The Quantum Leap: Why Quantum Computing is the End of Modern Encryption

Executive summary

Quantum computing is not “faster computing” in the conventional sense; it is different physics (wave-like probability amplitudes, non-classical correlations, and fragility to environmental noise) engineered into a programmable machine. A register of n qubits can, in principle, occupy a state described by 2ⁿ complex amplitudes—an exponential state space that quickly overwhelms classical simulation memory—yet a measurement yields only classical bits, so the advantage has to be extracted through carefully designed interference patterns rather than by “reading” those amplitudes directly. 

In 2026, the “race” to fault-tolerant quantum computing is best understood as three parallel bets on engineering constraints:

• Superconducting qubits (Google/IBM) are moving fastest on systems integration and error correction, including below-threshold surface-code memory demonstrations on Google’s Willow processor and aggressive, publicly articulated roadmaps from IBM to a 200-logical-qubit, 100-million-gate fault-tolerant system.
• Trapped ions (IonQ) show strong evidence for high-fidelity operations and naturally flexible connectivity (all-to-all within an ion chain), and IonQ has publicly announced a 99.99% two-qubit-gate fidelity result (vendor claim, but backed by “technical papers” per the announcement).
• Topological qubits remain the high-risk/high-reward option: topological quantum computation is theoretically attractive because of its potential intrinsic robustness to local noise, but Microsoft’s “topological qubit” claims have drawn public scepticism from parts of the physics community, underlining that the approach is not yet universally accepted as validated at the level implied by press narratives.

Cybersecurity is the most immediate societal forcing function. Shor’s algorithm makes integer factoring and discrete logarithms efficiently solvable on a sufficiently large, error-corrected quantum computer, threatening RSA and ECC-based public-key cryptography. In response, NIST has approved three post-quantum cryptography (PQC) FIPS standards: FIPS 203 (ML‑KEM, derived from CRYSTALS‑Kyber), FIPS 204 (ML‑DSA), and FIPS 205 (SLH‑DSA). NIST’s transition draft (IR 8547) sketches a timeline where several classical schemes are deprecated after 2030 and disallowed after 2035, signalling that migration work must begin now because “cryptographic agility” and infrastructure replacement take years.

Core mechanism

Superposition, entanglement, decoherence — a rigorous analogy that still feels intuitive

Analogy frame: Think of a classical bit as a coin that always sits flat: heads (0) or tails (1). A qubit is closer to a wave on a drumhead that can occupy two fundamental modes at once; its state is a vector with complex amplitudes (magnitude + phase) over |0⟩ and |1⟩. When you “listen” (measure), you don’t hear the full waveform—you get a sampled outcome (0 or 1), and the act of listening changes the state. Nielsen & Chuang explicitly stress the paradox: a single qubit appears to carry continuous parameters, yet a measurement yields only one bit, and determining those parameters requires many identically prepared measurements.

1) Superposition A single qubit can be in a continuum of states between |0⟩ and |1⟩ until it is observed, unlike a classical bit, which is always one or the other. What matters computationally is not just “being in both at once”, but phase-coherent interference, letting algorithms amplify correct answers and cancel incorrect ones.

2) Entanglement If superposition is “one wave in two modes,” entanglement is “two instruments playing one inseparable chord.” The joint state of two qubits can contain correlations that cannot be factored into independent single-qubit descriptions. Nielsen & Chuang emphasise that multi-qubit quantum states involve complex amplitudes over computational basis states, and importantly that the descriptive complexity grows explosively with system size. <u>.</u> In practical terms: entanglement is the resource that lets quantum circuits explore structured correlations—vital for algorithms like Shor’s period-finding and for quantum simulation.

3) Decoherence Decoherence is what happens when the environment “eavesdrops” on your quantum drumhead, leaking phase information. Zurek’s classic review describes decoherence as arising when the environment effectively monitors certain observables, destroying coherence between quantum alternatives and selecting stable “pointer” states (environment-induced superselection / einselection). Engineering consequence: without heavy shielding, extreme isolation, and error correction, quantum states behave classically long before deep algorithms finish.

