Quantum Decryption Is Closer Than You Think
While Estimates for Cracking Public-Key Encryption Are Collapsing, OpenMatter Is Built on Math Quantum Can't Break
On June 22, the United States issued an executive order giving federal agencies until the end of 2030 to move their most sensitive systems off the public-key encryption protecting them today, and until 2031 to replace the digital signatures underneath it. Deadlines don’t get issued like that unless someone close to the President is convinced the threat is close.
This issue is about why they’re right. The estimates for how big a quantum computer would need to be to break RSA have fallen four orders of magnitude in fifteen years, and the drops are coming faster each time. The skeptics who spent two decades deflating quantum hype are now naming a year. And the same day the U.S. government set its cryptographic deadline, it signed a second order to push the hardware forward faster.
Quantum decryption is closer than you think. What follows is how we got here, where we’re headed, and why OpenMatter runs on cryptography quantum can’t break.
OpenMatter is chairing the Decentralized AI Agent Alliance’s Agentic Privacy & Security subgroup. The first meeting will be held on July 1, 2026 at 12pm EDT, and continuing every other Wednesday thereafter. Please join us.
Quantum Decryption Is Closer Than You Think
Breaking Public-Key Encryption Gets Easier Every Year, Which Is Exactly Why OpenMatter Never Relied on It
Most stories about the quantum threat tell it as a single countdown, like it’s the ball dropping in Times Square on New Year’s Eve. In this analogy, there is one clock, ticking toward a time called Q-Day, when a computer finishes factoring a number that was once believed to be impossible to factor. At this moment, much of the encryption upon which modern life depends fails.
It’s a clean image, but it’s also the wrong image. The quantum timeline isn’t one clock. Instead, it’s two freight trains, moving toward each other from opposite directions. One train is the math, while the other is the hardware. Q-Day is what happens when these two trains collide. And the trains won’t be late. Increasingly, it looks like they’ll arrive much earlier than many thought.
The First Train Is Falling Estimates
Let’s start with the train that’s been moving the fastest. That train is the math, the resource estimates for how big a quantum computer would actually need to be to break RSA-2048, the public-key scheme securing your bank, your browser, and most of the internet’s plumbing.
In 2012, an estimate put the cost at roughly a billion noisy qubits. By 2019, Craig Gidney and Martin Ekerå had pulled that down to about 20 million physical qubits. In May 2025, Gidney did it again: under one million noisy qubits, a roughly twentyfold reduction in six years. And in February 2026, a group in Sydney went further, arguing that with better error-correcting codes you could get under 100,000 physical qubits. Across two decades, the requirement has dropped four orders of magnitude.
This train didn't speed up by laying a new track. It sped up through cleverness — approximate residue arithmetic that lets the computer stop holding the entire 2048-bit number at once, smarter codes, and qubits recycled across steps. A quantum attack can be closer than ever without a single new qubit being built. Gidney himself doesn't see another easy tenfold cut under his current assumptions. But "under current assumptions" is exactly the phrase that's been wrong, repeatedly, for fifteen years.
The Second Train Is Rising Hardware
Although the math train is traveling at full speed ahead, the hardware train is moving more slowly. The best error-corrected hardware in the world right now runs around a hundred physical qubits (Google’s Willow at 105, Quantinuum’s trapped-ion systems in the same range), and the logical qubits you can squeeze out of them number in the dozens, not the thousands. Encoding one reliable logical qubit still costs hundreds of physical ones. IBM’s first fault-tolerant machine, Starling, targets roughly 200 logical qubits from about 10,000 physical in 2028 or 2029. None of these can run Shor’s algorithm against RSA at scale.
What moved this year is the estimate of when they will. In March 2026, Google set a deadline to migrate its own infrastructure to post-quantum cryptography by 2029, citing faster-than-expected progress on hardware, error correction, and the very factoring estimates above. Cloudflare, which fronts a large share of the internet’s traffic, pulled its deadline to the same year. And in June 2026, the United States turned the timeline into law. An executive order now requires U.S. agencies to move their most sensitive systems to post-quantum encryption by the end of 2030, with digital signatures to follow a year later.
Scott Aaronson, for two decades the field’s most reliable skeptic and the person who made a career deflating quantum hype, now relays that the hardware experts he trusts expect a cryptographically relevant machine by around 2029. He allows that they might be wrong. Then he stops hedging. When the people whose instinct is to doubt start chalking the same year on the board, the year is the story.
Which Track Are You Standing On?
Our whole thesis at OpenMatter is to trust the math, not the hardware. The quantum threat is where that principle has to get specific, because the trains run on only one kind of track. Shor's algorithm breaks the public-key cryptography securing most of the internet, and that's the track the trains are barreling down. It does nothing, as far as anyone knows, to the hard lattice problems underneath the new NIST standards. Those sit on a different track, one the trains were never built to run on. "Trust the math" only protects you if your secrets are parked where the collision can't reach.
We built on that track from the start, not as a retrofit. OpenMatter’s cryptography uses lattice-based primitives aligned to the NIST post-quantum standards, not classical cryptography with a quantum patch bolted on later. The threshold system that protects an agent’s secrets runs on the same lattice foundations, designed to resist both classical and quantum attack. The point isn’t only confidentiality today; it’s durability. A verifiable audit trail you generate now should still verify in ten years, while a hardware attestation made today proves nothing about a chip that’s been retired.
The two trains are still closing, but the secrets we protect aren’t parked on their track. When the trains finally meet, the question won’t be how long your key was. It’ll be which track you trusted your secrets to, and whether you can still prove it.
— The OpenMatter Team
If you know someone who would benefit from reading this article, please share it:
Watch CEO and co-founder of OpenMatter, Renee Davis, discuss why OpenMatter is building the infrastructure layer for secure AI collaboration.
Industry Updates
Executive Order Sets 2030 Deadline for Federal Agencies to Adopt Post-Quantum Encryption
Signed June 22, 2026, “Securing the Nation Against Advanced Cryptographic Attacks” gives federal agencies hard dates to move their most sensitive systems off today’s public-key cryptography: post-quantum key establishment for high-value and high-impact systems by the end of 2030, and digital signatures by the end of 2031.
The order also reaches the private sector, directing the federal acquisition rules to require covered contractors to meet NIST’s post-quantum standards by 2030, while leaving national-security systems on the NSA’s separate track. Cloudflare, which already serves post-quantum encryption to roughly two-thirds of the browser traffic hitting its network, calls it the moment the transition stops being optional and starts being mandatory.
The deadline isn’t a reaction to any single breach but the government conceding what the falling cost estimates already told us: the cryptography running the internet has an expiration date, and it’s close enough now to legislate around.
Second Executive Order Launches National Push to Build a Research-Scale Quantum Computer
Signed the same day as the cryptography mandate, “Ushering in the Next Frontier of Quantum Innovation” directs a whole-of-government effort, the QC-ADDS initiative, to develop a research-scale quantum computer and deliver at least one to a Department of Energy facility for the scientific community, explicitly citing “other nations moving quickly to challenge American leadership.”
Unlike the cryptography order, it sets no hard date for the machine itself; the Energy Department is given 180 days only to study the cost, scope, and timeline, though the order does fix a 2028 target for fielding next-generation quantum sensors.
OpenMatter is building the verifiable trust layer that enables AI agents to securely collaborate on sensitive data sets. If you’re in a regulated industry and need a better way to prove that your data is secure, contact our team to learn how masked compute can help.
This seems very unlikely. Do you listen to David Deutsch? The guy who came up with the theory of quantum computing ?