In the chapter on the threat to encryption in Quantum from the Ground Up, I cited a 2025 estimate from Craig Gidney at Google Quantum AI that RSA-2048 could be factored by a quantum computer with roughly one million noisy physical qubits, and noted that most experts placed Q-Day, the point at which a quantum computer can break current encryption, at around 2035. That estimate did not survive the spring.
In late March and early April 2026, two independent research results arrived within weeks of each other. Google published a major improvement to the quantum algorithm used to break elliptic curve cryptography, the math behind most of the internet's key exchange. Then Oratomic, a quantum computing startup, published a resource estimate suggesting RSA-2048 and P-256 could be broken with as few as 10,000 qubits on a neutral atom machine. That is roughly two orders of magnitude below the prior million-qubit estimate.
Why 10,000 Qubits Instead of a Million
The efficiency gain comes from error correction overhead, not from a change in the underlying mathematics. Shor's algorithm, the quantum algorithm that breaks RSA and ECC, has not changed. What changed is how many physical qubits it takes to build one reliable logical qubit on a neutral atom platform. Reporting on the Oratomic estimate put the ratio at roughly three to four physical qubits per logical qubit, a dramatically smaller overhead than superconducting platforms have required.
That ratio matters because it is the number that determines whether an attack is a research curiosity or an engineering project with a budget and a timeline. A million-qubit machine is not something any organization is building in this decade. A 10,000-qubit machine is in the range that QuEra, Atom Computing, and Pasqal have all stated as roadmap targets for 2026 to 2028 in the neutral atom chapters of this book. The number did not just get smaller. It got small enough to be plausible on hardware roadmaps that already exist.
How the Industry Responded
Cloudflare's response is the clearest signal of how seriously the industry is taking this. Cloudflare secures a significant fraction of global internet traffic, and the company had already completed most of its post-quantum encryption rollout, protecting against harvest-now-decrypt-later attacks where adversaries collect encrypted traffic today and decrypt it once a quantum computer is available. That work was largely done. The Google and Oratomic results changed what Cloudflare is worried about next.
Cloudflare's senior product director told reporters that authentication, not data confidentiality, is now the bigger concern. The distinction is worth sitting with. If a quantum computer can forge access credentials, an attacker does not need to decrypt anything. They can log into systems they are not supposed to have access to, or compromise a software update channel directly. That is a more immediate and more damaging failure mode than data theft, and it requires a different and more complex migration than swapping out an encryption algorithm.
Cloudflare set 2029 as its target for full post-quantum security across its platform, including authentication, and has accelerated its existing roadmap to hit that date. Google made a similar 2029 commitment. Coverage of the shift described the timeline change as a direct response to the two breakthroughs, and one report quoted the view that a coordinated attack against a high-value target, what the article called a moonshot attack, could plausibly arrive by 2030.
Chapter 13 of the first edition gave a 2029 to 2033 range as the accelerated estimate, driven by IonQ's October 2025 fidelity result. That range still holds, but the reasoning behind it has shifted. The IonQ result was a hardware fidelity improvement on an existing approach. The Google and Oratomic results are an algorithmic and architectural efficiency gain that reduces the qubit count needed for the same outcome. Both push in the same direction, but they are different kinds of progress, and the second edition will need to explain both rather than treating the timeline as a single number that moves around.
The Oratomic estimate specifically relies on high-rate quantum error-correction codes to achieve its 3:1 physical-to-logical overhead ratio. It is worth emphasizing that we are talking about 10,000 physical qubits here. Because the cybersecurity industry has spent a decade hearing that breaking RSA requires millions of physical qubits, highlighting that this breakthrough brings the physical hardware requirements down to the low thousands underscores just how radical this architectural shift is. Furthermore, this timeline collapse wasn't driven by hardware breakthroughs alone; as noted in the landmark paper co-published by Caltech and Oratomic, the team heavily leveraged AI-assisted algorithmic design and reconfigurable arrays to optimize these error-correcting codes, proving that classical AI is actively accelerating the software running on quantum roadmaps. Meanwhile, Google Quantum AI's joint research demonstrated that the logical qubit threshold to break elliptic curve cryptography could be slashed by 20x, creating a compounding effect where hardware requirements dropped while algorithm efficiencies spiked.
The organizational guidance from Chapter 13 does not change, it gets more urgent. Inventory your cryptographic dependencies. Specify quantum-resistant encryption in procurement. Re-encrypt long-term sensitive data. Build crypto agility into your architecture so algorithms can be swapped without a system rebuild.
The new addition, following Cloudflare's formal roadmap acceleration announcement, is that authentication systems deserve the same attention as encrypted data. As industry infrastructure leaders begin locking down their platforms against these newly compressed timelines, a compromised root certificate or access token is recognized as a far more catastrophic failure than a decrypted file, and it is the exact vulnerability the industry is now scrambling to patch.
This post will be incorporated into the second edition of Quantum from the Ground Up, out September 1. The full book, updated quarterly, is free at gordostuff.com/p/quantum-from-ground-up-hardware.html
No comments:
Post a Comment