The takeaway: Experts have long warned about the threat that conventional cryptography faces from quantum computers, potentially undermining the foundational security of all digital encryption. New research now suggests that cryptographically relevant quantum computers (CRQC) can crack both RSA encryption and elliptic curve cryptography (ECC) far sooner than previously believed, making widely used encryption security systems vulnerable to attacks.
According to a study by engineers at Caltech and the UC Department of Physics, quantum computers do not need to be nearly as powerful as previously believed to crack the most advanced cryptographic technologies. The research claims that Shor's algorithm could break RSA public-key encryption using quantum computers with just 10,000 atomic qubits – far fewer than the millions previously predicted by scientists.
The researchers also showed that a quantum computer with just 26,000 physical qubits could crack RSA-2048 in about seven months and ECC-256 in only 10 days. Most blockchain technologies and cryptocurrencies, including Bitcoin and Ethereum, use elliptic curve cryptography (ECC) for security, making them vulnerable to attacks if quantum computing becomes financially and technologically viable in the real world.
A study published by Google Research this week further suggests that cracking ECC could require fewer than 500,000 physical qubits - about 20 times fewer than earlier projections. As a proof of concept, the researchers compiled two quantum circuits to implement Shor's algorithm, which was developed by American mathematician Peter Shor in 1994 and is considered to be one of the few known quantum algorithms with compelling potential applications in the real world.
The first circuit used fewer than 1,200 logical qubits and 90 million Toffoli gates, while the second used fewer than 1,450 logical qubits and 70 million Toffoli gates. The study suggests that these circuits can be executed on a quantum computer within a matter of minutes to break the 256-bit elliptic curve discrete logarithm problem (ECDLP-256) that underpins ECC security. However, achieving circuits of this scale could take some time, as modern quantum hardware tops out at 48 logical qubits.
Google's cryptography researchers recently warned that ECC needs to be replaced with post-quantum cryptography by 2029 to ensure foolproof digital security. This is much sooner than the 2033 deadline set by the US government for full quantum readiness. The company also announced plans to make Android quantum-resistant by adding support for ML-DSA – a digital signature algorithm standardized by the US National Institute of Standards and Technology – in Android 17.