Qubits vs classical bits — efficiency, with the important caveat

A frequent oversimplification is “n qubits = 2ⁿ classical bits.” The accurate version is: an n‑qubit pure state generally requires 2ⁿ complex amplitudes to describe, but you cannot directly read those amplitudes out. Your gain comes when a problem can be mapped so that those amplitudes interfere to reveal a result with fewer operations than the best-known classical method.

Concept	Classical bits	Qubits (idealised)	What this implies (and what it doesn’t)
State description	One of 2ⁿ discrete strings	Generally 2ⁿ complex amplitudes for an n‑qubit state	Exponential representational capacity, but not free “exponential output.”
Readout	Directly observable	Measurement yields classical outcomes (0/1 per qubit); determining the underlying amplitudes needs many runs	Quantum computers are not “massively parallel classical machines”; the advantage is algorithmic + interference-driven.
Failure mode	Bit flips are manageable with redundancy	Decoherence + correlated errors can erase phase information; must be handled with quantum error correction	The cost of fault tolerance dominates practical timelines.

The tech race

Hardware modalities compared

The question “who is winning?” is better answered as: who has the clearest evidence of scalable error suppression + the most plausible systems engineering path to millions of physical qubits (or thousands of logical qubits)?

Modality	Representative players	Strengths	Bottlenecks	Best public “signal” towards fault tolerance
Superconducting (transmons, surface code, etc.)	Google, IBM	Fast gate operations; mature microfabrication; deep tooling. Google and others are demonstrating below-threshold error correction where logical qubits improve as the code grows.	Cryogenics + wiring + control complexity; correlated noise; scaling control lines is a known challenge at millikelvin temperatures.	Google: distance‑7 surface-code memory with 0.143% ± 0.003% error/cycle on 101 physical qubits, Λ≈2.14 suppression; real-time decoding metrics published.
Trapped ions	IonQ (and broader trapped-ion ecosystem)	High-fidelity operations; identical qubits; within a chain, can offer all-to-all operations (reducing routing overhead).	Scaling control (lasers/electronics), motional mode crowding, and engineering for larger systems. IonQ’s tech stack still uses laser beams for gates in its standard description.	IonQ Forte benchmarked as a 30‑qubit trapped-ion system with all-to-all operations (peer-reviewed benchmarking)
Topological qubits (Majorana / anyons)	Microsoft (topological approach)	In theory, topological encoding can be intrinsically more robust: information is stored non-locally, and gates can be implemented via braiding anyons, providing fault tolerance against local perturbations.	Experimental proof and scalable fabrication remain difficult; claims require strong community validation.	Microsoft announced “topological qubits,” but Nature reported that some researchers are sceptical of the claims; this gap between aspiration and consensus is central to the “race” narrative.

Superconducting qubits: Google and IBM

Google (superconducting; surface code focus) Google’s major credibility point in the fault-tolerance story is peer-reviewed below-threshold error correction for a logical memory. Its 2024 preprint (journal reference listed as Nature 638 (2025) on arXiv) reports two surface-code memories operating below threshold, including: - A distance‑7 surface code spanning 101 physical qubits with logical error 0.143% ± 0.003% per cycle, and an error-suppression factor Λ = 2.14 ± 0.02 when increasing code distance by two. - Real-time decoding results (distance‑5) with ~63 μs average decoder latency and 1.1 μs cycle time, addressing a key systems constraint: decoding must keep up with fast qubit cycles. Google positions this as a qualitative step: “error-corrected qubits get exponentially better as they get bigger,” in its own technical communication around the Willow platform.

