Something cracked last year, and most people missed it. Chinese researchers quietly published results showing a quantum processor had factored integers used in RSA encryption — the same encryption protecting your bank account, your emails, your medical records.
Here is the direct answer: Quantum computers have not fully broken modern encryption yet, but recent breakthroughs have shattered the timeline everyone assumed we had. Cryptographers once estimated we had 15 to 20 years before quantum machines posed a real threat — that estimate is now being revised downward, aggressively, by the people who built those defenses in the first place.
The Lock That Took 40 Years to Build
RSA encryption was published in 1977 by Rivest, Shamir, and Adleman. It is built on a brutally simple mathematical assumption: multiplying two large prime numbers together is trivially easy, but reversing that operation — figuring out which two primes produced the result — is computationally catastrophic for classical machines.
A classical computer trying to factor a 2048-bit RSA key would need longer than the current age of the universe. That was the entire bet. The researchers at MIT who designed RSA were not being naive; they were being mathematically rigorous.
For four decades, that bet held. Then quantum mechanics walked into the room.
What Shor’s Algorithm Actually Does
In 1994, mathematician Peter Shor proved theoretically that a quantum computer could factor large integers in polynomial time — meaning the problem that crushes classical processors becomes manageable. Shor’s algorithm exploits quantum superposition and interference to find the periodicity of a function that directly reveals prime factors.
The catch was hardware. Running Shor’s algorithm at scale requires thousands of stable, error-corrected qubits operating in near-perfect coherence. Early quantum machines had dozens of noisy, unreliable qubits. The gap between theory and practice was enormous.
That gap is closing faster than the cryptographic community expected.
The Chinese Breakthrough — And Why It Matters
In late 2023, a team from Shanghai University published a paper demonstrating that a D-Wave quantum annealer had factored a 22-bit integer using a hybrid quantum-classical approach. The number itself was small — trivially breakable by classical means. But the method was the story.
The researchers combined quantum annealing with lattice-based mathematical techniques, a hybrid architecture that sidesteps some of the coherence limitations that have bottlenecked pure quantum approaches. It is not the home run, but it is a credible double, and it changes the geometry of the problem.
Cryptographer Bruce Schneier called it “not an immediate threat but a significant signal.” That is careful language from someone who does not do panic, which makes it worth reading carefully.
The Biotech Connection Nobody Is Talking About
Quantum computing’s threat extends well beyond financial encryption. Genomic databases — the kind being built by research institutions, biotech firms, and national health services worldwide — are encrypted using the same RSA and elliptic-curve cryptography now under pressure.
Companies like Illumina and institutions like the UK Biobank store hundreds of thousands of full human genomes. That data is valuable in ways that make credit card numbers look disposable — your genome does not expire, cannot be reissued, and contains information about your entire biological family.
Harvest now, decrypt later is already a documented threat strategy. Nation-state actors are believed to be collecting encrypted genomic and medical data today, banking it until quantum decryption becomes viable.
What the Research Community Is Actually Doing
NIST — the National Institute of Standards and Technology — spent seven years running a formal competition to develop post-quantum cryptographic standards. In August 2024, they finalized three algorithms: CRYSTALS-Kyber for key encapsulation, and CRYSTALS-Dilithium plus SPHINCS+ for digital signatures.
These are lattice-based and hash-based schemes designed to resist attacks from both classical and quantum machines. Google has already implemented a hybrid of CRYSTALS-Kyber in Chrome. Apple integrated post-quantum protocols into iMessage’s PQ3 framework earlier this year.
The transition is underway — but it is moving at infrastructure speed, which is to say, not fast enough.
The Honest Timeline Problem
Here is the uncomfortable arithmetic. Most enterprise software, government systems, and critical infrastructure runs on encryption installed 5 to 10 years ago. Migration cycles for large institutions typically run 7 to 12 years.
IBM’s quantum roadmap projects fault-tolerant quantum computing at meaningful scale by 2029. Google’s DeepMind quantum team has made parallel hardware investments with similar target windows. If those timelines hold, the overlap between “quantum machines capable of breaking RSA-2048” and “institutions still running RSA-2048” is not hypothetical — it is a scheduled collision.
The technology science community is not being alarmist about this. They are doing the math out loud.
FAQ
Has quantum computing already broken RSA encryption?
Not at production scale. Current quantum machines have factored small integers under experimental conditions using hybrid methods. Breaking RSA-2048 would require fault-tolerant quantum hardware with thousands of stable qubits — a capability that does not exist today but is projected within the decade.
What is post-quantum cryptography and is it already in use?
Post-quantum cryptography refers to algorithms mathematically resistant to quantum attacks. NIST finalized three standards in 2024, and major tech companies including Google and Apple have already begun integrating them into consumer-facing products and protocols.
Should regular users do anything right now?
Update software and operating systems consistently — vendors are pushing post-quantum protocols through standard update channels. For anyone handling sensitive biotech, medical, or financial data professionally, auditing which encryption standards are currently deployed is no longer optional housekeeping.
The Step You Should Take This Week
Quantum computing is not a future problem wearing a present costume — it is a present problem running on a compressed timeline. The encryption holding the internet together was built for a world that no longer exists at the physics level.
The single most concrete action you can take: if you work in tech, security, healthcare, or any data-intensive field, pull your organization’s current encryption audit. Find out whether your infrastructure team has a documented post-quantum migration plan. If they look at you blankly, you have just found the most important conversation you will have this quarter.
The researchers building quantum machines are not waiting. The cryptographic community is not waiting. The only group still operating on the old timeline is everyone who has not asked the question yet.