MICKAI®
Article · 12 July 2026

How close is a cryptographically relevant quantum computer?

No one knows when a code-breaking quantum computer will arrive, so the responsible move is to protect long-lived data now, not later.

How close is a cryptographically relevant quantum computer?
Author
Micky Irons
Published
12 July 2026
Follow Micky Irons
LinkedInX
sovereign aipost-quantum cryptographyquantum computingharvest now decrypt latercyber security

Nobody knows the exact date, and credible estimates diverge widely, but long-lived secrets must be protected now, because harvest-now-decrypt-later adversaries are already capturing encrypted data.

In 2026 this is a live planning question, not a thought experiment. Regulated buyers in defence, finance and critical national infrastructure hold records that must stay secret for a decade or more, and migrating a large estate to quantum-safe cryptography takes years to inventory, test and complete.

What is a cryptographically relevant quantum computer?

A cryptographically relevant quantum computer is one large and stable enough to run Shor's algorithm and break the public-key cryptography securing today's stored data.

Public-key schemes such as RSA and elliptic-curve cryptography rest on mathematical problems that classical computers cannot solve at scale. Shor's algorithm, run on a sufficiently large and error-corrected quantum machine, solves them efficiently. The word relevant matters: a quantum computer that cannot yet run Shor's algorithm to completion against real key sizes is a scientific milestone, not a cryptographic threat. The threshold is capability against live cryptography, not raw qubit headlines.

How close is a cryptographically relevant quantum computer?, illustration 1

How far are today's machines from breaking encryption?

Today's quantum processors carry hundreds to low thousands of noisy physical qubits, while a code-breaker needs vast numbers of stable logical qubits.

The gap is not small. Leading processors today are measured in hundreds to low thousands of physical qubits, and each qubit is noisy, losing its state in fractions of a second. A code-breaker does not need raw qubits, it needs logical qubits: clusters of many physical qubits bound together by error correction so they behave as one reliable unit. Turning noisy hardware into stable logical qubits at the required scale is the central unsolved engineering problem, and progress is real but incremental.

How close is a cryptographically relevant quantum computer?, illustration 2

What does breaking RSA-2048 actually require?

Estimates vary, but a Shor attack on RSA-2048 needs many thousands of logical qubits, each built from many noisy physical qubits and sustained for hours.

Published estimates for a Shor attack on RSA-2048 land in the millions of physical qubits and many thousands of logical qubits, sustained coherently for hours. Every figure is a moving target as algorithms and error-correction schemes improve, which is exactly why no single date commands consensus. The table below sets what exists today against what an attack would demand.

QuestionWhere we are todayWhat a code-breaker needs
How many qubits?Hundreds to low thousands, physical and noisyMany thousands of stable logical qubits
Error correction?High error rates, short coherence timesFault tolerance across millions of physical qubits
Which algorithm?Shor's known, not runnable at scaleShor's sustained to completion on RSA-2048
What time horizon?No demonstration against RSA-2048Estimates diverge, no agreed arrival date
How close is a cryptographically relevant quantum computer?, illustration 3

Why plan now if the arrival date is unknown?

Because the threat is retroactive: encrypted data with a long secret life stolen today can be stored and decrypted once a capable machine exists.

Waiting for certainty is the wrong strategy because the risk is already here. An adversary can copy encrypted traffic and archives today, store them cheaply, and decrypt them the day a capable machine exists. This is called harvest-now-decrypt-later, and for data with a long secret life, diplomatic cables, intelligence files, health records and sealed contracts, the clock started years ago. DORA has been in force since January 2025 and NIS2 covers essential and important entities, so the duty to protect this data already carries legal weight.

The date of the first cryptographically relevant quantum computer is unknown, but the deadline to protect long-lived data has already passed.

How close is a cryptographically relevant quantum computer?, illustration 4

What do NIST, the NSA and the NCSC advise?

All three advise migrating to post-quantum cryptography now, not waiting. NIST published standards, the NSA sets CNSA 2.0 timelines, and the NCSC urges early planning.

NIST published its first post-quantum standards in 2024: FIPS 203 for key encapsulation, and FIPS 204 and FIPS 205 for digital signatures. The US National Security Agency, through CNSA 2.0, has set out timelines for national security systems to adopt quantum-resistant algorithms this decade. The UK National Cyber Security Centre likewise advises organisations to begin planning and inventory now. The consistent message from all three is to migrate early, because migration is slow and the threat is silent.

How does Mickai protect long-lived data today?

We sign every action in a post-quantum audit ledger and hold sensitive data offline behind a zero-egress perimeter, so it is never harvested at all.

Mickai is a Sovereign Intelligence Operating System, a SIOS, built and live and running offline on operator-owned hardware. Every action is sealed in a post-quantum signed audit ledger: FIPS 204 (ML-DSA) and FIPS 205 (SLH-DSA) sign the ledger, while FIPS 203 (ML-KEM) handles key encapsulation and never signs. Sensitive data sits behind a zero-egress inbound perimeter with hardware-attested identity bound to the audit chain, so it is not exposed to capture in the first place. Reasoning runs across our 50 brains, 25 domain and 25 operational, with cross-model consensus, entirely offline. This architecture is protected by 104 filed UK patent applications and 2,340 claims, owned by Mickai LTD (Companies House 17166618), filed and patent pending. The design principle is simple: the safest data against a future quantum computer is data that never left sovereign ground and was never harvested.

Frequently asked questions

Should we wait for a confirmed quantum threat before migrating?

No. Migration across a large estate takes years to inventory, test and roll out, and the harvest-now-decrypt-later risk means long-lived data is already exposed. NIST, the NSA and the NCSC all advise starting now rather than waiting for a demonstration.

Is my encrypted data already at risk today?

If it must stay secret for many years, yes. An adversary can capture and store it now and decrypt it later once a capable machine exists. Data with a short secret life carries far less exposure, so prioritise by how long each record must remain confidential.

Which cryptographic standards should we adopt?

Begin with the NIST post-quantum standards: FIPS 203 for key encapsulation, and FIPS 204 and FIPS 205 for digital signatures. National guidance such as CNSA 2.0 and NCSC advice sets sector timelines. We sign our audit ledger with FIPS 204 and FIPS 205, and use FIPS 203 for key encapsulation only.

Does a public cloud AI service protect my most sensitive data?

Public cloud AI services such as ChatGPT, Copilot and Gemini are strong choices for open and low-sensitivity work, where their scale and convenience are hard to beat. For the most sensitive data they are a poorer fit, because a US-based provider can be compelled under the CLOUD Act regardless of where servers sit. We keep that data offline on operator-owned hardware instead.

How does keeping data offline defend against a future quantum computer?

Harvest-now-decrypt-later depends on an adversary first capturing your encrypted data. Data held offline behind a zero-egress perimeter is never transmitted, so there is nothing to harvest and nothing to decrypt later. We pair that with post-quantum signing of the audit ledger, so both the data and its record stay verifiable.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/how-close-is-a-cryptographically-relevant-quantum-computer. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles