Q
Quantum Computing Monitor

IS IT
Q-DAY?

Y N E O S  

Quantum computers are not powerful enough to break modern encryption. But progress is accelerating. If you're responsible for security at your organization, now is the time to prepare.

Estimated Time to Impact
09 YRS
:
364 DAYS
:
23 HRS
59:59.999

RSA-1024 will be broken first, impacting older websites that use legacy TLS, some VPNs and IoT devices.

Quantum Capability
Milestones Achieved 50%

Logical qubits have been demonstrated and early fault-tolerant operations are emerging. Scaling to thousands of high-fidelity logical qubits remains the critical barrier. Error correction and hardware engineering techniques are accelerating the timeline — be prepared for rapid advances.

Shor's Algorithm
The Key

The mathematical proof that quantum computers can factor large primes exponentially faster than classical supercomputers.

N = p × q
Global Encryption
RSA-2048

The current standard for internet security. Relying on integer factorization difficulty.

STATUS: SECURE
Harvest Now, Decrypt Later
Active Threat

Adversaries are storing encrypted data today to decrypt it once Q-Day arrives.

Data at Risk

Threat Briefing

01 / What is Q-Day?

The Cryptographic Breakpoint

Q Day is when quantum computers get smart enough to crack the encryption protecting your banking, messaging, crypto wallet, and government secrets. Experts used to say "don't worry, it's decades away!" Then 2040 became 2035. Now? RSA-1024 could break as early as 2028. At this rate, your passwords might expire before your milk.

These estimates are based on: Current quantum computing research progress, Algorithm capabilities, Quantum computing company's published roadmaps, Industry expert predictions.

> NOTE: We selected June 10th as Q-Day for each encryption type

02 / HNDL Attacks

Harvest Now, Decrypt Later

"Harvest now, decrypt later" is the cyberattack equivalent of buying wine to age in your cellar — except instead of wine, hackers are hoarding encrypted data they can't crack yet.

The strategy? Record today's "secure" communications knowing that quantum computers will eventually let them pop the cork on all those juicy secrets. Your bank transactions, government cables, corporate secrets — it's all getting archived for future decryption. Plot twist: they were playing the long game too.

> STATUS: ACTIVE THREAT

03 / The Wallet Threat

Crypto & Private Keys

All major crypto wallets encrypt private keys with AES-256, which buys you some extra time. But once signatures are broken, having "encrypted" private keys is like having a really secure door... that you left wide open.

Attackers are already collecting blockchain transactions to reverse-engineer private keys later. Those Bitcoin wallets sitting untouched are prime targets.

> RISK: P2PKH / REUSED ADDRESSES

General Internet Security

The stuff that keeps your browsing "private"

RSA-1024

Legacy TLS, embedded devices
795 Days

Still lurking in: Old websites, VPNs, IoT devices

VulnerabilitySHOR'S ALGORITHM
Required Capacity2,000–2,500 LOGICAL QUBITS

ECC-256

Your 'secure' messaging
880 Days

Used by: iMessage, Signal, WhatsApp, Tor

VulnerabilitySHOR'S ALGORITHM
Required Capacity2,500–4,000 LOGICAL QUBITS

AES-128

Wi-Fi & ZIP files
880 Days

Protects: WPA2, encrypted archives

VulnerabilityGROVER'S ALGORITHM
Required Capacity3,000–4,000 LOGICAL QUBITS

SHA-256

Digital fingerprints
880 Days

Verifies: Git commits, SSL certs, file integrity

VulnerabilityGROVER'S ALGORITHM
Required Capacity2,500–4,000 LOGICAL QUBITS

RSA-2048

Most of the internet
994 Days

Powers: HTTPS, banks, email, Windows code signing

VulnerabilitySHOR'S ALGORITHM
Required Capacity4,000–6,000 LOGICAL QUBITS

AES-256

Government secrets
1,133 Days

Secures: NSA Suite B, Apple Secure Enclave

VulnerabilityGROVER'S ALGORITHM
Required Capacity6,500–13,000 LOGICAL QUBITS

Ledger & Asset Security

Financial sovereignty at risk

BTC LEGACY

P2PKH / Reused Addresses
795 Days

Satoshi's stash & early miners are high priority targets.

VulnerabilitySHOR'S ALGORITHM
Required Capacity2,500 LOGICAL QUBITS

ETH / EVM

Secp256k1 Curve
886 Days

Requires Account Abstraction (EIP-4337) to migrate keys.

VulnerabilitySHOR'S ALGORITHM
Required Capacity4,099 LOGICAL QUBITS

SOLANA

Ed25519 Signatures
886 Days

High throughput doesn't protect against key derivation.

