Breaking RSA encryption just got 20x easier for quantum computers

A quantum computer with one million noisy qubits running for one week can theoretically crack RSA-2048 bit encryption, representing twenty times fewer qubits than Google’s 2019 estimate, according to new research from Google Quantum AI.

The findings sharply compress the timeline for when current encryption standards could fall, compelling enterprises to accelerate post-quantum cryptography (PQC) adoption.

“For decades the quantum and security communities have also known that large-scale quantum computers will at some point in the future likely be able to break many of today’s secure public key cryptography algorithms,” Google researchers Craig Gidney and Sophie Schmieg wrote in a blog post.  

The findings arrive amid rapid progress in quantum computing. While current systems still operate with only hundreds of qubits, Google’s research shows that three technical breakthroughs — more efficient algorithms, advanced error correction, and optimized quantum operations — are dramatically lowering the threshold for real-world cryptographic threats.

Specifically, the team adopted a 2024 method for approximate modular exponentiation, slashing overhead from 1000x to just 2x. They also tripled the logical qubit density through layered error correction and introduced “magic state cultivation” to streamline quantum processing.

Narayan Gokhale, VP & principal analyst at QKS Group, called the findings a “wake-up call for measured urgency, not panic,” saying they affirm existing PQC timelines but stress the need to fast-track transitions for long-lived or high-risk cryptographic systems.

The rate of progress marks a steep acceleration. Since Peter Shor’s 1994 revelation that quantum computers could theoretically break RSA, resource estimates have plummeted—from one billion qubits in 2012 to just one million today.

Gartner VP Analyst Bart Willemsen warned that “quantum computing will weaken asymmetric cryptography by 2029.” Given that cryptographic upgrades often span multiple years, he urged organizations to begin strategic planning now, especially for infrastructure with hard-coded crypto dependencies. Many developers, he noted, lack deep familiarity with cryptographic libraries and hash functions, making early inventory, performance testing, and system mapping essential to any realistic PQC roadmap.

Enterprise security implications

For security leaders, the research highlights two immediate priorities. First, encrypted communications using RSA or similar algorithms face acute “store now, decrypt later” risks, where intercepted data could be decrypted once quantum computers achieve sufficient scale. Google has implemented NIST-approved ML-KEM across Chrome and internal systems, establishing a benchmark for securing web traffic, VPNs, and messaging platforms. 

Digital signature implementations present a more complex challenge, according to security analysts. “Building true quantum resilience requires more than technical upgrades,” noted Gokhale. “It demands comprehensive operational planning that integrates cryptographic asset mapping with broader digital transformation initiatives.” The extended lifespan of signature keys—often embedded in hardware security modules or designed for multi-year use—creates unique migration hurdles that require early planning.

NIST’s recommended timeline—deprecating vulnerable algorithms by 2030 and removing them entirely by 2035—now appears increasingly firm. Willemsen warned against complacency: “Many organizations underestimate the impact because the quantum threat horizon appears distant. However, the multi-year lead time required for proper migration means preparation cannot wait.”

Security teams should take several concrete steps, including cryptographic audits, that will help identify the most vulnerable systems, while prioritized transition plans should focus first on high-value assets containing sensitive long-term data. Engaging technology vendors about their post-quantum implementation roadmaps becomes equally important, as does testing quantum-resistant algorithms for operational compatibility within existing infrastructure.

Practical quantum attacks may still be years away. But the cryptographic transition will take just as long — if not longer — to execute well. Organizations that act now will have the time and flexibility to build durable, secure systems, concluded the analysts.