Insider Brief
- 2026 marks a turning point in quantum security as estimates for breaking encryption have dropped significantly, narrowing the gap to practical attacks.
- The “harvest now, decrypt later” threat and evolving regulatory timelines are increasing urgency for organizations to migrate to post-quantum cryptography.
- Governments, enterprises, and technology providers are accelerating preparation efforts, including standards adoption and cryptographic inventory planning.
The timeline for quantum computers breaking modern encryption has compressed significantly. Research published between May 2025 and March 2026 shows that breaking widely used cryptographic systems now requires far fewer quantum bits than previously thought.
In 2019, experts estimated it would take around 20 million physical qubits. By 2025, that number dropped to under 1 million. By early 2026, some researchers suggest it could be as low as 100,000 qubits under certain conditions. For elliptic curve cryptography (the system protecting Bitcoin and most digital signatures), Google researchers estimated fewer than 500,000 qubits.
These are still theoretical estimates. The quantum computers needed to carry out these attacks do not exist yet. But the gap between what exists today and what would be needed to break encryption has narrowed considerably.
The past 18 months represent one of the more notable changes in quantum threat assessment in recent years. For organizations that have treated quantum security as a long-term consideration, these developments suggest that timelines may need to be revisited.
2026 has been declared the “Year of Quantum Security,” by an industry coalition, with launch events in January 2026 featuring senior officials from the FBI, NIST, and CISA. The designation reflects growing coordination across government, industry, and critical infrastructure to accelerate awareness and preparedness.
Resource Estimates Are Changing Faster Than Expected
In 2019, researchers Craig Gidney and Martin Ekerå estimated that a fault-tolerant quantum computer would require approximately 20 million physical qubits to factor a 2048-bit RSA key in about eight hours. RSA-2048 is the encryption standard protecting most internet banking, email, and digital certificates. This estimate became a widely cited benchmark across industry and government planning.
Recent work has revised that picture.
In May 2025, Gidney published a follow-up analysis showing that RSA-2048 factoring could be done with fewer than one million physical qubits in under a week. That’s roughly 20 times fewer qubits than the 2019 estimate. The reduction came from improvements in algorithm design and error correction efficiency, not from changes in hardware assumptions. The paper used the same error rates, connectivity constraints, and physical parameters as the 2019 work. The improvement was purely in how efficiently the algorithm uses the quantum computer.
Security planners began updating their risk models.
In early 2026, researchers at Iceberg Quantum proposed the Pinnacle architecture, which uses quantum low-density parity-check (QLDPC) codes instead of traditional surface codes. Under specific assumptions that have not yet been validated at scale, this approach suggests that RSA-2048 factoring could require fewer than 100,000 physical qubits. That would represent another 10-fold reduction.
In March 2026, researchers from Google Quantum AI, the Ethereum Foundation, and Stanford University published a whitepaper exploring attacks on elliptic curve cryptography. Their results show that solving the problem for widely used curves such as secp256k1 could require fewer than 500,000 physical qubits, with reported resource figures suggesting roughly 20 times fewer resources than previous estimates for breaking elliptic curve cryptography.
The paper presented two optimized quantum circuits for the 256-bit problem. One variant uses no more than 1,200 logical qubits and 90 million Toffoli gates. The other uses no more than 1,450 logical qubits and 70 million Toffoli gates. Both represent roughly 20 times fewer resources than previous estimates for breaking elliptic curve cryptography.
Recent estimates show a consistent pattern:
- 2019: 20 million qubits for RSA-2048
- 2025: Under 1 million qubits for RSA-2048
- 2026: Potentially under 100,000 qubits (QLDPC architecture, early-stage)
- 2026: Under 500,000 qubits for elliptic curve cryptography (per industry reporting)
Each revision represents a reduction of roughly 10 to 20 times from the previous benchmark. The improvements come from better algorithms, better error correction codes, and more efficient ways to compile quantum circuits. These projections remain sensitive to assumptions around error rates, qubit connectivity, and fault-tolerant overhead.
Why This Shift Matters
The reduction in resource estimates changes how organizations evaluate risk.
Today’s quantum processors operate in the hundreds to low thousands of physical qubits. Google’s Willow chip, announced in December 2024, has 105 qubits. IBM’s roadmap targets systems with thousands of qubits by the late 2020s. The gap to fault-tolerant systems capable of breaking encryption remains substantial, but recent estimates have reduced the scale difference compared to earlier projections.
The “harvest now, decrypt later” risk model gains credibility. Adversaries can collect encrypted data today and store it until quantum capabilities mature. This matters for data with long confidentiality requirements: government communications, healthcare records, intellectual property. Organizations protecting data that must remain confidential into the 2030s or beyond may need to evaluate earlier action. By the time quantum computers capable of breaking encryption arrive, adversaries may already possess years or decades of recorded communications.
Migration timelines become more pressing. Cryptographic transitions typically take years due to legacy systems, embedded infrastructure, and supply chain dependencies. While hardware progress remains incremental, the required scale for attacks has decreased significantly. Organizations that delay migration may face tighter timelines as technical and regulatory pressures converge.
