When Will Quantum Computers Break RSA-2048? Insights from PQCrypto 2025

One of the most intriguing talks at PQCrypto 2025 tackled a critical question: Where are quantum computers today, and when should we expect them to break RSA-2048?

As the world prepares for the quantum threat, understanding the timeline is essential. The talk, “Expected and Unexpected Developments in Quantum Computing,” presented a nuanced view: while quantum computing is still in its early stages, rapid advancements could bring RSA-breaking capabilities within reach by mid-century.

Key Takeaways:

• Current State: Today’s quantum computers face significant hurdles, particularly noise and error rates. Error correction (like surface codes) is crucial for scalability, but we’re far from the millions of qubits needed for RSA-2048.
• Projected Timeline: Under optimistic but plausible assumptions (qubit counts doubling every 1.5 years), RSA-2048 could be broken by 2052—though breakthroughs in hardware or algorithms could accelerate this.
• Security Implications: The talk highlighted an interesting asymmetry in security benchmarks: while classical attacks aim for \(2^{128}\) security, quantum attacks often target \(2^{64}\).
• Disruptive Possibilities: New qubit technologies (topological qubits, cat qubits), better error-correcting codes, and improved factoring algorithms (like Regev’s 2023 method) could reshape the timeline.

The conclusion? Quantum computing is evolving unpredictably, and while RSA’s demise isn’t imminent, the race between quantum advancements and post-quantum cryptography is heating up.

For a deeper dive, check out the full talk: Expected and Unexpected Developments in Quantum Computing.