Last week, Craig Gidney from Google Quantum AI published a breakthrough study that redefines the landscape of cryptographic security. His paper, “How to factor 2048 bit RSA integers with less than a million noisy qubits”, dramatically lowers the estimated quantum resources needed to break RSA-2048—one of the most widely used encryption standards securing everything from email to financial transactions to government databases.

Where previous estimates (including Gidney’s own 2019 study) projected that cracking RSA-2048 would require around 20 million qubits and 8 hours of computation, the new analysis reveals that it could be done in under a week using fewer than 1 million noisy qubits. This reduction of more than 95% in hardware requirements is a seismic shift in the projected timeline for “Q-Day”—the hypothetical moment when quantum computers can break modern encryption.

Read QuantumGenie's other industry insights.

What Makes RSA-2048 Vulnerable?

RSA encryption is based on the mathematical challenge of factoring large numbers into their prime components—a task that classical computers find prohibitively difficult at the 2048-bit level. This difficulty forms the backbone of digital security protocols used in secure web browsing (HTTPS), email encryption (PGP), VPNs, and many blockchain systems.

Quantum computers, however, can use Shor’s algorithm to factor these numbers exponentially faster. The catch? That algorithm requires high-fidelity quantum gates, large-scale error correction, and millions of qubits—until now.

Google’s Innovation: Shrinking the Qubit Budget

Gidney’s 2025 paper showcases several technical innovations that slash the qubit requirements for factoring RSA-2048:

• Approximate Residue Arithmetic: This method, recently introduced by Chevignard, Fouque, and Schrottenloher (2024), streamlines modular arithmetic and reduces the depth of quantum circuits needed for number factoring.

• Magic State Cultivation: A more space-efficient way of producing non-Clifford gate resources (known as magic states), crucial for enabling universal quantum computation under error correction.

• Optimized Period Finding with Ekerå-Håstad Algorithms: These advanced number-theoretic optimizations allow for a more efficient implementation of the quantum part of Shor’s algorithm.

• Yoked Surface Codes & Sparse Lookups: Techniques that minimize the overhead in fault-tolerant quantum circuits, enabling better scaling.

Collectively, these improvements reduce the physical qubit requirement to under 1 million and allow the algorithm to complete in less than 7 days, given favorable assumptions like a 0.1% gate error rate and a 1-microsecond surface code cycle time.

This represents a ~20x reduction in required qubits and vastly improves the practical feasibility of quantum attacks on RSA.

Read QuantumGenie's other industry insights.

Implications for Cryptographic Security

The broader takeaway is stark: RSA-2048 is no longer as safe as once believed.

While building a quantum computer capable of executing this attack is still a monumental engineering challenge, the new resource estimates bring that future much closer. If quantum hardware continues to progress as expected—with leading players like IBM, Google, and startups like Quantinuum and PsiQuantum scaling up both qubit numbers and error rates—Q-Day could realistically occur within 10 to 15 years, or sooner in a best-case scenario.

That means data encrypted today could be vulnerable tomorrow—especially for governments, banks, healthcare institutions, and cloud service providers that store data with long-term confidentiality requirements.

This underscores the risk of “harvest now, decrypt later” attacks, in which threat actors (including nation-states) are believed to be storing encrypted traffic now, anticipating that they’ll be able to decrypt it once quantum systems mature.

Read QuantumGenie's other industry insights.

Urgency for Post-Quantum Cryptography (PQC)

The cryptographic community has been preparing for this scenario for several years. The National Institute of Standards and Technology (NIST) has already finalized the first suite of post-quantum encryption standards, including lattice-based algorithms like CRYSTALS-Kyber and Dilithium, which are believed to be resistant to quantum attacks.

Yet, many systems—particularly in legacy environments—still depend on RSA-2048 or similar classical algorithms. Migrating these systems takes time, and in some cases, the encrypted data will need to remain secure for decades. That’s why Gidney’s paper acts as both a technical milestone and a public warning.

Organizations must start:

• Inventorying existing cryptographic systems and identifying where RSA is used.

• Deploying hybrid encryption (combining classical and quantum-resistant algorithms).

• Adopting crypto-agility strategies to enable rapid algorithm updates in the future.

• Educating stakeholders and regulators about the urgency of quantum readiness.

Read QuantumGenie's other industry insights.

Conclusion: The Countdown Is Real

Google’s 2025 quantum factoring estimate is more than a mathematical triumph—it’s a wake-up call. RSA-2048 has long been considered a gold standard in security, but this research makes clear that its lifespan is rapidly approaching an end.

The clock is ticking. And for the cybersecurity world, there’s no time to waste.

Reference:
Gidney, C. (2025). How to factor 2048 bit RSA integers with less than a million noisy qubits. Google Quantum AI. arXiv:2505.15917.

Need help evaluating your organization’s quantum risk exposure or building a migration roadmap? I can help design a tailored post-quantum strategy.