Q-Day is the hypothetical moment when a quantum computer becomes powerful enough to break RSA-2048 encryption — the cryptographic standard that protects most of the internet today. Banks, governments, hospitals, and nearly every secure website rely on it. When Q-Day arrives, that protection effectively disappears.
Why encryption matters
When you visit a website over HTTPS, log into your bank, or send a private message, your data is scrambled using mathematical problems that classical computers cannot solve in any reasonable timeframe. RSA encryption works because factoring enormous numbers — the mathematical core of the system — is practically impossible for today's machines. A number with 2048 binary digits would take a classical computer longer than the age of the universe to crack.
Quantum computers change this equation entirely. Using an algorithm developed by mathematician Peter Shor in 1994, a sufficiently powerful quantum machine could factor those same numbers in hours or even minutes.
When could it happen?
No one knows exactly. Estimates from leading institutions range from 2029 (Google's internal security planning horizon) to 2035 (the Global Risk Institute's most conservative forecast). The uncertainty stems from the enormous engineering challenge of building a cryptographically relevant quantum computer — one with enough stable, error-corrected qubits to run Shor's algorithm at scale.
Today's most advanced quantum processors have thousands of physical qubits, but running Shor's algorithm against RSA-2048 would require millions of error-corrected logical qubits. That gap is real — but it is closing faster than many experts expected.
What is being done?
The good news: the world is not waiting. NIST finalized its first post-quantum cryptography standards in 2024, providing organizations with quantum-resistant encryption algorithms they can begin adopting now. Governments and major technology companies are already migrating critical systems.
The bad news: migration takes time — often years. And attackers are already collecting encrypted data today, betting they can decrypt it once Q-Day arrives. This "harvest now, decrypt later" strategy means the clock is already running, even if Q-Day itself is still years away.