Q-Day: The Day Your Encryption Stops Protecting You

When quantum computers get powerful enough, most of today's encryption breaks — not science fiction, a scheduled engineering milestone with a date range attached. Below: the actual timeline, who's exposed, and what to do about it before Q-Day arrives.

The Lock on Everything You Do Online — and the One Machine Built to Pick It

This page, your bank login, the text you sent an hour ago — almost everything you do online runs through asymmetric encryption, meaning RSA and ECC (elliptic curve cryptography). Both lean on math problems that classical computers simply choke on: factoring enormous numbers (RSA) and untangling discrete logarithms on elliptic curves (ECC).

Shor's algorithm is the reason this page exists. Run it on a quantum computer big enough to matter and both of those problems fall in polynomial time instead of exponential time — the difference between a job that never finishes and one that finishes by dinner.

Classical computer vs. RSA-2048:
Estimated time to crack: ~300 trillion years. The universe is only 13.8 billion years old. You're safe.

Quantum computer vs. RSA-2048 (with Shor's algorithm):
Estimated time to crack: ~8 hours with a sufficiently large, error-corrected quantum computer. Not safe.

Every secure connection you use is actually running two different kinds of math side by side — and a quantum computer only breaks one of them:

Asymmetric encryption (RSA, ECC) — vulnerable. This is what protects key exchange, digital signatures, certificates, and cryptocurrency wallets. Quantum breaks it completely.

Symmetric encryption (AES-256) — mostly safe. Grover's algorithm only halves the effective key space, so AES-256 degrades to the strength of AES-128 — still 2128 operations to brute-force, a number no computer, quantum or otherwise, is going to finish counting to.

If you're encrypting files locally with AES-256, quantum computing is not your problem. If you're relying on RSA or ECC for anything — and you almost certainly are — that's where the risk lives.

Q-Day: When Does the Clock Actually Run Out?

Nobody knows exactly when a quantum computer will be powerful enough to break RSA-2048. Google, the NSA, and the academic mainstream have each put a number on the calendar, and the numbers don't agree. Ordered below from most alarmed to least:

Google (optimistic)
2029
Google quantum team
~10% by 2032
NSA mandate
2035 deadline
Academic consensus
Median ~2035
Conservative estimate
After 2040

The technical requirements: Breaking RSA-2048 needs roughly 10,000 logical qubits or approximately 1 million physical qubits with error correction. Current state-of-the-art systems have 100–400 physical qubits — a gap of roughly 1,000x. That's a real gap, but it's not the kind that tends to survive a decade in this field; qubit counts have a habit of making five-year forecasts look conservative.

So What's the Real Number?

We're probably 8–15 years out, but the uncertainty range is wide enough that anyone who gives you a single date is guessing. The NSA isn't setting a 2035 deadline because they think it'll happen in 2036. They're setting it because they think there's a real chance it happens sooner, and migration takes years.

Harvest Now, Decrypt Later: They're Stealing Your Secrets Today to Crack Them Tomorrow

Nation-states are recording encrypted internet traffic right now — the NSA, Google, and multiple intelligence agencies have confirmed that state-level actors are capturing and storing encrypted data today, planning to decrypt it once quantum computers are available.

Most people hear "10 to 15 years away" and file it under someday. For anything that has to stay secret longer than that, the clock started the moment the traffic got captured — the threat window for long-lived secrets has already opened.

Some data needs to stay secret for a lot longer than a decade:

If any of this is transmitted over standard RSA/ECC-encrypted channels today, and an adversary captures it, they just need to wait — the data doesn't expire, and the math won't forget it.

Whose Data Is Actually in the Blast Radius

Government / Military
Classified communications, nuclear codes, diplomatic cables, intelligence networks. VERY HIGH vulnerability. Active migration underway but massive legacy systems remain.
Financial Services
Banking transactions, trading systems, payment networks, SWIFT messaging. HIGH but the sector is actively migrating. Major banks have PQC pilots running.
Healthcare
Patient records, genomic data, insurance databases, clinical trial data. HIGH and most providers are NOT migrating. HIPAA doesn't yet require PQC.
Cryptocurrency
Bitcoin and Ethereum use ECC with no PQC migration plan. Community governance makes rapid change extremely difficult. VERY HIGH vulnerability.
Enterprise / Corporate
VPNs, TLS connections, code signing, internal PKI. MEDIUM risk — vendor-dependent. Most will inherit PQC from cloud providers and OS updates.
Personal / Consumer
Browser HTTPS, messaging apps (Signal, iMessage), email encryption. LOW near-term risk. Apps will update automatically. Signal already uses PQC.

