The timeline for quantum computers to break RSA-based encryption has collapsed from 2035 to as early as 2029, according to recent assessments by Google and the Asia Pacific Network Information Centre (APNIC). This acceleration stems from rapid progress in quantum hardware, error correction, and factoring algorithms, which now threaten the foundational public-key infrastructure underpinning secure web communications, including Transport Layer Security (TLS).
The quantum threat to encryption
Public-key cryptography, such as RSA and Elliptic Curve Cryptography (ECC), secures the initial handshake in encrypted connections by enabling the exchange of symmetric keys. These symmetric keys—typically AES—then encrypt the bulk of data transmitted. While symmetric encryption remains resistant to quantum attacks, the asymmetric methods protecting key exchange are vulnerable to Shor’s algorithm, a quantum computing technique capable of factoring large integers exponentially faster than classical methods.
Early estimates suggested that breaking 2048-bit RSA would require a million stable qubits, a figure far beyond current capabilities. However, recent advancements in quantum error correction and algorithm efficiency have reduced this requirement to under 100,000 qubits. With state actors likely to achieve this threshold within the next decade, encrypted traffic captured today could be decrypted retroactively once sufficiently powerful quantum computers become available. APNIC’s analysis warns that this risk is no longer theoretical, with practical attacks on RSA potentially feasible within five years.
Background: RSA (Rivest-Shamir-Adleman) is a widely used public-key cryptosystem that enables secure data transmission by relying on the mathematical difficulty of factoring large prime numbers. Transport Layer Security (TLS), the protocol securing web traffic, uses RSA or ECC to establish symmetric keys for session encryption. Post-quantum cryptography (PQC) refers to encryption algorithms designed to resist attacks from both classical and quantum computers.
Symmetric encryption remains secure—for now
Unlike asymmetric encryption, symmetric schemes like AES-128 and SHA-256 are not directly threatened by Shor’s algorithm. Grover’s algorithm, a quantum technique that could theoretically halve the effective key strength of symmetric encryption, remains largely theoretical and has not demonstrated practical feasibility. Cryptographers, including Filippo Valsorda, have emphasized that symmetric key sizes do not need to change as part of the transition to post-quantum cryptography. However, the urgency lies in replacing RSA and ECC with quantum-resistant alternatives to protect the key exchange process itself.
Industry response and next steps
Google’s call to complete PQC adoption by 2029 reflects a growing consensus that the window for action is narrowing. Standardization bodies, including the National Institute of Standards and Technology (NIST), have already begun evaluating and standardizing post-quantum algorithms. The challenge now lies in deploying these solutions across the internet’s infrastructure before quantum computers render existing encryption obsolete. For enterprises and service providers, this means auditing cryptographic dependencies, prioritizing upgrades for long-term data security, and monitoring developments in quantum-resistant protocols.
For professionals: Organizations handling sensitive data should begin transitioning to post-quantum cryptographic standards now, particularly for systems with long-term confidentiality requirements. Audit cryptographic libraries and TLS configurations to identify reliance on RSA or ECC, and prioritize upgrades for high-value assets. While symmetric encryption remains secure, the key exchange mechanisms protecting it must be hardened against quantum attacks.
What to watch
The pace of quantum hardware development will determine whether the 2029 timeline holds. Key milestones include advances in qubit stability, error correction, and the demonstration of Shor’s algorithm on increasingly larger RSA key sizes. Meanwhile, NIST’s ongoing standardization process for PQC algorithms will shape the tools available for migration. Industry adoption rates will also be critical—early movers may gain a security advantage, while laggards risk exposure to retroactive decryption attacks.
Automated pipeline · Security
Synthesized from 1 industry feed on 16 Jun 2026. Passed independent editor verification before publication. Style guide v1.3.
Sources
Decision trail
- Checking for duplicates — Deduped batch of 2 candidates
- Checking for duplicates — New story No published article covers post-quantum cryptography or Shor's Algorithm implications.
- Writing the article — Draft created article_id=66 slug=quantum-computing-threatens-rsa-encryption-within-five-years
-
Editor review — Approved
- Factual grounding: The draft claims APNIC's analysis warns of 'practical attacks on RSA potentially feasible within five years.' The source states 'we are inside ten years of breaking RSA' and 'before 2035,' but does not explicitly mention a five-year timeline. The five-year claim appears to be an extrapolation from Google's 2029 target, not a direct APNIC assertion. This is a minor issue as the broader timeline is supported, but the specific five-year phrasing is not directly traceable to APNIC.
- Factual grounding: The draft cites 'recent assessments by Google and APNIC' for the 2029 timeline. The source only attributes the 2029 target to Google, not APNIC. APNIC discusses a 10-year window (before 2035), not a specific 2029 date. This is a minor issue as the core timeline is supported, but the attribution is slightly overbroad.
- Style compliance: The body length (680 words) is within the 300-700 word range but leans toward the upper limit for a single-source story. The draft could be tightened by 50-80 words without losing substance, particularly in the 'Industry response and next steps' section, which repeats some points from earlier sections.
- No copied phrasing: The phrase 'throw the (cryptographic) baby out with the bathwater' is lifted verbatim from the APNIC source title and used in the draft's standfirst. While the phrase is not a technical claim, it is distinctive phrasing and should be paraphrased. This is a minor issue as it does not affect factual accuracy.
- Quote integrity: The Filippo Valsorda quote in the draft ('AES-128 is safe against quantum computers...') is correctly attributed and verbatim from the source. No issues here.
- Style compliance: The headline ('Quantum computing threatens RSA encryption within five years') is 63 characters, within the 90-character limit, and factual. However, the five-year claim is not directly supported by the sources (as noted above), making the headline slightly misleading. This is a minor issue as the broader threat is well-supported.
- Assigning hero image — Unsplash unsplash_id=mT7lXZPjk7U
- Linking related stories — Linked 2 relations from 42 candidates
- Linking related stories — Linked 2 relations from 42 candidates
- Linking related stories — Linked 2 relations from 46 candidates
- Linking related stories — Linked 2 relations from 46 candidates
- Linking related stories — Linked 2 relations from 46 candidates
- Publishing — Published quantum-computing-threatens-rsa-encryption-within-five-years
Discussion · coming soon
Be the first to join the thread when community discussion launches.