There is a comforting fiction in boardrooms: that somewhere ahead lies a single date when quantum computers switch on, encryption breaks, and the industry deals with it together. It is a tidy story. It is also wrong.
That tidy story will leave your most sensitive assets exposed for years longer than they need to be. Q-Day is not one date. It is a spectrum. Different cryptographic algorithms fall at different times, for different reasons, and the gap between the first and the last is measured in years. Treating it as a single calendar event is the fastest way to migrate the wrong things first.
What “breaking encryption” actually means
Two quantum algorithms drive the threat, and they behave very differently. The headline “quantum breaks encryption” conflates two very different fates: your asymmetric cryptography is in existential danger, while your strong symmetric cryptography is largely fine.
Shor’s algorithm (Peter Shor, 1994) attacks the mathematics underneath public-key cryptography — the factoring and discrete-logarithm problems behind RSA and elliptic-curve cryptography (ECC). Against these, a sufficiently large, fault-tolerant quantum computer is not incrementally faster; it is catastrophic. RSA and ECC do not weaken gracefully. They fail.
Grover’s algorithm (Lov Grover, 1996) is the milder threat. It speeds up brute-force search quadratically, which matters for symmetric ciphers such as AES. But quadratic is not exponential: Grover effectively halves the security level, so AES-256 retains roughly 128 bits of security — still comfortably out of reach. AES-128 is weakened but not trivially broken.
Why the timelines diverge
Even within the vulnerable algorithms, exposure is not uniform.
- RSA-1024 falls well before RSA-2048 — smaller keys require fewer logical qubits to break.
- ECC is acutely exposed. Its compact key sizes, prized for efficiency, mean it requires comparatively fewer quantum resources than RSA of equivalent classical strength.
- AES-256 is, on current understanding, resilient against the known quantum attacks for the foreseeable horizon.
- The NIST post-quantum standards — ML-KEM (FIPS 203), ML-DSA (FIPS 204) and SLH-DSA (FIPS 205), finalised by NIST in August 2024 and derived from CRYSTALS-Kyber, CRYSTALS-Dilithium and SPHINCS+ — are the replacements built to withstand both Shor and Grover.
The timing itself remains a genuine forecast, not a fact. The Global Risk Institute’s Quantum Threat Timeline Report 2025 places expert median estimates for a cryptographically relevant quantum computer broadly in the early-to-mid 2030s, with meaningful probability mass earlier. Resource estimates are also moving: in 2025, Google researcher Craig Gidney published academic research suggesting RSA-2048 could in principle be broken with under one million qubits — a sharp reduction from his own 2019 figure. That is a research estimate of what may become possible, not a deployed capability — but the direction of travel is one way.
Why a single date is the wrong planning unit
If RSA-1024, RSA-2048, ECC and AES all carry different risk on different horizons, then a single migration deadline forces a false choice. You either over-invest early on assets that are not yet at risk, or you under-protect the ones that are — including data already being harvested today under Harvest Now, Decrypt Later, where the relevant clock started years ago.
The intelligent unit of planning is not the calendar. It is the algorithm, weighted by the criticality and shelf-life of the data it protects.
This is precisely what SeQure’s QuRisc is built to do: forecast a separate Q-Day per algorithm class, identify cluster risk hotspots using correlation, forecast risks 5–10 years into the future and their corresponding CHF value impact, so migration can be sequenced by genuine exposure and risk in CHF rather than by a single, misleading headline year. Visibility first, then prioritisation: which algorithms, protecting which data, need to move first.
What this means for a Swiss bank
For institutions under FINMA supervision and within scope of DORA, the obligation is not “be quantum-safe by date X.” It is to demonstrate that you understand your cryptographic risk, have prioritised it sensibly, and are managing it. A per-algorithm view is what makes that demonstrable — and what turns an unbounded anxiety into a finite, sequenced, defensible roadmap.
The single date was always a fiction. The sooner it is retired, the sooner the real work — visibility, prioritisation, migration, crypto-agility — can begin.
See your bank’s per-algorithm Q-Day forecast → book a 30-minute discovery call at www.sequre.ch
Amit Agarwal is CEO and Co-Founder of SeQure AG, a Swiss quantum-security company for banks and financial institutions. He brings 25+ years across software, SaaS, payments and FinTech, and holds a quantum computing qualification from MIT’s executive education.
#SeQureAG #QuantumSecurity #PostQuantumCryptography #FINMA #DORA #SwissBanking #QDay #PQC #CryptographicInventory #CryptoAgility #AI #ArtificialIntelligence #Cybersecurity
Comments