Who's Racing the Clock — and Who's Betting You Won't Notice

Sector Current Encryption Quantum Vulnerable? Migration Status Risk Level
US Government RSA-2048, AES-256, Suite B RSA/ECC: Yes Active — CNSA 2.0 mandate, 2035 deadline Medium (migrating)
Big Tech (Google, Apple, Meta) TLS 1.3, ECDHE, AES-GCM Key exchange: Yes Active — Chrome shipping hybrid PQC, Apple iMessage PQC Low (leading)
Banking / Finance RSA-2048, 3DES (legacy), AES RSA: Yes, legacy: Yes Pilot stage — JPMorgan, HSBC running PQC trials Medium-High
Healthcare TLS, AES, vendor-dependent TLS handshake: Yes No plan — no regulatory requirement yet High
Bitcoin / Crypto ECDSA (secp256k1) Completely: Yes No plan — governance deadlock, no upgrade path Very High
Enterprise SaaS TLS 1.2/1.3, AES-256 Key exchange: Yes Early — AWS/Azure offer PQC options, most ignore Medium
Consumer Apps Platform TLS, E2E (some) TLS handshake: Yes Active — Signal, iMessage already using PQC Low

The Fix Already Exists — Here's Who's Actually Using It

Replacement algorithms already exist. NIST finalized its first post-quantum cryptography standards in August 2024, after an 8-year evaluation process, and they're built to resist both classical and quantum attacks.

What's already happening:

Chrome is testing X25519Kyber768, a hybrid that combines classical and post-quantum key exchange. AWS and Azure both offer PQC TLS options. Apple shipped PQC in iMessage (PQ3 protocol). Signal deployed the PQXDH protocol. The US government has set a mandatory 2035 migration deadline.

What's not happening:

Multiple surveys put the number at roughly 90% of companies with no PQC migration plan. Most enterprises can't even list which cryptographic algorithms they're running, let alone map a path off them. The standards exist, the tooling exists — the urgency doesn't, not yet.

Your Move: Exactly What to Do About It

If You're Just Trying to Keep Your Own Data Private

Keep your software updated. Your browser, phone OS, and messaging apps will adopt PQC automatically. Chrome, Safari, Signal, and iMessage are already rolling it out. You don't need to do anything special.

Use AES-256 for sensitive files you plan to store long-term. VeraCrypt, 7-Zip, or native OS encryption with AES-256 is quantum-resistant today.

Don't fall for "quantum-proof VPN" scams. Any consumer product claiming quantum protection right now is marketing, not security. Your VPN provider will update when the underlying TLS standard updates.

If you hold Bitcoin, pay attention to PQC fork announcements. When — not if — the community finally addresses this, the people watching for the announcement move their coins first.

If You're the One Who Answers for a Breach

Inventory your cryptographic dependencies. Most companies don't know where RSA and ECC live in their stack. Start mapping it now — every TLS certificate, VPN connection, code signing key, and API authentication flow.

Ask your vendors about PQC roadmaps. If your cloud provider, SaaS tools, and security vendors don't have an answer, that's a red flag.

Require crypto-agility in new systems. Any new architecture should be designed to swap cryptographic algorithms without rebuilding. This is cheap now and expensive later.

Prioritize long-lived data. If you handle medical records, legal documents, financial data, or anything with a 10+ year sensitivity window, the harvest-now-decrypt-later threat applies to you today.

If You're Looking to Profit From the Migration

Cybersecurity vendors like Thales, Cisco, and Palo Alto Networks are already building PQC upgrade paths into their products. Every enterprise migration is a sales cycle.

Quantum computing companies benefit from the urgency narrative regardless of timeline. IBM, Google, IonQ, and Rigetti are the obvious names.

Big tech captures the consulting spend. Microsoft, AWS, and Google will sell PQC migration services to enterprises that don't know where to start — which is most of them.

No Spin: Where You Actually Stand

Threat Level
Real but not imminent. The 8–15 year window gives time to prepare — but not to procrastinate.
Biggest Near-Term Risk
Harvest now, decrypt later. Nation-states are capturing encrypted data today. This is already happening.
Who Should Worry Now
Anyone with data that needs to stay secret for 10+ years: governments, healthcare, finance, crypto holders.
Who Can Relax
Individuals using modern browsers and messaging apps. Your software will update automatically.
The Action
Start PQC planning now. Migrate over 5–10 years. Don't panic, but don't ignore it either.
The Scam to Avoid
Any consumer product claiming to be "quantum-proof" today. The standards just shipped. Nobody has a finished consumer product yet.

Know About the Next Q-Day Before Your Bank Does

When a real post-quantum deadline lands — or the next “quantum-proof” product scam shows up — I break down what it actually means for your data. Plain English, no fear-selling.

Scott Covert, who actually built this. I work with these tools hands-on every day. If something here sparked a question, a project, or a “wait — can you build that for me?”, that's the best message I get. Reach me, pitch a collab, or book a consult.

Follow Scott · Substack · Medium