Two research papers changed the math on quantum risk. Google and Cloudflare both pulled their post-quantum cryptography readiness deadlines forward to 2029, roughly five years ahead of where they had been sitting.

What the Papers Actually Said

The acceleration came from two separate research directions, both pointing at the same uncomfortable conclusion: breaking widely-used encryption may require far fewer qubits than anyone assumed.

Oratomic researchers showed that 256-bit elliptic curve cryptography (ECC) could be broken using neutral atoms with as few as 10,000 physical qubits. Previous lowest-bound estimates were orders of magnitude higher.

Google's own work was more specific. Two quantum circuits could break 256-bit ECC in nine minutes using only 1,200 logical qubits. The more efficient of the two circuits needed fewer than 1,450 logical qubits and 70 million Toffoli gates, down from 90 million in the first circuit.

Google also estimated the total physical qubit requirement at 500,000 for breaking 256-bit ECC. That is half the estimate the same team published for breaking 2048-bit RSA just last June.

A note on the gap between logical and physical qubits: standard error correction overhead runs roughly 100 to 1,000 physical qubits per logical qubit. So "1,450 logical qubits" translates to somewhere between 145,000 and 1.45 million physical qubits in practice. The math still moves in the wrong direction for anyone relying on ECC.

Where the Big Players Stand

The corporate timelines show a wide spread.

Google and Cloudflare: 2029. Amazon: December 31, 2031, using an in-house SigV4 algorithm for quantum-safe authentication. Amazon's AWS Private CA already uses KMS compliant with FIPS 204 for long-lived roots of trust. Customer data at rest is encrypted with AES-256, which quantum computers offer no advantage over classical methods in attacking.

Microsoft set its deadline at 2033. The company has been involved in post-quantum planning since 2014 as a founding member of the Open Quantum Safe project.

Meta has not committed to a public deadline. The company did introduce a taxonomy of PQC maturity levels: PQ hardened, PQ ready, PQ aware, and PQ unaware. Taxonomies are not timelines.

Apple has not stated a deadline.

The Algorithm Replacing RSA

The primary PQC replacement for RSA encryption is ML-KEM (Module Lattice Key Encapsulation Mechanism). It is based on mathematical problems that quantum computers have no current advantage in solving. NIST has been working toward standardization, with a call to deprecate quantum-vulnerable algorithms by 2035.

The US Department of Defense set its own line: all national security systems must use quantum-safe algorithms by December 31, 2031.

Blockchains Have a Problem

256-bit ECC is what Bitcoin and other major cryptocurrencies use to secure transactions. The Google circuit results put the qubit requirements for breaking that security within the range of hardware that plausibly exists within the next decade. This could mean significant exposure if the cryptocurrency ecosystem does not migrate to quantum-resistant schemes before a cryptographically relevant quantum computer (CRQC) materializes. It is worth watching whether Bitcoin's governance process moves faster than the qubit count.

The Bottom Line

Nobody has built a CRQC yet. The research papers describe theoretical circuits, not deployed hardware. But the timeline estimates just compressed substantially, and two major tech companies responded by moving their internal deadlines five years earlier. The gap between "theoretically possible" and "operationally relevant" is narrowing faster than most enterprise migration plans accounted for.

Organizations still sitting in the PQ unaware category have less runway than they did last year.

Source: Arstechnica

Related Articles

• SK Hynix Is Spending $7.9 Billion on Hardware. Google Is Trying an Algorithm. Both Are Responding to RAMmageddon.
• Google-Intel Expand AI Infrastructure Deal; Arm Produces Its First Chip
• Cognichip Raises $60M to Build AI That Designs AI Chips