A new study by Google has dramatically lowered the threshold for quantum computers to break RSA encryption — a cornerstone of modern digital security. With just one million qubits running for one week, quantum systems could crack what was once considered unbreakable. The revelation has sent ripples through the cybersecurity and cryptocurrency communities, reigniting urgency around post-quantum cryptography.
The paper, authored by Craig Gidney and Sophie Schmieg, reveals that a sufficiently optimized quantum computer with just one million qubits running for one week could potentially crack the 2048-bit RSA encryption standard, a task once believed to require 20 million qubits.
This 20-fold reduction from their 2019 projection has triggered a fresh wave of concern among cybersecurity experts, financial institutions, and cryptocurrency communities. Though practical quantum computers with such capabilities remain years away, the speed of progress in both quantum hardware and error correction algorithms has forced urgent conversations around transitioning to post-quantum cryptography (PQC).
From Trapdoor Functions to Quantum Loopholes: Why RSA Is Now at Risk
Modern encryption relies heavily on trapdoor functions math problems that are easy to compute in one direction but extremely hard to reverse without a private key. RSA encryption, for instance, depends on the difficulty of factoring large numbers, a task classical computers find practically impossible when dealing with keys larger than 2048 bits.
However, in 1994, mathematician Peter Shor proposed an algorithm that proved quantum computers could solve such problems exponentially faster. Since then, the industry has tracked quantum computing developments closely, particularly around the number of qubits required to make this attack feasible.
In 2012, estimates placed this number at a staggering one billion qubits. Google lowered that figure to 20 million in 2019. Now, thanks to algorithmic refinements and improved quantum error correction, the requirement has dropped to just one million—a number that seems achievable in the coming decade.
ALSO READ: FCRF Launches Campus Ambassador Program to Empower India’s Next-Gen Cyber Defenders
Cryptocurrency and Messaging Services at Risk: The Quantum Threat Grows
While today’s quantum computers operate with only 100 to 1,000 qubits, and face major engineering challenges like decoherence and noise, Google’s revised model shows how close we are to breaching cryptographic protocols in use globally.
The implications are staggering. RSA encryption secures not only WhatsApp messages but also financial transactions, government communications, and blockchain systems. The Elliptic Curve Diffie-Hellman (ECDH) algorithm, which secures Bitcoin transactions, also falls under the category of quantum-vulnerable encryption.
Google’s research warns of a “store now, decrypt later” scenario—where adversaries collect encrypted data now and decrypt it later, once quantum capabilities reach critical thresholds. This makes even past encrypted conversations and transactions vulnerable in the future.
Cryptocurrency experts are especially alarmed. A study by the University of Kent previously concluded that updating Bitcoin’s protocol to resist quantum attacks would require the network to go offline for 300 days. Google, without naming cryptocurrencies explicitly, emphasized that signature keys, common in blockchain systems, are difficult to replace and represent high-value targets for future quantum attacks.
Race for Quantum-Resistant Standards: PQC and Global Collaboration Begin
In response to the looming threat, Google has intensified its collaboration with the U.S. National Institute of Standards and Technology (NIST) and other global partners to fast-track the deployment of post-quantum cryptography standards. NIST’s recently concluded PQC competition has already produced the first generation of quantum-resistant algorithms, which Google says can be implemented today well before a quantum machine with one million qubits comes online.
What is RSA Encryption?
RSA encryption, named after its inventors Rivest, Shamir, and Adleman, is a cornerstone of modern digital security. It’s an asymmetric encryption algorithm, meaning it uses a pair of mathematically linked keys: a public key for encryption and a private key for decryption.
The public key can be freely shared, allowing anyone to encrypt a message intended for a specific recipient. However, only the corresponding private key, which is kept secret by the recipient, can successfully decrypt that message.
The genius of RSA lies in its reliance on the computational difficulty of factoring very large numbers. The public key is derived from the product of two enormous prime numbers, which are kept secret as part of the private key. While it’s easy to multiply these large prime numbers to get the public key, it’s incredibly difficult and time-consuming for classical computers to reverse the process and factor that large product back into its original prime components.
This “trapdoor function” makes it practically impossible for an unauthorized party to deduce the private key from the public key, thereby ensuring the security of encrypted data.
RSA’s benefits are widespread and foundational to our digital lives. It provides secure communication for everything from online banking and e-commerce transactions to secure email and virtual private networks (VPNs). By enabling digital signatures, RSA also allows for verification of the sender’s identity and ensures the integrity of data, proving that a message hasn’t been tampered with in transit.
Its asymmetric nature cleverly solves the problem of secure key exchange, allowing parties to communicate securely without needing to establish a pre-shared secret key, thus making it incredibly practical and scalable for global digital interactions.