What “Year of Quantum Security” Means in Practice
The “Year of Quantum Security” reflects increased alignment across standards bodies, governments, and industry stakeholders.
In August 2024, NIST finalized three post-quantum cryptographic standards which are intended to replace existing systems such as RSA and elliptic curve cryptography. In March 2025, NIST also selected HQC as a backup key encapsulation mechanism. This adds redundancy in case vulnerabilities emerge in the primary lattice-based schemes.
Regulatory timelines are beginning to take shape NIST guidance (NIST IR 8547) suggests phasing out quantum-vulnerable algorithms after 2030 and disallowing them after 2035. The NSA’s Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) requires all new national security systems to be quantum-safe by January 2027. The Quantum Computing Cybersecurity Preparedness Act mandates that federal agencies inventory vulnerable systems and report migration progress annually.
For organizations working with government or critical infrastructure, these are compliance requirements with contractual and regulatory consequences.
The Cost of Delayed Migration
Transitioning to post-quantum cryptography requires time and resources. Identifying where cryptographic systems are deployed across an organization can take months or longer, particularly in large or legacy environments. Implementation, testing, and validation add years to the timeline. Vendor capacity, skilled talent, and consulting resources are already constrained.
Early adopters face the challenges of working with immature tooling and limited vendor support. Organizations that delay may encounter tighter timelines, increased competition for specialized resources, and greater operational risk. Costs and resource constraints are expected to increase as demand accelerates.
The difference is not just cost, but flexibility. Early action allows for controlled implementation and phased rollouts. Delayed action may require compressed timelines under external pressure.
How Organizations Are Responding
Government contractors and critical infrastructure providers are moving in response to regulatory expectations. The NSA’s 2027 deadline for national security systems forces action across the defense industrial base. Financial institutions are assessing exposure and piloting post-quantum systems. Telecommunications providers are evaluating long-term implications for 5G and future 6G deployments.
Organizations managing long-lived sensitive data are beginning to assess risk under the “harvest now, decrypt later” model. Healthcare providers, legal firms, and research institutions all manage information with confidentiality horizons extending decades into the future. Patient records, attorney-client communications, and proprietary research all fall into this category.
Technology companies have begun piloting or integrating post-quantum approaches. Apple has integrated post-quantum cryptography into iMessage. Cloudflare piloted post-quantum TLS connections and reported that the majority of human-generated traffic on its network achieved post-quantum encryption by late 2025. The company is now accelerating its post-quantum roadmap, targeting 2029 for full post-quantum security, including post-quantum authentication. Similarly, Google also announced a 2029 internal deadline for post-quantum migration across its infrastructure.
Where to Begin
According to NIST’s Migration to Post-Quantum Cryptography project, the starting point for most organizations is cryptographic discovery and inventory. NIST guidance states that “knowing the extent, location, and use of the current cryptography that you have employed will allow you to understand what needs to be migrated.”
Cryptographic systems are embedded across infrastructure: TLS certificates, VPNs, firmware, hardware modules, and third-party dependencies. Many organizations lack a complete inventory of where and how encryption is used.
NIST IR 8547, the transition plan for post-quantum cryptography standards, outlines the expected approach for federal agencies and industry. The document identifies quantum-vulnerable cryptographic standards currently in use and the quantum-resistant standards that will replace them. It notes that organizations must identify where vulnerable algorithms are deployed and plan to replace or update them.
The UK’s National Cyber Security Centre similarly emphasizes that migration activities should begin with understanding current cryptographic deployments, particularly for organizations operating critical national infrastructure or bespoke IT systems.
Industry frameworks from the Financial Services Information Sharing and Analysis Center (FS-ISAC) provide additional guidance on cryptographic inventory and risk modeling specific to the financial sector. Their technical papers outline methods for infrastructure inventory and risk assessment tailored to organizations with complex legacy systems.
These processes are iterative and often span multiple years. Organizations that begin in 2026 have time for methodical planning. Those that delay face more constrained options.
A Narrowing Transition Window
Recent research has reduced the estimated resources required to break widely used cryptographic systems. At the same time, post-quantum standards and regulatory frameworks are now in place.
The transition window is currently open, but timelines are becoming more defined. Organizations that begin assessing their exposure now are better positioned to manage the shift in a controlled manner. Those that delay may face a more constrained set of options as technical, regulatory, and operational pressures converge.
Partner with the Year of Quantum Security 2026
This article is part of The Year of Quantum Security 2026 – a year-long editorial and convening initiative produced by The Quantum Insider, covering post-quantum readiness, quantum resilience, and responsible adoption.
Organizations supporting YQS2026 – post-quantum vendors, cybersecurity providers, telcos, and critical infrastructure operators – gain year-long editorial visibility across TQI, direct access to CISOs and policymakers, and category-leadership positioning at a pivotal moment in the security transition.
Founding Partner, Global Strategic, Program Partner, and Supporting Partner tiers are open for 2026.
→ Book a 20-minute briefing with Luke Preskey, CRO
QuantumSecurity2026.org | #YQS2026