VulnerabilitySHOR'S ALGORITHM
Required Capacity4,099 LOGICAL QUBITS

MONERO

Ring Signatures
937 Days

Privacy features add complexity but not immunity.

VulnerabilitySHOR'S ALGORITHM
Required Capacity5,000+ LOGICAL QUBITS

HASHED KEYS

Cold Storage (P2SH)
1,118 Days

Safe if public key never exposed to the network.

VulnerabilityGROVER'S ALGORITHM
Required Capacity10,000+ LOGICAL QUBITS

Who's Prepared

GOOGLE

PQC Implemented

Set a 2029 deadline to complete full post-quantum migration across Google. Android 17 now integrates ML-DSA for digital signature protection, marking a shift to prioritize authentication alongside encryption. Builds on existing hybrid ML-KEM rollout in Chrome and Google Cloud.

Used In

Chrome, Google Cloud, Android 17, internal comms

ReferenceGoogle Blog (Mar 2026)

APPLE

PQC Implemented

Apple released formally verified implementations of ML-KEM (FIPS 203) and ML-DSA (FIPS 204) in corecrypto, with published mathematical proofs. Verification caught a silent bug in ML-DSA that testing missed. Builds on PQ3 in iMessage and extends quantum-secure crypto to VPN and TLS.

Used In

iMessage, VPN, TLS networking

ReferenceApple Security Research Blog (May 2026)

CLOUDFLARE

PQC Implemented

Over 65% of traffic to Cloudflare now uses post-quantum encryption (hybrid ML-KEM). Roadmap accelerated to complete full PQ migration by 2029, with new focus on authentication — protecting root certs, API keys, and code-signing keys from quantum impersonation. IPsec with hybrid ML-KEM now generally available.

Used In

CDN/TLS, IPsec, Cloudflare One

ReferenceCloudflare Post-Quantum Roadmap (Apr 2026)

MICROSOFT

PQC Implemented

Quantum-resistant cryptography now generally available across Microsoft platforms. SymCrypt — Microsoft's core crypto library — ships ML-KEM, ML-DSA, and SLH-DSA (FIPS 203/204/205), the broadest algorithm coverage of any major vendor. TLS hybrid key exchange in preview via Windows Insider; broader server rollout in progress.

Used In

Windows Server 2025+, Windows 11, SymCrypt, Schannel, ADCS

ReferenceMicrosoft PQC Companion Guide (Mar 2026)

AWS

PQC Implemented

Hybrid post-quantum TLS (X25519MLKEM768) now default-on for Secrets Manager and rolling out across customer-facing AWS endpoints. ML-DSA digital signatures available in KMS and AWS Private CA. Pre-standard CRYSTALS-Kyber being phased out in 2026 in favor of NIST-standardized ML-KEM.

Used In

Secrets Manager, KMS, S3, CloudFront, ACM, Private CA

ReferenceAWS Post-Quantum Cryptography

IBM

PQC Implemented

IBM Research scientists developed two of NIST's three published PQC standards (ML-KEM and ML-DSA); a co-developer of the third later joined IBM. Now redesigning Signal's group-messaging protocol for quantum safety — a ground-up rebuild that avoids a ~100x bandwidth blow-up from naive algorithm swaps. Also extending ML-KEM work with Threema.

Used In

NIST PQC standards (originator), Signal, Threema

ReferenceIBM Research (Mar 2026)

META

PQC Implemented

Meta cryptographers co-authored HQC, one of NIST's newly selected post-quantum algorithms. Has begun rolling out post-quantum encryption across significant portions of internal Meta infrastructure as part of a multi-year migration. Published a PQC Migration Levels framework (Unaware through Enabled) to help organizations assess their readiness.

Used In

Internal Meta infrastructure, HQC standard (co-originator)

ReferenceEngineering at Meta (Apr 2026)

Global Regulations

Government PQC mandates worldwide

United States (NIST - Civilian)

NIST, OMB

2035 TARGET
Key Dates
  • Aug 2024NIST released first 3 PQC standards (FIPS 203, 204, 205)
  • 2030112-bit classical public-key deprecated
  • 2035112-bit classical public-key disallowed
Requirements
  • Federal agencies must begin transition planning now
  • OMB developing agency migration guidance
  • Quantum Computing Cybersecurity Preparedness Act compliance
ReferenceNIST Post-Quantum FIPS Standards

United States (NSA)

NSA, DoD

2031 TARGET
Key Dates
  • Jan 2027All new NSS acquisitions must be CNSA 2.0 compliant by default
  • Dec 2030CNSA 2.0 algorithms phase-out deadline for NSS
  • Dec 2031CNSA 2.0 mandate effective for all National Security Systems
Requirements
  • National Security Systems priority implementation
  • Commercial Solutions for Classified (CSfC) program guidance
  • Hybrid approaches during transition period
ReferenceNSA CNSA 2.0 FAQ

