‘It’s a real shock’: quantum-computing breakthroughs pose imminent risks to cybersecurity
Summary
Two independent preprints — one from Google and one from the start-up Oratomic — argue that quantum computers capable of breaking widely used encryption could arrive far sooner than many expected, possibly before the end of this decade. The Oratomic team, leveraging atom-trap quantum hardware and recent software advances, claims techniques that could reduce the qubit count needed to crack P-256 keys to the order of 10,000 qubits. The findings have triggered alarm among security firms (Cloudflare among them), cryptographers and financial institutions, although the studies are preprints and not yet peer reviewed.
Key Points
- Two new preprints (Google and Oratomic) suggest quantum attacks on current encryption could be viable much sooner than the previously assumed 10+ year horizon.
- Oratomic reports methods that might reduce the quantum resources needed to break P-256 to ~10,000 qubits by exploiting atom-trap architectures and recent algorithmic advances.
- Potential targets include TLS/SSL (internet communications), credit-card systems, cryptocurrencies and other systems relying on P-256 or similar elliptic-curve cryptography.
- Industry reaction is urgent: cybersecurity companies and banks are reassessing timelines for deploying quantum-safe measures.
- The papers are preprints and contain assumptions about error rates, hardware scaling and software improvements — real-world engineering challenges remain.
- Techniques that reduce resource requirements could accelerate useful quantum applications beyond cryptography, such as materials science and optimisation.
- Experts warn of “harvest-now, decrypt-later” risks: adversaries could record encrypted traffic today to decrypt when quantum-capable machines exist.
Content summary
The Nature article reports on two preprints posted on 31 March 2026. One is from a Google-affiliated team and the other from Oratomic, a Pasadena start-up. Both analyses re-evaluate the quantum resources and algorithms needed to break standard public-key systems. Oratomic’s work focuses on atom-trap quantum hardware and combines recent software and error-mitigation advances to argue that attacks on P-256 could be done with far fewer qubits than earlier estimates.
Reaction across the field has been immediate: researchers describe the results as a shock and a renewed urgency to accelerate deployment of post-quantum cryptography. Companies that help protect internet traffic are reassessing protective timelines. However, the article stresses that these are preprints and that significant engineering work remains before a practical quantum hack can be mounted.
Context and relevance
This story matters because much of today’s secure digital infrastructure — from web traffic to cryptocurrencies — depends on cryptographic algorithms thought to be safe from near-term quantum attacks. If the new estimates are accurate, organisations and governments will need to speed up migration to quantum-resistant algorithms and take short-term countermeasures (for example, reducing the lifetime of keys, prioritising post-quantum upgrades for high-value data and guarding against recorded data attacks).
The debate also highlights a broader reality: improvements in both quantum hardware (especially atom-based qubits) and quantum software can change threat timelines quickly. Even if practical attacks are not immediate, the risk window for “harvest-now, decrypt-later” compromises becomes more pressing.
Why should I read this?
Because if you care about money, privacy or keeping systems online, this one’s worth a look. These papers say the quantum threat might land sooner than people assumed — that changes when you need to act. Whether you run servers, manage keys, hold crypto or just worry about your data, the practical takeaway is: don’t be blasé. Start checking whether your systems are ready for post-quantum crypto and whether sensitive archives need extra protection right now.
Author style
Punchy: the article conveys a real sense of urgency and surprise in the community. It amplifies why the details matter — not just to quantum researchers but to security teams, financial institutions and anyone storing encrypted records.