The following is an executive summary of a 44 page report written by GQI’s Chief Analyst, Dr. David Shaw. To obtain the full report, contact GQI at info@global-qi.com.
For years, both the cybersecurity and quantum communities have focused on RSA-2048 as the lead benchmark by which to assess the timeline for the threat posed by future large scale quantum computers to conventional public key cryptography. A notion often summarized as ‘Q-day’. Though this originally seemed justified, it now looks to be materially misguided.
Recent work from Google, Oratomic and Alice & Bob demonstrates how algorithmic and architectural advances have rendered ECC-256, rather than RSA-2048, vulnerable on a much earlier timescale. Such protocols are currently used widely in Internet and corporate VPN cybersecurity protocols, and in leading cryptocurrencies such as Bitcoin and Ethereum for transaction security.
While many leading nation-states have set in motion plans for a transition to quantum safe alternatives by 2035, GQI assesses the timeline for ECC-256 Q-day for offline/retrospective attacks to be most likely 2032 with a reasonable worst case of just 3 years from today.
Further disruptive change accelerating this timeline is also possible. Intensive innovation continues up and down the quantum computing stack, across all hardware, midstack and software layers. Care must be taken to consider which of these innovations are potentially cross-compatible and which are mutually exclusive. This is not a case where we can ‘ask an expert’; we have to ‘join up the experts’.
GQI urges enterprise clients and governments to focus urgently on their plans for transition to post quantum cryptography (PQC), and to adopt crypto agile solutions. Users with the most sensitive security needs, and the capacity to manage the additional complexity, should also consider additional high assurance comms solutions as a complementary layer of security.
The accelerated cybersecurity threat is also set to bring a harder edge to emerging geopolitical tensions across the global quantum landscape. Major geopolitical powers will find it difficult to tolerate foreign QC facilities that threaten (or appear to threaten) their economies’ vital cybersecurity underpinnings. We expect collaboration to become more tightly held, less equal and export controls more rigidly applied, even between ‘like minded nations’.
Whilst many investors have previously looked to the emergence of truly large scale (teraquop) systems to trigger the emergence of a dominant design, the potential has now opened up for more modest (gigaquop) systems to establish sufficient momentum to claim this prize. Roadmaps will have to be reassessed, portfolio and exit plans recalibrated.
Would-be quantum computing end-users should also appreciate the upside promise of these developments. Long-term quantum R&D is delivering leaps forward in capability. However, while some look for a ‘ChatGPT moment’, quantum may instead first deliver a ‘Mythos moment’. Policy makers, investors, developers and end-users all have a shared interest in not allowing this to unduly skew how nascent ecosystems are nurtured and developed.
April 25, 2026
