A hot potato: Google has reignited debate over the future of digital security, revealing that the hardware needed to break widely used encryption could be closer than previously thought. The research, led by Craig Gidney and posted to the preprint server arXiv, shows that a 2,048-bit RSA encryption key – a standard for online security – could be cracked in less than a week by a quantum computer with fewer than one million noisy qubits.
The finding is a dramatic reduction from earlier estimates that put the requirement at around 20 million qubits just a few years ago.
For now, the million-qubit quantum computer remains a goal rather than a reality. However, the pace of progress in the field means the transition to quantum-resistant security measures can no longer be considered a distant concern. The study provides a blueprint for what a future attack might look like and serves as a call to action for the global security community to prepare for a post-quantum world.
This new estimate is a result of advances in both quantum algorithms and error correction methods. Since Peter Shor's 1994 discovery that quantum computers could factor large numbers far more efficiently than classical computers, scientists have sought to determine precisely how much quantum hardware would be required to compromise real-world encryption.
Gidney's latest work builds on recent algorithmic breakthroughs, such as using approximate modular exponentiation, which significantly reduces the number of logical qubits required. The study also incorporates a denser model for storing error-corrected qubits, leveraging techniques such as "yoked surface codes" and "magic state cultivation" to reduce the physical resources required.
Despite these improvements, the hardware described in the study remains beyond what currently exists. Current quantum computers operate with only hundreds or thousands of qubits, far short of the million-qubit mark. For example, IBM's Condor and Google's Sycamore, with 1,121 and 53 qubits respectively, exemplify the current capabilities of quantum computing.
The hypothetical machine would need to run continuously for five days, maintain extremely low error rates, and coordinate billions of logic operations without interruption.
Although such performance is currently unavailable, major quantum hardware companies have outlined plans to achieve these scales within the next decade. IBM has set a target to build a 100,000-qubit quantum computer by 2033, in partnership with the University of Tokyo and the University of Chicago. Quantinuum, as another example, has stated its goal to deliver a fully fault-tolerant, universal quantum computer by the end of the 2020s, specifically targeting 2029 for its Apollo system.
The security implications are significant. RSA and similar cryptographic systems underpin much of the world's secure communications, from banking to digital signatures. The study's findings reinforce the urgency of moving to post-quantum cryptography (PQC) – new standards designed to withstand attacks from quantum computers.
Last year, the US National Institute of Standards and Technology released PQC algorithms and recommended phasing out vulnerable systems after 2030.
Gidney's research does not suggest that quantum computers capable of breaking RSA encryption are imminent. Instead, it emphasizes the importance of proactive planning. The study offers a more realistic target for hardware designers and policymakers, narrowing the gap between theoretical attacks and practical threats.
It also underscores a long-held principle in cryptography: as technology advances, so too do the methods for breaking it. Algorithmic improvements and better hardware-software integration continue to lower the barriers for potential attackers.