IBM (superconducting; roadmap-and-modularity focus) IBM’s key differentiator is a highly specific, dated roadmap and a public architecture narrative around large-scale fault-tolerant quantum computing by 2029. In June 2025, IBM stated it plans to deliver IBM Quantum Starling by 2029, targeting 200 logical qubits capable of running 100 million quantum gates, and positioning this system as a stepping stone to IBM Quantum Blue Jay with 2,000 logical qubits and 1 billion operations. IBM’s published roadmap artefacts also explicitly frame intermediate milestones and client-facing delivery, linking “scientific quantum advantage” and modular fault-tolerant modules along the way.

A practical engineering footnote that matters: superconducting systems live in the millikelvin regime, driving real-world constraints on wiring, control electronics, and thermal noise. IBM’s Goldeneye dilution refrigerator announcement reports cooling to ~25 mK and explains why millikelvin operation is required for state-of-the-art quantum hardware. 

Trapped ions: IonQ’s path

Two points anchor the trapped-ion story in public sources:

• Connectivity and benchmarking: IonQ Forte is described in a peer-reviewed Quantum journal paper as a single-chain 30‑qubit trapped-ion quantum computer with all-to-all operations, benchmarked across 435 gate pairs (30 choose 2). 
• Gate fidelity (vendor claim): IonQ’s October 2025 announcement claims >99.99% two‑qubit gate fidelity, calling it a “world record” and tying it to their roadmap; it also states prototypes will form the basis for 256‑qubit systems in 2026 (this is IonQ’s own forward-looking claim and should be treated as such). 

IonQ’s own technology description still foregrounds laser-based control (individual beams plus a global beam) to perform gates and readout. For an external audience, the induced implication is: trapped ions may trade slower physical operations and complex optics for cleaner qubits and easier connectivity—a different, not strictly better, engineering balance.

Topological qubits: the “if it works, it changes everything” bet

Topological quantum computation is academically grounded: the standard review by Nayak et al. explains fault tolerance as arising from non-local encoding in topological states and gate operations performed by braiding non-Abelian anyons.

Microsoft publicly announced Majorana 1, describing it as “the world’s first quantum processor powered by topological qubits” and “designed to scale to a million qubits on a single chip.” However, Nature’s news coverage on the same date emphasised that some researchers are sceptical of the claims, even while noting the theoretical attraction of topology-based systems for scaling due to noise protection.

Who is leading toward fault tolerance (best evidence, 2026)? A careful, evidence-weighted answer is:

·         On demonstrated error-correction scaling: Google’s below-threshold surface-code memory results are among the clearest published “proofs of principle” for superconducting fault tolerance.

·         On declared end-to-end systems roadmap: IBM has one of the most explicit, date-stamped plans for a client-available fault-tolerant system (Starling, 2029) and a large-scale successor (Blue Jay, 2033+). 

·         On qubit quality and connectivity at modest scale: trapped ions (including IonQ) remain highly competitive, especially where connectivity reduces compilation overhead, but they still face major scaling challenges.

·         On transformative long-term risk/reward: topological qubits could, in theory, reduce error-correction overhead substantially, but the field is still in a phase where claims and consensus diverge.

Breaking the Internet

Why Shor’s algorithm threatens RSA and ECC

Shor’s work shows that prime factorisation and discrete logarithms can be solved in polynomial time on a quantum computer, fundamentally changing the hardness assumptions used by much of modern public-key cryptography. RSA security relies on the practical difficulty of factoring large integers; elliptic-curve cryptography relies on the discrete log problem over elliptic curves (a related family of problems). NSA’s CNSA 2.0 advisory explicitly summarises the story: Shor’s mid‑1990s discovery implies a cryptanalytically relevant quantum computer would break public-key systems still used today.

Reality check (it’s not tomorrow, but it’s not “never”): Cryptanalytic viability hinges on the availability of large-scale, error-corrected quantum computers. A frequently cited resource estimate (Gidney & Ekerå) argues that factoring RSA‑2048 in ~8 hours could require ~20 million noisy qubits under a set of physical assumptions (surface code cycle time 1 μs, physical gate error rate 10⁻³, etc.). This is dramatically beyond current capabilities, but it sets a planning baseline.

