The clock is ticking on Q-Day, the looming yet unknown date when quantum computing will have the capacity to quickly and easily break the encryption keys that keep most internet communication safe.
Experts have known about the hypothetical risk of Q-Day since the 1990s. But Google recently warned that quantum computers may be able to hack some encrypted systems by 2029 — a timeline that drastically narrows the window to safeguard data that many cybersecurity specialists had previously predicted. The new estimate means that governments, companies and other entities may have far less time to prepare.
“It’s the day when people, perhaps adversaries, will have access to a quantum computer that can break cryptographic codes that are in use,” said Michele Mosca, cofounder and CEO of cybersecurity company evolutionQ.
Q-Day marks the moment a quantum computer gains enough resources and stability to crack conventional crytopgraphy. When that happens, every financial transaction, medical file, email, location history and crypto wallet protected by today’s commonly used algorithms could be unlocked by a machine capable of solving the complex math that currently keeps sensitive data secure.
At that game-changing turning point, “everything’s safe — safe, safe — and then suddenly it’s not safe. It’s a very drastic jump,” said Mosca, who is also a professor at the Institute for Quantum Computing at the University of Waterloo in Ontario.
Adversaries and bad actors may already be collecting encrypted data, with the intention of launching “harvest now, decrypt later” attacks. In this scenario, information is stolen, stored and then decrypted when a full-scale quantum computer is available, he added.
Mosca has coauthored the Quantum Threat Timeline Report, published by the Global Risk Institute in Toronto, since 2019. The seventh edition, published March 9, suggested a full-scale, cryptographically relevant quantum computer was “quite possible” within the next 10 years, and “likely” in the next 15. Mosca and his coauthor based their prediction on the opinions of 26 experts.
“Many organizations may be unaware that they are currently exposed to an intolerable level of risk that requires urgent action,” the report authors wrote.
Google said on March 25 that it was targeting 2029 “to secure the quantum era” with post-quantum cryptography. The timeline reflected advances in the quantum computing field, the company said. “By doing this, we hope to provide the clarity and urgency needed to accelerate digital transitions not only for Google, but also across the industry,” it noted in a blog post. Similarly, cloud computing services company CloudFlare announced it was also now targeting 2029. Google declined an interview request.
Cryptography is the invisible plumbing that keeps the global economy spinning. Most internet security — think of the tiny padlock symbol in your internet browser — is currently based on encryption that relies on a quirk of math. While multiplying numbers is relatively easy, the inverse of that process — factorizing — is not.
RSA cryptography — named after its creators Ron Rivest, Adi Shamir and Leonard Adleman — is one of the most common encryption algorithms and uses this approach. The Quantum Threat Timeline Report defines a cryptographically relevant computer as one that could, for example, break RSA encryption in 24 hours.
Quantum computing isn’t simply a more powerful or faster version of the computers in use today. This form of processing works in a fundamentally different way.
Unlike standard computers that process information sequentially using bits (0 or 1), quantum computers employ quantum bits — “qubits” — that can represent 0, 1 or both simultaneously. Known as superposition, this property enables quantum machines to hold and process more complex information.
The main challenge the field needs to overcome is making more stable physical qubits. These sensitive components typically only function in extremely cold, high-vacuum environments — conditions that help keep them stable and less prone to errors during calculations.
Future quantum computers may be capable of breaking the second-generation cryptography that protects cryptocurrency and other systems with far fewer qubits than previously realized, according to a March report. The paper was coauthored by Google employees and academics at the University of California Berkeley, Stanford University, and Ethereum Foundation, a nonprofit that supports the Ethereum blockchain.
Known as elliptic curve cryptography or ECC, the encryption technique uses more obscure math than the RSA algorithm; it relies on equations that can be represented as curved lines on a graph, and generates encryption keys based on different points on the line.
Google said in a March 31 blog post that the research team found an approximately 20-fold reduction in the number of physical qubits needed to solve the fundamental math puzzle that underpins ECC. The company added it developed a new method to describe the security vulnerabilities that future quantum computers present, “so they can be verified without providing a roadmap for bad actors.”
Most blockchain technologies and cryptocurrencies currently rely on elliptical curve cryptography for critical aspects of their security, the Google post said. While viable solutions exist, the post added “they will take time to implement, bringing increasing urgency to act.”
The paper has not yet been peer-reviewed, but it can be considered a “warning shot,” particularly to the cryptocurrency community, said Catherine Mulligan, a visiting academic and research fellow at the Institute for Security Science and Technology at Imperial College London.
“Cryptocurrencies are inherently incredibly decentralized,” she said. “The issue is in order to upgrade, you have to get people to agree, and you have to get consensus among the actual engineers to upgrade, and then they tend to argue a lot about how they’re going to do that upgrade,” Mulligan said.
The good news, she explained, is that governments, including the United States and the United Kingdom, have published standards for post-quantum cryptography.
These guidelines primarily involve software upgrades that rely on math “orders of magnitude more complex” to solve than traditional approaches, Mulligan said. In addition, some companies and governments may pair that with quantum key cryptography, particularly for highly sensitive information.