European Union

ENISA, European Commission

2035 TARGET
Key Dates
  • Apr 2024EU Recommendation on PQC published
  • End 2026Member States must start PQC transition
  • End 2030Critical infrastructures transitioned to PQC
  • End 2035Full PQC transition across all EU systems
Requirements
  • Critical infrastructures transition "as soon as possible"
  • Member States implement synchronised approach
  • NIS Cooperation Group coordination mandatory
ReferenceEU Post-Quantum Cybersecurity Reinforcement

United Kingdom

NCSC

2035 TARGET
Key Dates
  • 2028Cryptographic discovery and migration strategy complete
  • 2031High-priority PQC upgrades finished
  • 2035Full replacement of traditional public-key cryptography
Requirements
  • Organizations must issue formal PQC migration statements
  • Asset discovery and PKI strategy development immediate
  • Critical infrastructure prioritization
ReferenceNCSC PQC Migration Timelines

Japan

CRYPTREC, NISC, NICT

2035 TARGET
Key Dates
  • 2024CRYPTREC PQC guidelines published
  • OngoingTechnical reports and evaluation activities
  • 2035Government agencies must complete PQC transition
Requirements
  • CRYPTREC evaluation of international PQC standards
  • Government agencies coordination via quantum networks
  • Industry collaboration on research and development
ReferenceJapan NCO 2035 PQC Transition Timeline

South Korea

KISA, Ministry of National Defense

2035 TARGET
Key Dates
  • Jan 2025KpqC competition winners selected; pilot transition begins
  • 2030Full-cycle PQC technology self-reliance
  • 2035Full PQC rollout across public and private sectors
Requirements
  • National cryptography transformation commission
  • 4 KpqC algorithms finalized as national PQC standards
  • Cross-agency working group coordination
ReferenceSouth Korea PQC Pilot Expansion

Australia

ASD, ACSC

2030 TARGET
Key Dates
  • End 2028PQC transition must have begun for critical systems
  • End 2030RSA, ECDSA, ECDH, DH, and SHA-256 disallowed
  • End 2030PQC transition complete (ML-KEM-1024, ML-DSA-87 required)
Requirements
  • ML-KEM-1024 and ML-DSA-87 required for new cryptographic equipment by 2030
  • ISM cryptography guidelines mandate compliance
  • Continuous monitoring of international PQC developments
ReferenceACSC Planning for Post-Quantum Cryptography

Canada

CSE, Canadian Centre for Cyber Security

2035 TARGET
Key Dates
  • Jun 2025Strategy becomes effective
  • Apr 2026New federal contracts must include PQC procurement clauses
  • 2031High-priority systems migration complete
  • 2035All remaining systems transitioned
Requirements
  • Departmental PQC executive leads appointed
  • Annual progress reporting mandatory
  • CMVP validation required for all PQC products
ReferenceOfficial CSE Migration Roadmap

China

Ministry of State Security, MIIT, CNCERT

~2029 TARGET
Key Dates
  • 2023National standards for quantum cryptography published
  • Feb 2025ICCS launches NGCC algorithm call
  • Jun 2026NGCC algorithm submission deadline
  • ~2029National PQC standards expected to finalize
Requirements
  • State-owned enterprises must prioritize quantum-safe systems
  • National quantum communication backbone deployment
  • Indigenous PQC algorithms preferred for critical systems
ReferenceInstitute of Commercial Cryptography Standards (ICCS)

Solution Providers

Companies leading the quantum-safe transition with practical solutions available today:

ID Quantique (IDQ)

Quantum Key Distribution (QKD) systems and quantum random number generators for governments, banks, and data centers.

Toshiba Europe

Quantum Key Distribution (QKD) and quantum-safe metro-area networks with commercialized multiplexed QKD chip technology.

QuSecure

Post-quantum secure communication stack (QuProtect) and quantum-safe VPNs for federal and enterprise networks.

QuintessenceLabs

Quantum entropy as a service (QRNG) and PQC + QKD hybrid solutions integrated into Thales HSMs and security modules.

Aliro Quantum

Quantum network orchestration and software-defined QKD network design enabling quantum internet infrastructure.

BTQ Technologies Corp.

Post-Quantum Cryptography software and hardware solutions including quantum-safe blockchain infrastructure and PQC libraries.

Project Eleven

Post-quantum cryptography for digital assets, protecting wallets and blockchain infrastructure against quantum-enabled key recovery.

Arqit

European PQC technology provider delivering symmetric key agreement and quantum-safe encryption platforms for governments, defense, and enterprise.