The countdown has begun for Q-Day — the uncertain but inevitable moment when quantum computers become powerful enough to swiftly crack the encryption that protects most of today’s online communications.

Researchers have understood this theoretical danger since the 1990s. Recently, however, Google cautioned that some encrypted systems could be vulnerable as early as 2029 — a projection that sharply shortens the preparation window many cybersecurity experts once assumed they had. If accurate, governments, corporations and institutions may need to accelerate their defenses.

“It’s the point when someone — potentially an adversary — gains access to a quantum machine capable of breaking the cryptographic systems currently in use,” explained Michele Mosca, cofounder and CEO of cybersecurity firm evolutionQ.

Q-Day refers to the stage when a quantum computer achieves the scale and reliability required to defeat conventional cryptography. At that point, financial records, medical data, emails, location histories and cryptocurrency wallets secured by widely used algorithms could be exposed by a machine able to solve the complex mathematical problems that underpin modern security.

Until then, data remains protected — and then, abruptly, it may not. “It’s not gradual. It’s a dramatic shift,” said Mosca, who also teaches at the Institute for Quantum Computing at the University of Waterloo in Ontario.

Meanwhile, hostile actors may already be gathering encrypted information with plans to decrypt it later. In these so-called “harvest now, decrypt later” attacks, stolen data is stored until sufficiently advanced quantum computers become available.

Since 2019, Mosca has coauthored the Quantum Threat Timeline Report, issued by the Global Risk Institute in Toronto. The seventh edition, released March 9, concluded that a cryptographically relevant quantum computer is “quite possible” within a decade and “likely” within 15 years. The assessment draws on insights from 26 specialists.

“Many organizations may not realize they are already facing an unacceptable level of risk that demands immediate action,” the report warned.

On March 25, Google announced it is aiming for 2029 to complete its transition to post-quantum cryptography, citing rapid advances in the field. The company said it hopes setting a clear timeline will spur faster adoption across the industry. Cloud computing firm Cloudflare has also aligned its target with 2029.

Invisible plumbing

Cryptography functions as the hidden infrastructure of the digital economy. The small padlock icon in a browser represents encryption grounded in mathematical principles. While multiplying large numbers is straightforward, reversing the process — factoring them — is extraordinarily difficult.

RSA, named after its inventors Ron Rivest, Adi Shamir and Leonard Adleman, is one of the most widely used encryption systems built on this principle. The Quantum Threat Timeline Report describes a cryptographically relevant quantum computer as one capable of breaking RSA encryption within 24 hours.

Quantum computers are not merely faster versions of existing machines. They operate using entirely different rules.

Traditional computers use bits, which represent either 0 or 1. Quantum computers rely on quantum bits, or qubits, which can exist as 0, 1 or both simultaneously — a phenomenon called superposition. This allows them to process vastly more complex calculations.

Despite the promise, quantum computing faces major engineering hurdles. Qubits are highly fragile and typically require ultra-cold temperatures and vacuum conditions to remain stable and minimize computational errors.

‘Warning shot’

A recent March study suggests that future quantum machines may need far fewer qubits than previously believed to defeat elliptic curve cryptography (ECC), the system securing many cryptocurrencies and digital platforms. The research was conducted by Google scientists alongside academic collaborators.

ECC relies on intricate mathematical equations represented as curves on a graph, generating keys from distinct points along those curves. It is generally considered more efficient than RSA.

According to Google, the team identified a method that could reduce the number of physical qubits required to attack ECC by roughly twentyfold. The company also introduced a framework for describing quantum-era security risks without revealing exploitable details.

Because most blockchain networks depend heavily on ECC, the findings underscore the urgency of upgrading defenses. While solutions are available, implementing them will require time and coordination.

Although the study has yet to undergo peer review, some experts describe it as a significant wake-up call — especially for the cryptocurrency sector.

Cryptocurrency systems are highly decentralized, making upgrades complex. Reaching agreement among developers and stakeholders can be slow and contentious.

On the positive side, governments including the United States and the United Kingdom have issued standards for post-quantum cryptography.

These standards primarily involve adopting new software-based algorithms built on mathematical problems far more difficult to solve than current ones. In especially sensitive contexts, organizations may also use quantum key distribution.

Quantum key distribution enables two parties to share encryption keys secured by the laws of physics rather than computational difficulty. The concept, first developed in the 1980s, uses particles of light to create secret keys. However, it requires specialized hardware, making deployment more costly.

Some observers liken the quantum threat to Y2K, the anticipated computer glitch at the turn of the millennium. That crisis was largely avoided because organizations invested heavily in preventive measures.

Similarly, widespread preparation could blunt the impact of Q-Day. Yet surveys suggest that more than 90% of businesses still lack a clear strategy for addressing quantum-related risks.

The stakes are high. A 2023 report estimated that a quantum-enabled cyberattack on the Federal Reserve’s interbank payment system could trigger severe economic disruption and potentially cause a prolonged recession.

Dustin Moody, a mathematician working on post-quantum standards at the National Institute of Standards and Technology (NIST), noted that major multinational firms are already moving quickly. For individuals and small businesses, however, the responsibility largely falls on technology providers.

“People should be aware of the risk,” Moody said, “but most individuals don’t need to take direct action. They need to ensure their service providers are preparing appropriately.”

The White House has set 2035 as a target for full adoption of post-quantum cryptography. In 2024, NIST finalized a suite of algorithms designed to withstand quantum attacks.

Still, cryptographic transitions are historically slow, often taking a decade or more. If a viable quantum computer appears sooner than expected, migration efforts may lag behind.

Even as organizations upgrade, only future data will benefit. Information already intercepted could remain vulnerable if adversaries are storing it for later decryption.

Medical records are particularly sensitive because they contain lifelong health histories and genetic data. Unlike software, biological information cannot be updated once exposed.

Biomedical devices at risk

Seoyoon Jang, a doctoral student at the Massachusetts Institute of Technology, is researching ways to protect wireless medical devices such as insulin pumps and pacemakers from future quantum-enabled threats. These compact devices often lack the power capacity to run demanding post-quantum security protocols.

In a worst-case scenario, an attacker could compromise a smartphone connected to an insulin pump and send malicious dosage commands. As remote health monitoring becomes more widespread, securing these systems grows increasingly urgent.

Jang and her team have developed an ultra-efficient microchip — about the size of a needle tip — that integrates post-quantum security protections while consuming far less energy than comparable solutions. The chip also occupies less physical space than many existing designs.

Supported in part by the Advanced Research Projects Agency for Health, the project aims to move toward commercialization. Jang believes the chip is among the first attempts to bridge the gap between biomedical constraints and quantum-safe security.

The latest Quantum Threat Timeline Report emphasizes that assessing the timeline is difficult because some research may be occurring in secrecy within government labs, private firms or covert programs.

“Because undisclosed breakthroughs would not be visible immediately, it is prudent to assume the real threat could arrive sooner than public research suggests,” the report states.

In other words, Q-Day could occur before the broader world recognizes it — potentially granting strategic advantage to those who reach it first.