Google’s new study reduces the requirements for breaking RSA keys to just one million qubits, speeding up the clock for an urgent transition to post-quantum cryptography.
RSA encryption, which underpins much of modern digital security, may be running out of time. A recent study from Google Quantum AI revealed that a quantum computer with fewer than one million noisy qubits could break a 2,048-bit RSA key in less than a week. This finding drastically lowers previous estimates, which placed the necessary figure at 20 million qubits, raising serious implications for data confidentiality and the integrity of digital infrastructures.
A Silent Threat: What is encrypted today could be read tomorrow
One of the biggest dangers is the attack known as store now, decrypt later. Malicious organizations could intercept encrypted communications today—such as bank transactions, emails, or digital certificates—and store them for future decryption when they possess sufficient quantum capabilities.
This type of threat does not require fully operational quantum computers today, but it creates a critical preparation window for governments, businesses, and users: what is not protected now with quantum-resistant encryption could be exposed in a decade.
Critical Infrastructures at Risk
RSA and other asymmetric algorithms are essential for authenticating users, signing digital documents, establishing secure connections (TLS/SSL), protecting data in transit, and verifying identities in corporate networks. If this protection breaks down, identity theft, mass data interceptions, and large-scale digital sabotage could occur.
This would directly affect:
- Financial and banking platforms.
- Software firms and update systems.
- Diplomatic and governmental communications.
- IoT and industrial devices with embedded keys.
- Electronic voting systems and blockchain.
Replacing RSA is Not Immediate or Trivial
Transitioning to post-quantum cryptography (PQC) algorithms presents significant challenges. It’s not just about updating libraries or certificates; it involves redesigning systems where digital verification is deeply integrated. This is especially problematic for persistent digital signatures, such as public keys stored in hardware or legal certifications that must remain valid for decades.
Additionally, while new PQC algorithms are promising, they are still in the standardization process and undergoing real-world performance and compatibility tests.
What Can Be Done Now?
Google and NIST have already begun implementing preventative measures. Chrome, for example, has been using the ML-KEM algorithm to encrypt part of its traffic since 2024, and services like Google Cloud KMS are testing quantum-resistant signature schemes. Other companies, such as Cloudflare and Amazon, have also initiated partial migration plans.
Technically, it is recommended to:
- Audit current systems for dependencies on RSA and ECDH.
- Test PQC-compatible libraries in controlled environments.
- Adopt hybrid approaches that combine classical and post-quantum encryption.
- Establish security policies that consider the transition before 2030.
Conclusion: The Clock Has Already Started Ticking
Google’s study does not announce an immediate breakdown of RSA encryption, but it does indicate a concerning acceleration. The technical barrier that once seemed distant is beginning to blur, and sophisticated attackers may already be collecting data for future decryption.
In light of this new reality, passivity is no longer an option. Transitioning to post-quantum cryptography is not just a technological issue but a strategic necessity to safeguard privacy, digital trust, and the resilience of a connected society.
via: Cybersecurity News