X-day, when quantum computers will be able to decrypt RSA encryption and elliptic curve cryptography (ECC), will be around 2030, but what should be done by then?
At
DEF CON 33 - Post Quantum Panic: When Will the Cracking Begin, & Can We Detect it? - K Karagiannis - YouTube
The day is fast approaching when quantum computers will be able to break RSA encryption and Elliptic Curve Cryptography (ECC). The National Institute of Standards and Technology (NIST) has recommended a transition to post-quantum cryptography by 2035, but in reality, we may only have five more years to go.
'It's been repeatedly said that quantum computers will crack the code in 10 to 20 years, but this vague prediction has already collapsed,' Karagiannis warned.
So, what exactly is a quantum computer? The basic unit of information used to encode data in a quantum computer is the qubit . Qubits use superposition and interference to perform certain calculations faster than normal. However, qubits are susceptible to environmental influences and prone to errors. Therefore, currently, logical qubits can only be obtained by bundling physical qubits together.
In September 2024, Microsoft announced that it had succeeded in creating 12 logical qubits.
Microsoft announces creation of 12 logical qubits, bringing quantum computing closer to practical use - GIGAZINE
Shor's algorithm is a quantum algorithm for quickly performing prime factorization using a quantum computer. This algorithm, devised by American mathematician Peter Shor in 1994, is widely known as the theoretical basis for quantum computing's ability to break existing encryption methods such as RSA and ECC.
Until now, it was thought that one billion qubits would be required to crack a cipher using a quantum computer and Shor's algorithm. However, technological advances have significantly reduced the number of qubits required. A paper published in 2021 announced that RSA2048 could be broken in eight hours using 20 million physical qubits and 6,000 logical qubits. Furthermore, the latest research from 2025 estimated that RSA2048 could be broken in five days using 1,399 logical qubits.
In addition to Shor's algorithm, Grover's algorithm can be used to make brute force attacks against AES successful in half the number of attempts. Therefore, it has been pointed out that AES-128 is essentially only as secure as AES-64.
Quantum computer developers have different development roadmaps, with IonQ claiming to be able to achieve 800 logical qubits by 2028 and 2 million physical qubits by 2030.
IBM announced the large-scale quantum computer 'IBM Quantum Starling' in June 2025, which is expected to reach 200 logical qubits. IBM plans to achieve 2,000 logical qubits by 2032.
IBM begins development of the world's first fault-tolerant large-scale quantum computer 'IBM Quantum Starling' - GIGAZINE
It is also expected that quantum error correction (QEC) will become a reality and fault-tolerant universal quantum computer (FTQC) will be realized around 2030.
Based on these findings, Karagiannis argues that 'there is a high possibility that ciphers such as RSA and ECC will be broken around 2030.' If ciphers such as RSA and ECC are broken by quantum computers around 2030, NIST's plan to 'complete the transition to post-quantum ciphers by 2035' will not be met.
'If quantum computer-based encryption breaks the data faster than expected, there's a risk that nation-state attackers or criminal organizations will monopolize early quantum computers,' Karagiannis said. He also argued that cyberattacks are already being carried out, such as stealing encrypted data and then decrypting it later.
Karagiannis argues that blockchain and ECC technologies such as Bitcoin are particularly dangerous, saying, 'If Elon Musk were to say, 'Quantum computers will crack Bitcoin's encryption,' the market would collapse immediately.'
Such quantum computer attacks are difficult to detect because they occur in the cloud rather than through network intrusions. The quantum cloud also doesn't monitor execution for user privacy reasons, Karagiannis argues, making it difficult to detect abuse.
Cryptographic algorithms that are considered secure against decryption by quantum computers are called ' post-quantum cryptography (PQC) .' Karagiannis argued that the early transition to this PQC is of utmost importance.
PQC standards promoted by NIST include ML-KEM , ML-DSA, SPHINCS+, and Classic McEliece.
The National Institute of Standards and Technology releases three final post-quantum cryptography standards: ML-KEM, ML-DSA, and SLH-DSA - GIGAZINE
Karagiannis claims that practical quantum computers will break encryption around 2030, marking 'the world's first predictable zero-day disaster.' If encryption methods are left unchecked, he says, it could lead to economic collapse, a collapse of trust, and the loss of value of digital signatures. While corporate chief information security officers tend to think of this as something that won't affect their term, Karagiannis argues that if this becomes a reality in just five years, it's clear they need to start tackling the issue now.
Related Posts:
in Video, Posted by logu_ii