Quantum key cryptography allows two parties aiming to share sensitive data to establish a secure encryption key with secrecy ensured by the laws of physics, not the computational difficulty of a mathematical problem.
The protocol, first conceived in the 1980s by this year’s winners of the Turing Prize, involves using photons of light to create a secret key between two parties. However, the method involves specialist hardware that can make it more expensive and difficult to deploy.
Some researchers compare the quantum threat with Y2K, or the millennium bug, a computer flaw that programmers thought might cause severe systemic problems after December 31, 1999.
When the first computer programs were being written, engineers used a two-digit code for the year because in those days data storage was costly. For example, for the year 1977, the date read 77. As the year 2000 neared, programmers realized that computers might not interpret 00 as 2000, but as 1900, potentially causing disruption.
“I know that we have these doomsday scenarios, where we are sort of scaring everybody,” Mulligan said. “I’m old enough to remember Y2K. Basically, the reason there was no Y2K is everyone worked hard enough to make sure we didn’t have it.” Mulligan said she thought that’s what would probably happen with the quantum threat to cybersecurity.
However, whether the new threat will be tackled with similar urgency is unclear. Just over 90% of businesses still lack a road map for handling quantum security threats, according to data cited by McKinsey.
The potential costs of not preparing adequately are eye-watering.
A 2023 report by the Hudson Institute, a US conservative think tank, estimated that a quantum computer cyberattack on the Federal Reserve’s Fedwire Funds Service — its interbank payment system — could trigger a financial collapse and result in a six-month economic recession.
Dustin Moody, a mathematician involved in post-quantum cryptography at the National Institute of Standards and Technology, a US federal agency, said big, multinational companies were well aware of the threat and “moving pretty quickly.” However, he said there was a limit to the action individuals and small companies could take.
“Everyone should be concerned and worried about it,” Moody said.
“What does the average person need to do? Nothing. I mean, they need to rely on their technology providers and so forth to handle this change for them,” he said.
“Similarly with smaller mom-and-pop companies, they themselves don’t need to do too much, as long as they just make sure that the products they’re using, they talk to providers and say, ‘There’s this quantum threat, have you taken care of it?’” he added.
The White House recommends 2035 as the year entities should aim to have adopted post-quantum cryptography, Moody said. NIST finalized a set of encryption algorithms in 2024 designed to withstand cyberattacks from a quantum computer.
“If everyone were to migrate on time, we’d be in good shape, but the problem is that’s not going to happen in the real world,” he said. “We’ve had cryptographic migrations in the past, switching from one algorithm to another, typically that takes anywhere from 10 to 20 years, and this migration is going to be more complicated and more costly than the previous ones. So, if a quantum computer comes out in five years, the transition will not be done yet.”
What’s more, while organizations adopt quantum-safe protection, doing so only will defend future data against the quantum threat, Moody and Mulligan noted, given the risk that “store now, decrypt later” attacks may already be in the works.
Electronic health records, which contain long-term medical histories and genetic information, could be prime targets for these types of attacks. “The thing is, you can upgrade your software, but you can’t really upgrade your DNA,” Mulligan said.
Seoyoon Jang, a doctoral student in electrical engineering and computer science at the Massachusetts Institute of Technology, is working to protect wireless biomedical devices, such as insulin pumps and pacemakers, from potential quantum attacks. These tiny, widely used devices are usually too power-constrained to run the computationally demanding security protocols necessary in a post-quantum world.
She sets out a worst-case scenario in which the external device, often a smartphone that wirelessly connects to the insulin pump to regulate dosage, is hacked. “Imagine, it would be so easy to send a command: ‘Hey release lethal dosage.’ We have to actually care about this,” she said.” “As we move into remote health monitoring, these devices will be everywhere.”
Together with her colleagues, Jang has engineered an ultra-efficient microchip, around the size of an extremely fine needle tip, that includes built-in protection needed for post-quantum cybersecurity. The device achieved between 20 and 60 times higher energy efficiency than other post-quantum security techniques they compared it with. The microchip has a smaller area than many existing chips.
The work was in part funded by the Advanced Research Projects Agency for Health or ARPA-H, which Jang said planned to commercialize the technology. “My chip is as far as I know, it’s the first to actually try to bridge the gap here,” she said. ARPA-H is part of the US Department of Health and Human Services.
The latest Quantum Threat Timeline Report said it’s particularly hard to evaluate quantum risk to cybersecurity because “under the radar” research efforts — by secret state-backed labs, companies operating in stealth or malicious private actors — could mean that advances in quantum computing are hidden from view.
“Since covert successes would remain invisible for some time, it is safer to assume that the true threat could be closer than what can be inferred from open publications alone,” the report said.
“The real Q-day may occur before the world becomes aware of it, as states or bad actors potentially seek to use this knowledge to their strategic advantage.”
Sign up for CNN’s Wonder Theory science newsletter. Explore the universe with news on fascinating discoveries, scientific advancements and more.
