The world's tech giants are sounding the alarm. Google has recently announced a significant acceleration of its Cryptography Migration roadmap. Where the gold standard for cryptography migration was to aim for 2031-2035, Google is now aiming for 2029 – just three years away.

This aggressive shift is driven by a change in the threat model. We cannot just focus on improving key exchange algorithms to protect against the Store Now, Decrypt Later threat, where malicious actors are already harvesting encrypted data today, waiting for the moment they can use a 10,000-qubit machine to unlock it. Indeed, with a much closer deadline, we also need to migrate all our PKIs, and all our supply chain's PKIs much sooner than expected, which is definitely a task that requires immediate attention.

Why PQC migration can't wait

These events show that the timeline for quantum-readiness is not under our control. Algorithmic  breakthroughs can – and do – unpredictably lower the barrier to entry for attackers.

We must move our Public Key Infrastructures (PKIs) now.  There is much to be done for the migration and the world’s quantum computers are already at the door.

For more information on how to secure your infrastructure against quantum threats, visit aqtiveguard.com/cryptography-pqc ‍