EMA: IT and Data Management Research, Industry Analysis and Consulting

Q-Day Just Got Way More Real

Written by Chris Steffen | Mar 31, 2026 4:20:55 PM

The timeline for "Q-Day"—the hypothetical day when quantum computers become powerful enough to break modern digital security—has shifted from a distant worry to an urgent reality. The latest research from Google Quantum AI and a startup called Oratomic has revealed that the "skeleton key" needed to crack current encryption is much closer than previously thought. This matters for everyone from Bitcoin holders to corporate leaders.

First, a bit of cryptography history: initially proposed in 1994 by mathematician Peter Shor, Shor's algorithm became the "Big Bang" of quantum computing. The algorithm proved that a sufficiently powerful quantum computer could factor large numbers exponentially faster than any classical machine, effectively breaking RSA encryption. This revelation spurred a global arms race to build quantum hardware and simultaneously birthed the field of post-quantum cryptography. In 2001, IBM achieved the first practical demonstration by factoring 15 into 3 and 5, a small but historic proof of concept.

In summary, since discovering Shor’s algorithm, cryptographers have known that a quantum computer could be used to bypass the encryption protecting our bank accounts and encrypted data. Until now, scientists believed you would need millions of "qubits" (the building blocks of a quantum computer) to actually run this attack.

Google’s new study has slashed that requirement by twenty times. They proved that with just 500,000 physical qubits, a quantum computer could crack a Bitcoin signature in roughly nine minutes. For context, Google now expects to have a computer of this scale by 2029.

Two Ways the "Lock" Could Be Picked

The research highlights two different types of quantum technology that are racing toward this goal:

  • The "Sprinting" Computer (Superconducting): These systems, like the ones Google is building, are incredibly fast. Once they reach the necessary size, they could bypass security in minutes.
  • The "Efficient" Computer (Neutral Atoms): A startup called Oratomic found that using a different type of hardware could crack the same security with only 26,000 qubits. While this machine would be "slower" (taking about ten days to crack one key), it requires much less hardware to build, potentially making it an easier path for attackers.

Why Google is Keeping Secrets

In a highly unusual move, Google decided not to publish the full details of their work. They are concerned that providing a "step-by-step manual" on how to break these codes would be too dangerous. Instead, they used a high-tech "Zero-Knowledge Proof" to prove their results are real without showing exactly how they did it. This suggests that the era of "open science" in quantum computing is ending, as the technology becomes a matter of national and financial security.

(And—for whatever it is worth—I applaud Google for this approach. If my most recent experiences at the RSAC conference are any sort of indicator, we are woefully unprepared for this technological advance, despite repeated warnings that massive technological strides were being made in advancing the technology.)

What This Means for You

The speculation about Q-Day is no longer a problem for the 2030s. It is a problem for the end of this decade, if not sooner. A few conclusions to consider:

  • For Crypto Holders: "Post-quantum" security is no longer a drill. If your digital assets rely on current encryption standards, they could be vulnerable within five to seven years, or sooner. Educate yourself on the impact this will have on your holdings.
  • For Businesses: Organizations need to start moving toward "Post-Quantum Cryptography" (PQC). This is a new type of security specifically designed to resist quantum attacks. If you haven’t started evaluating PQC solutions, EMA will have a report available in the coming weeks that highlights the best of the best solutions on the market.
  • For Individuals: You should spend time with the vendors and organizations you do business with (banks, credit card companies, health care, insurance, etc.) and get a better understanding of how they are protecting your sensitive information. For them to claim that your data is encrypted is no longer a sufficient answer to that question.

We are moving from a world where our digital locks were "unbreakable" to one where they have an expiration date. The latest announcement from Google is the new benchmark. Now is the time to ensure your digital life is ready for the quantum age.
View full post