Shortening Timelines for Cryptographically Relevant Quantum Computers

A growing share of leading quantum experts now believe cryptographically relevant quantum computers (CRQCs) could arrive within the next five to 10 years.

In our latest Quantum Threat Timeline Report, roughly half of respondents assign a 50% or greater probability to a CRQC breakthrough within 10 years. These are the highest likelihood estimates in the past four surveys, pointing to a meaningful shift in expert expectations.

What’s changed?

Using the operational definition of a CRQC as one capable ofbreaking RSA-2048 in less than 24 hours, we asked 26 international quantumcomputing pioneers and major R&D players to assess when a CRQC mightemerge. Respondents also shared perspectives on key technical developments,including physical platforms and progress in quantum error correction.

Several developments over the past 12 months appear to be contributing to this change:

Rapid progress across multiple hardware platforms

Neutral atom systems have advanced significantly in both scale and control, emerging as a leading approach alongside superconducting and trapped-ion systems. All three platforms have demonstrated important milestones toward fault-tolerant quantum error correction.

Early demonstrations of logical qubits

While still at an early stage, multiple groups have now demonstrated key elements of logical quantum computing—showing that quantum information can be encoded across physical qubits in ways that suppress errors.

Reductions in resource estimates

Advances in algorithms, error correction strategies, and compilation techniques have reduced the physical resources required for large-scale quantum cryptanalysis, making previously distant scenarios more plausible.

Taken together, these advances help explain the shift in expectations reflected in this year’s results. Importantly, progress is not confined to a single technological pathway. Instead, it is advancing across multiple leading platforms in parallel.

At the same time, the pace of technical progress remains high. Ongoing experimental and theoretical advances continue to reinforce the underlying trajectory identified in the survey.

The risks go beyond data exposure

While much of the discussion around quantum risk has focused in the past on “harvest now, decrypt later” attacks, the implications of a CRQC extend well beyond retrospective data exposure and include, for example, the ability to forge signatures.

A sufficiently capable quantum computer would also threaten operational continuity—including software updates, authentication systems, financial transactions, secure communications and the integrity of AI systems and agents that depend on trusted data, models, and authenticated interactions. All of these rely on public-key cryptography for trust and functionality.

As timelines shorten, the risk of not completing the transition to quantum-safe cryptographic systems is becoming a material concern—essential not only for data protection but also to ensure that critical digital systems continue to operate securely.

The horizon could be even closer

While substantial technical challenges remain, sustained progress across hardware, error correction and algorithms is accelerating the likelihood of cryptographically relevant quantum computers. That’s furthered by the less-visible uncertainty around potential non-public progress being made.

Most estimates of CRQC timelines are grounded in published, peer-reviewed work. However, some research programs may not disclose their full capabilities or timelines. In addition, levels of transparency vary across organizations and jurisdictions.

There are also incentives that may lead experts to provide conservative estimates. In a field that has experienced cycles of hype and retrenchment, some respondents may be cautious in their projections. As one noted: “In the short term, hype can attract capital; in the longer term it risks slowing progress by provoking a funding retreat just when the underlying science is ready to pay off.”

Taken together, these factors suggest that published progress—and even expert assessments—may not capture the leading edge of development. To the extent timelines are conservative, the practical window for preparation could be even shorter than it appears.

Preparing for continuity in a post-quantum world

In this context, the key risk is not simply that encrypted data today may be exposed in the future. It is that core digital systems could fail to operate securely when quantum capabilities reach a critical threshold.

Migration to quantum-safe cryptographic systems can take years, and the timeframes are often longest in complex or regulated environments. This makes early, coordinated action toward quantum readiness across systems and infrastructure essential. The challenge is not predicting the exact timeline. It is ensuring that systems remain secure and operational across a range of plausible futures.

evolutionQ has been publishing the Quantum Threat Timeline Report annually since 2019 in partnership with the Global Risk Institute. Download our full Quantum Threat Timeline Report 2025 here and reach out if you have questions about how to make your cryptographic infrastructure post-quantum secure.