Post-Quantum Cryptography transition

NIST’s first PQC FIPS standards (approved, deployable): NIST announced approval of three FIPS for PQC in August 2024: - FIPS 203 — Module-Lattice-Based Key-Encapsulation Mechanism Standard - FIPS 204 — Module-Lattice-Based Digital Signature Standard - FIPS 205 — Stateless Hash-Based Digital Signature Standard

FIPS 203 specifies ML‑KEM, derived from CRYSTALS‑Kyber, and enumerates parameter sets ML‑KEM‑512, ML‑KEM‑768, and ML‑KEM‑1024. FIPS 204 specifies ML‑DSA, designed for signatures and stated by NIST as believed secure even against adversaries with a large-scale quantum computer. FIPS 205 specifies SLH‑DSA, based on SPHINCS+.

NIST transition timeline signals (draft, but influential): NIST IR 8547 (Initial Public Draft, Nov 2024) is explicitly meant to guide timelines for federal agencies and industry. In its transition tables, it indicates that several classical public-key schemes at 112-bit security strength are deprecated after 2030 and disallowed after 2035, including ECDSA and RSA signatures and key-establishment schemes like classic Diffie-Hellman and ECC-based DH.

NSA CNSA 2.0 (national security systems perspective): NSA’s CNSA 2.0 advisory lists CRYSTALS‑Kyber for key establishment and CRYSTALS‑Dilithium for signatures (pre-FIPS naming, as the advisory predates NIST’s final naming), and states NSA expects the transition for NSS to be complete by 2035.

Practical PQC migration guidance for tech leaders

A credible transition narrative (without pretending it’s plug-and-play):

• Inventory and classify: identify where RSA/ECC live (TLS termination, VPNs, device identity, firmware signing, code signing, PKI hierarchies, HSMs). NIST IR 8547 highlights that multiple domains (protocol standards, crypto libraries, hardware, PKI, applications) are implicated.
• Plan for hybrids: in many real deployments, “hybrid key establishment” and “hybrid signatures” are used during transition, so you don’t have to bet the farm on a single new primitive immediately. NIST IR 8547 explicitly discusses hybrid techniques as migration considerations.
• Update crypto governance: PQC changes certificate sizes, handshake sizes, and performance; build test harnesses and rollout playbooks. (The fact that NIST already tracks errata/planned updates for PQC FIPS underscores that standards maturity is still evolving.)

PQC standards snapshot (what to name in your blog):

Need	“Quantum-vulnerable” today	NIST PQC standard (approved)	Notes
Key establishment / KEM	RSA key transport; (EC)DH	ML‑KEM (FIPS 203)	Derived from CRYSTALS‑Kyber; parameter sets ML‑KEM‑512/768/1024.
Digital signatures	RSA / ECDSA / EdDSA	ML‑DSA (FIPS 204) and SLH‑DSA (FIPS 205)	SLH‑DSA based on SPHINCS+.
Transition timing signal	Ongoing RSA/ECC reliance	Deprecate after 2030, disallow after 2035 (selected cases)	Draft guidance, but a strong planning indicator.

Real-world utility

Why quantum simulation is the “first principles” killer app (long-term)

Feynman’s foundational argument is that because the physical world is quantum mechanical, efficiently simulating generic quantum systems may require a computer built from quantum mechanical elements. This is why chemistry and material science remain the most credible “endgame” applications: as molecular complexity rises, classical methods often face exponential scaling or harsh approximations.

Drug discovery: what’s real today vs what’s plausible tomorrow

A useful way to pitch this to a tech audience is: quantum computing is mainly a new tool for electronic structure and hard optimisation subroutines, not a magic replacement for the whole pharmaceutical pipeline.

