Thirty years ago, a mathematician named Peter Shor produced a brief paper that subtly changed the course of history. At the time, the idea of creating a computer that followed the peculiar logic of quantum mechanics was a half-serious science curiosity.
His algorithm accomplished something that no one could have predicted. It explained how arithmetic problems that would take billions of years for classical computers could be solved in a matter of hours by a quantum machine, assuming one ever existed. By historical coincidence, those issues were the ones supporting the entire digital trust architecture.
| Subject | Quantum Threat to Encryption — Key Information |
|---|---|
| Origin of the threat | Shor’s algorithm, devised by mathematician Peter Shor in 1994 |
| Founding institution behind early breakthroughs | Bell Labs / MIT (Peter Shor’s affiliations through the 1990s) |
| Recent design announcement | Caltech team led by physicist Dolev Bluvstein, who founded the startup Oratomic |
| Estimated qubits needed (originally) | Roughly a billion physical qubits |
| Updated estimate (2025) | Tens of thousands of physical qubits, per the Caltech proposal |
| Google’s contribution | A new implementation of Shor’s algorithm reported as ten times more efficient than prior methods |
| Encryption standards at risk | RSA-2048, ECC, Diffie-Hellman key exchange |
| Defensive standard | Post-Quantum Cryptography (PQC), first standardized by NIST in 2024 |
| Active mitigation effort | Google’s PQC rollout in Chrome and internal infrastructure since 2016 |
| Known attack pattern | “Store now, decrypt later” — adversaries collecting encrypted data today for future decryption |
| Expert quoted | Nikolas Breuckmann, mathematical physicist, University of Bristol |
| Current quantum hardware capacity | A few hundred qubits in most leading machines |
The majority of folks still miss that section. Nearly all banking sessions, encrypted messages, and logins are predicated on the idea that factoring huge integers is practically difficult. Shor demonstrated the conditional nature of the assumption. It relied on a machine that had not yet been constructed. That contraption remained securely out of reach for thirty years, more of a thought experiment than a menace. It was once believed by physicists that Shor’s algorithm would require a billion qubits. A hundred million after that. Next, a million. Silently, the number continued to decline, much like deadlines do when you’re not paying attention.
Two announcements in recent months have brought the deadline closer in ways that even the people working on it were shocked by. A Caltech team under the direction of Dolev Bluvstein released a concept that suggested the bar may be as low as tens of thousands of qubits. Since then, Bluvstein has founded a business called Oratomic, which is a really tangible step for a field that often deals with long-term documents.
At about the same time, Shor’s algorithm was touted by Google researchers as being about ten times more efficient than anything that had been done before. Today, neither group is able to crack encryption. However, eras are no longer used to quantify the difference between the theoretical and the buildable. Product cycles are used to measure it.
Speaking with individuals in the field seems to have changed the focus from if to when and how soon. Mathematical scientist Nikolas Breuckmann of Bristol, who was not engaged in either study, stated rather frankly that politicians should probably stick it to the wall: if you have secrets, start looking for alternatives. When you consider that enemies are already using what’s known as “store now, decrypt later”—vacuuming up encrypted communication today on the wager that, in around ten years, they’ll have the capability to read it—the advise seems dramatic. The worst form of attacks are patient attacks.
Though it doesn’t often receive the same attention, the defense hasn’t been inactive. In 2024, NIST completed its initial set of post-quantum cryptography standards, which were the outcome of a protracted and occasionally acrimonious global competition between mathematicians who proposed alternative algorithms.
Since 2016, Google has been moving Chrome and its internal infrastructure in the direction of those standards, well before the majority of CISOs gave it much thought. The term “crypto agility” is frequently used. While it may sound like a catchphrase, it actually refers to a real engineering challenge: switching cryptographic primitives between millions of services without causing any problems.
The uneven distribution of the urgency is what makes this period peculiar. The atmosphere at quantum labs is almost optimistic; as Bluvstein stated, “we’re actually going to do this.” The atmosphere in cryptography circles is more akin to a long breath. The majority of businesses, particularly banks, are in the middle, vaguely aware that they should be migrating but unsure of when the alarm should sound.
It’s difficult to deny the similarities to other security changes, such as Y2K, the deprecation of SHA-1, and the gradual shift to TLS 1.3, where warnings were issued years in advance and mostly disregarded until they couldn’t be. Quantum may behave in a similar way. Or it might not. The truth is that no one really knows yet, and that ambiguity is the story in its own right.
