Skip to main content
Science

Will Quantum Computers Break the Internet's Encryption?

Quantum computers threaten the encryption that secures the internet — but it's more nuanced than the headlines. What actually breaks, what survives, why 'harvest now, decrypt later' makes it urgent today, and how the world is already fighting back.

10 min read
Share:
A glowing digital padlock over a circuit-board background, representing encryption and cybersecurity
Rawpixel (CC0)
Contents
  1. First, How Today's Encryption Actually Works
  2. The Weapon: Shor's Algorithm
  3. The Catch: We're Not There Yet (But the Clock Is Ticking)
  4. Why It's Already a Threat: "Harvest Now, Decrypt Later"
  5. The Fight Back: Post-Quantum Cryptography
  6. So... Should You Be Worried?
  7. Common Myths
  8. Frequently Asked Questions
  9. The Bottom Line
  10. Sources

Almost everything private you do online — your bank login, your messages, your medical records, the little padlock in your browser — is kept secret by encryption. And one of the loudest warnings in technology is that quantum computers will one day shatter it. Headlines promise a "cryptographic apocalypse." Governments are scrambling. So here's the honest, non-hyped answer to a genuinely important question: will quantum computers break the internet's encryption — and should you be worried?

The short version: yes, they will break a specific, crucial part of it — but not all of it, not yet, and the world has already started fighting back. The nuance is the whole story.

First, How Today's Encryption Actually Works

Modern security rests on two very different kinds of encryption, and the quantum threat hits them completely differently. This distinction is the single most important thing to understand.

TypeWhat it doesExamplesWhere you meet it
SymmetricOne shared secret key locks and unlocks the dataAES, SHA-2/SHA-3Encrypting files, disks, the actual contents of a message
Public-key (asymmetric)A public key locks; a separate private key unlocksRSA, ECC, Diffie–HellmanThe "handshake" that lets strangers agree on a key — HTTPS, certificates, signatures

Public-key crypto solves a magic-seeming problem: how do two people who have never met agree on a secret key over an open line, with eavesdroppers listening? The answer relies on math problems that are easy to do one way but practically impossible to reverse — like factoring a huge number back into the two primes that made it. A classical computer would need longer than the age of the universe. That "impossible to reverse" gap is exactly what a quantum computer attacks.

The Weapon: Shor's Algorithm

In 1994, mathematician Peter Shor designed a quantum algorithm that does the supposedly impossible: it factors enormous numbers efficiently. Run Shor's algorithm on a large enough quantum computer, and the math underpinning RSA and elliptic-curve cryptography collapses. The "longer than the universe" problem becomes a problem of hours.

But — and this is critical — Shor's algorithm only devastates public-key crypto. For symmetric encryption like AES, the best quantum tool is a different one, Grover's algorithm, and it's far weaker: it only provides a square-root speed-up. In practice that halves the effective key strength, which you fix simply by doubling the key size (moving from AES-128 to AES-256). Annoying, not apocalyptic.

Split diagram: left panel in red shows public-key crypto (RSA, ECC, Diffie-Hellman) broken by Shor's algorithm; right panel in green shows symmetric crypto (AES-256, SHA-2/3) surviving with bigger keys
The quantum threat is lopsided. Public-key crypto — how strangers agree on a key — is broken. The symmetric encryption that scrambles the actual data survives, as long as you use bigger keys.

So the scary headline needs an asterisk. Quantum computers don't melt all encryption. They break the key-exchange and digital-signature layer — which, unfortunately, is the layer that secures essentially every connection on the internet. To understand why, it helps to know what a quantum computer actually is: not a faster PC, but a fundamentally different machine that exploits superposition and entanglement to evaluate a vast space of possibilities at once.

The Catch: We're Not There Yet (But the Clock Is Ticking)

Here's the reassuring part. The quantum computers that exist today cannot break RSA. Not even close.

Breaking RSA-2048 (a common key size) requires a large, error-corrected quantum computer — one with huge numbers of stable "logical" qubits. Today's leading machines have on the order of hundreds of noisy physical qubits, nowhere near enough. Estimates of the gap keep moving, which tells you how young this field is:

  • In 2019, researchers Craig Gidney and Martin Ekerå estimated breaking RSA-2048 would need about 20 million noisy qubits running for ~8 hours.
  • In May 2025, Gidney revised that dramatically downward: under 1 million noisy qubits, given recent advances in error correction and algorithms — roughly a 20× reduction in six years.

That revision cuts both ways. We're still far from a million error-corrected qubits. But the direction — requirements falling fast — is exactly why security experts refuse to be complacent. The day a "cryptographically relevant" quantum computer arrives is nicknamed "Q-Day," and most experts place it somewhere in the 2030s. Nobody knows the real date. That uncertainty is the problem.

Why It's Already a Threat: "Harvest Now, Decrypt Later"

If Q-Day is years away, why are governments and tech giants acting now? Because of a chillingly simple attack with a memorable name: "harvest now, decrypt later."

Three-step timeline: 1) Capture today (2026) — attacker copies encrypted traffic; 2) Store for years — data sits in an archive; 3) Decrypt on Q-Day (2030s) — a quantum computer cracks the old key and exposes the data
An adversary doesn't need a quantum computer today. They can record your encrypted data now, store it cheaply, and decrypt it the moment a capable quantum computer exists.