• Research direction and realism: A 2025 review in npj Drug Discovery argues quantum computing could influence drug development from molecular simulation to trial optimisation, while also acknowledging that mapping realistic biomolecular systems is out of reach for current NISQ devices and will require fault-tolerant systems.
• Concrete example (hybrid workflow): A 2025 EPJ D paper proposes a hybrid quantum graph neural network + VQE workflow to screen molecules (QM9 dataset), reporting strong predictive metrics (e.g., R² and mean absolute error) and using quantum components in a broader pipeline.

How to describe impact (without hype): - Near term: quantum-assisted property estimation in small active spaces, and hybrid ML/quantum pipelines that use quantum routines as evaluators for limited candidate sets. - Longer term (fault-tolerant): chemically accurate simulation of catalysts, reaction pathways, and strongly correlated electronic structures relevant to binding and synthesis planning—areas where classical approximations can be brittle.

Climate tech: carbon capture and materials

Carbon capture is fundamentally materials science: you need sorbents/catalysts with the right binding energies, selectivity, and stability.

• MOF carbon capture modelling (specific example): An EPJ Quantum Technology paper applies quantum computing to CO₂ adsorption in Al‑fumarate metal-organic frameworks, using fragmentation strategies (Density Matrix Embedding Theory) and VQE as a fragment solver to reduce qubit requirements—explicitly framing it as a step toward sorbent optimisation.
• Catalysis/carbon fixation computing requirements: Research in Physical Review Research analyses quantum resources needed for chemically accurate simulations of reaction pathways for carbon fixation catalysts, underlining why quantum chemistry remains a strategic target for quantum advantage.

Practical implication for innovators: Quantum computing’s most realistic climate impact path is indirect but profound: better simulations → better materials → better capture/convert processes, with early value likely appearing in hybrid workflows rather than standalone “quantum solves climate change” claims.

Reality check

What “NISQ” really means

John Preskill coined the NISQ framing to describe near-term devices with tens to perhaps ~100 qubits, where noise limits circuit depth, so these machines won’t “change the world right away,” but can be useful for exploring many-body physics and as a step toward fault tolerance. A major review in Reviews of Modern Physics similarly surveys what is plausible in the NISQ era while emphasising limits imposed by present noise levels.

Quantum advantage vs quantum utility — and why the bar keeps moving

• “Quantum supremacy/advantage” (narrow tasks): Google’s 2019 random circuit sampling result is a canonical example of a benchmark task designed to be hard for classical simulation.
• <u>\</u>“Quantum utility” (reliable computation beyond brute-force classical methods): IBM’s 2023 Nature paper claims evidence for utility on a noisy 127‑qubit processor, and IBM subsequently defined “quantum utility” as reliable computations beyond brute-force classical exact methods.
• Counter-pressure: classical algorithms improve, too. Follow-on work has argued that some “utility” experiments admit fast approximate classical simulations, illustrating how quickly the classical baseline shifts.

A realistic roadmap for “daily business” advantage

A sober forecast that remains anchored to published roadmaps and physics constraints:

• Now to late 2020s: Expect pockets of advantage/utility in carefully chosen workloads (sampling, expectation estimation, niche optimisation, small chemistry fragments), typically as quantum + HPC hybrid workflows. IBM’s roadmap explicitly discusses expanding utility/advantage and targeting milestones leading toward fault-tolerant modules and “scientific quantum advantage.”
• Around 2029–early 2030s (if roadmaps hold): The first broadly credible fault-tolerant systems may appear, but still at limited logical-qubit counts. IBM’s public target is Starling (2029): 200 logical qubits, 100 million gates, with a larger successor, Blue Jay (2033+): 2,000 logical qubits, 1 billion operations.
• Mid‑2030s+: More realistic for widespread “daily business” transformation—and for the point where the cryptographic threat becomes truly urgent, aligning with both NIST and NSA planning signals around 2035.

Bottom line: meaningful, repeatable business advantage is likely to arrive unevenly and domain-by-domain before it arrives “everywhere,” because fault tolerance, not qubit count, is the gating factor.