Y2Q, “Years to Quantum,” refers to the estimated time remaining before a quantum computer capable of breaking widely deployed public-key cryptography becomes operational. It is a planning horizon, not a fixed date, and it drives urgency across government, finance, and technology sectors.
The threat is specific. RSA and elliptic-curve cryptography, which secure most internet traffic, rely on the computational difficulty of factoring large integers and computing discrete logarithms. Shor’s algorithm can solve both problems efficiently on a fault-tolerant quantum computer. No such machine exists today. Current processors are orders of magnitude too small and too error-prone to threaten real-world encryption keys. Estimates for when a cryptographically relevant quantum computer might be built range from ten to thirty years, with significant uncertainty.
The timeline matters now because of the “harvest now, decrypt later” threat. Adversaries can intercept and store encrypted communications today, then decrypt them once sufficiently powerful quantum hardware becomes available. Data with long-term sensitivity, such as government communications, medical records, and financial transactions, is already at risk even though the decryption capability does not yet exist.
This is why the migration to post-quantum cryptography has begun well ahead of Y2Q. NIST finalized its first post-quantum cryptographic standards in 2024, and major technology companies are integrating these algorithms into their infrastructure. The transition is complex, touching every layer of digital communication, and will take years to complete. Organizations that delay risk finding themselves exposed when the timeline, however uncertain, eventually arrives.
Subscribe on Substack at https://qubitguy.substack.com/