The logic is airtight and doesn't require any quantum computer yet:

  1. Today, an adversary intercepts and copies your encrypted traffic. They can't read it — but storage is cheap, so they keep it.
  2. For years, that encrypted archive just sits there.
  3. On Q-Day, they run Shor's algorithm against the captured data and unlock it retroactively.

For anything with a long shelf-life — state secrets, medical histories, financial records, intellectual property, the identities of confidential sources — data you send today could be exposed a decade from now. From the attacker's point of view, the countdown has already begun. That's why "Q-Day is in the 2030s" is not a reason to wait.

The Fight Back: Post-Quantum Cryptography

Here's the genuinely good news, and the part the doom-headlines skip. The world saw this coming and has spent years preparing. The defence isn't a quantum computer of your own — it's new math.

Post-quantum cryptography (PQC) means encryption algorithms that run on ordinary computers but are built on math problems even a quantum computer can't crack (largely based on lattices rather than factoring). After an eight-year global competition, the U.S. National Institute of Standards and Technology (NIST) finalised the first PQC standards in August 2024:

StandardAlgorithm (former name)Job it does
FIPS 203ML-KEM (CRYSTALS-Kyber)Quantum-safe key exchange — the RSA/Diffie–Hellman replacement
FIPS 204ML-DSA (CRYSTALS-Dilithium)Quantum-safe digital signatures (the primary choice)
FIPS 205SLH-DSA (SPHINCS+)Hash-based digital signatures (a conservative backup)

And this isn't theoretical. The migration is already happening around you:

  • Apple rolled out PQ3 for iMessage, a post-quantum protocol it calls the new state of the art for protecting messages against harvest-now-decrypt-later attacks.
  • Signal deployed its post-quantum PQXDH key agreement.
  • Cloudflare reports that by late 2025, more than half of human-initiated traffic across its network already used post-quantum key agreement, with hybrid PQC enabled by default in major browsers, OpenSSL, Go, and recent Apple systems.

In other words, the quietest, most consequential security upgrade in internet history is rolling out right now — and most people will never notice.

So... Should You Be Worried?

For you personally, today: no panic required. Your bank, your phone, and the major messaging apps are already migrating, and the heaviest lifting happens invisibly on their side. The practical advice is mundane and familiar — keep your devices and apps updated, because that's how the new algorithms reach you.

The real urgency sits with organisations holding long-lived secrets: governments, banks, hospitals, infrastructure operators. For them, "we'll deal with it when Q-Day comes" is a mistake, because of harvest-now-decrypt-later and because swapping out the cryptography inside large, sprawling systems takes years. The smart ones started yesterday.

Common Myths

Myth: "Quantum computers will instantly break all encryption." No. They break public-key key-exchange and signatures (RSA, ECC). Symmetric encryption like AES-256 survives with larger keys.

Myth: "It's already happening — quantum computers are breaking RSA today." Not even close. Today's machines have hundreds of noisy qubits; breaking RSA-2048 needs a large, error-corrected machine that doesn't yet exist.

Myth: "Since Q-Day is years away, there's nothing to do now." Wrong, because of harvest-now-decrypt-later. Long-lived data sent today can be decrypted in the future, so migration is urgent for sensitive information.

Myth: "We have no defence." We do — post-quantum cryptography. NIST standardised it in 2024, and it's already being deployed across browsers, phones, and messaging apps.

Frequently Asked Questions

Will quantum computers break encryption?

They will break public-key encryption — RSA, elliptic-curve, and Diffie–Hellman key exchange — using Shor's algorithm, once a large error-corrected quantum computer exists. Symmetric encryption like AES-256 survives, because the best quantum attack against it only halves its strength.

When is "Q-Day"?

Q-Day is the nickname for when a quantum computer can break current encryption. Most experts estimate sometime in the 2030s, but it's genuinely uncertain — and falling qubit estimates mean it could come sooner than once thought.

What is "harvest now, decrypt later"?

An attack where adversaries record encrypted data today and store it, planning to decrypt it once quantum computers are capable. It means data with a long shelf-life is already at risk, even though Q-Day hasn't arrived.

Is my data safe right now?

For everyday use, yes — and major providers (Apple, Signal, Cloudflare and others) are already deploying post-quantum protection. The best thing you can do is keep your devices and apps updated so you receive these upgrades.

What is post-quantum cryptography?

Encryption that runs on normal computers but resists quantum attacks, built on math problems (like lattice problems) that quantum computers can't efficiently solve. NIST finalised the first standards — ML-KEM, ML-DSA and SLH-DSA — in August 2024.

The Bottom Line

Will quantum computers break the internet's encryption? Yes — the public-key half of it — but not today, and not without a fight that's already well under way. The threat is real and specific: Shor's algorithm against RSA and elliptic-curve crypto, made urgent now by harvest-now-decrypt-later. The defence is equally real: post-quantum cryptography, standardised in 2024 and quietly deploying across the web as you read this.

The "cryptographic apocalypse" framing gets the drama right and the conclusion wrong. This isn't a cliff the internet falls off on Q-Day. It's a race — between the machines that can break our codes and the new codes built to survive them — and for once, the defenders got a head start.

Related on PrimusSource: Quantum Computing Explained: What It Is and Why It Matters, Einstein Called It "Spooky." What Quantum Entanglement Really Is and The Photon: Light's Strangest Particle.

Sources

#quantum computing#encryption#post-quantum cryptography#Q-Day#RSA#cybersecurity#Shor's algorithm
Share:

Related Articles