Understanding Y2Q: The quantum threat to encryption

Y2Q is the point at which quantum computers will defeat public key cryptography. This is a significant concern because public key encryption is the backbone of trust in our digital world. It allows us to share information securely and be confident that the data has not been changed.

Public key encryption relies on the use of large prime numbers and is secure because it is particularly hard for classical computers to factorize large numbers quickly. However, in 1994, Dr Peter Shor identified a way to use a quantum computer to factorize large numbers quickly, known as Shor’s Algorithm.

In 2021, a joint document by the Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), and National Institutes of Standards and Technology (NIST) estimated that 6,000 stable qubits (quantum bits) would be needed to use Shor’s Algorithm to break the current public key encryption standard.

There is no guaranteed date for Y2Q, although in 2019, the Cloud Security Alliance announced that Y2Q would occur on 14 April 2030 to encourage public discussion. In 2021, Google’s lead quantum engineer set a target of the end of 2029 for the delivery of a useful, 1000+ stable qubit machine.

You may have come across Moore’s Law, which describes the doubling of compute capacity every two years for silicon transistor-based computing. Similarly, Rose’s Law predicts that the number of qubits in a quantum computer will double every year.

Assuming Rose’s Law applies to superconducting qubits, the predominant approach to quantum computing used by Google, Amazon Web Services (AWS), and IBM, we can make some predictions. Google announced Willow in December 2024 with 105 stable qubits, which points to the end of 2030 for Y2Q. AWS announced Ocelot in February 2025 with 5 stable qubits, pointing to mid-2035. IBM’s announcement of Heron R2 in December 2024 with 156 stable qubits points to early 2029 for Y2Q.

Several factors could disrupt the relatively stable environment assumed within Rose’s Law, including changes in the materials used for quantum computing, better prime number factorization algorithms, and new ways to reduce the number of physical noisy qubits required to produce a logical stable qubit.

Microsoft has been working on an alternative approach to provide their qubits, namely topological conductors, for the last 17 years. In February 2025, Microsoft announced its Majorana 1 chip with 8 stable qubits. They claim this breakthrough is like the move from valves to transistors and could result in a 10-fold increase in the rate of innovation. Assuming this approach delivers a 4-fold increase in the growth rate compared to current materials, we could have 6,000 stable qubits by mid-2027.

Another disruptor could be a combination of IBM’s Condor chip with 1,121 qubits announced in December 2023, combined with the error correction from their Heron R2, which could get us there by mid-2026.

All the above dates are based on using Shor’s Algorithm with its required 6,000 stable qubits. If another algorithm is found needing less than 100 stable qubits, it could blow up all the calculated predictions, and we could reach Y2Q in months.

To be ready for Y2Q, it’s critical for companies to get on top of cybersecurity fundamentals. Know what your most important secrets are, understand and monitor who has access to them, and ensure you have an identity strategy that is easy to manage. Move to a zero trust strategy, catalog where you use encryption, understand the new NIST Post Quantum Cryptography (PQC) standards, and take a risk-based sequence to protecting your secrets, accepting that it might take several years to implement a solution.