Q-Day ist der vorhergesagte Moment, an dem ein Quantencomputer mächtig genug wird, um die RSA-Verschlüsselung zu brechen — das System, das heute den größten Teil des Internetverkehrs, das Bankwesen und die Kommunikation schützt. Wenn er eintrifft, können alle mit aktuellen Standards verschlüsselten Daten rückwirkend entschlüsselt werden.

Wann werden Quantencomputer die RSA-Verschlüsselung brechen?

Die Schätzungen variieren: Das interne Sicherheitsteam von Google plant für 2029, NIST und die NSA planen 2030 als kritische Migrationsfrist, und das Global Risk Institute setzt eine 50-prozentige Wahrscheinlichkeit auf 2035. Die Zeitlinie hängt stark von den Fortschritten bei der Qubit-Qualität und der Fehlerkorrektur ab.

Bin ich bereits durch Quantencomputer gefährdet?

Harvest-now-decrypt-later-Angriffe finden bereits statt — staatliche Akteure sammeln heute verschlüsselte Daten, um sie zu entschlüsseln, sobald ein leistungsfähiger Quantencomputer verfügbar ist. Sensible Daten mit langer Haltbarkeit wie Krankenakten, Finanzgeschichte und Staatsgeheimnisse sind am stärksten gefährdet.

Was ist Post-Quanten-Kryptografie?

Post-Quanten-Kryptografie (PQC) bezeichnet kryptografische Algorithmen, die gegen Quantenangriffe sicher sind. Im Jahr 2024 veröffentlichte NIST die ersten PQC-Standards — CRYSTALS-Kyber und CRYSTALS-Dilithium — um die anfällige RSA- und ECC-Verschlüsselung zu ersetzen.

Was kann ich tun, um mich auf Q-Day vorzubereiten?

Wenn Sie kritische Infrastrukturen betreiben oder sensible langlebige Daten verarbeiten, beginnen Sie mit einem kryptografischen Inventar, folgen Sie NISTs Leitfaden zur Post-Quanten-Migration und starten Sie den Übergang zu PQC-fähigen Systemen. Die meisten großen Cloud-Anbieter bieten bereits PQC-kompatible TLS-Optionen an.

Werden Bitcoin und Kryptowährungen Q-Day überleben?

Die meisten Kryptowährungen verwenden Elliptische-Kurven-Kryptografie (ECC) für Wallets, die für Quantenangriffe anfällig ist. Bitcoins ECDSA-Signaturen könnten durch einen ausreichend großen Quantencomputer gebrochen werden. Die Krypto-Community diskutiert aktiv Post-Quanten-Migrationspfade.

Q-Day Countdown | Wann werden Quantencomputer die Verschlüsselung knacken?

Das Rennen

Meilensteine der Quantencomputer

2019

Quantum Supremacy — Sycamore

53-qubit chip completes a task in 200 s that a supercomputer would need ~10,000 years for.

2022

Surface Code Logical Qubit

First proof that adding more physical qubits reduces logical error rate — below-threshold error correction confirmed.

2023

QEC Below Threshold at Scale

72-qubit device demonstrates logical qubit with error suppression better than any single physical qubit.

2024

Willow — Exponential Error Reduction

105 qubits. Each code distance step halves error rate. Benchmark: 5 min vs. 10²⁵ years classically.

2025

First Verifiable Quantum Advantage

65-qubit subsystem of Willow produces certified random bits — impossible to fake or replicate classically.

2029 — Target

Fully Error-Corrected Computer

Google's stated goal: a useful, error-corrected quantum computer capable of tackling real-world problems.

scrollen →

2021

Eagle — 127 Qubits

First chip to break the 100-qubit barrier. Heavy-hexagonal layout reduces error rates between neighbors.

2022

Osprey — 433 Qubits

Quadrupled qubit count in one generation. IBM publishes roadmap to 4,000+ qubit systems.

2023

Condor — 1,121 Qubits

World's first 1,000+ qubit chip. 50% increase in qubit density. Also ships Heron (133Q) with best-in-class gate fidelity.

2024

Flamingo — Multi-Chip Quantum Link

462-qubit chip with built-in quantum communication link — first step toward connecting multiple processors.

2026 — Target

Kookaburra — 4,158 Qubits

Three 1,386-qubit chips linked via chip-to-chip couplers — IBM's first large-scale multi-chip system.

2029 — Target

Fault-Tolerant System

IBM roadmap end-goal: fault-tolerant quantum computer with tens of thousands of logical qubits.

scrollen →

2022

Topoconductor Discovered

Microsoft creates the world's first topoconductor — a material enabling topological superconductivity, previously only theoretical.

2023

Majorana Zero Modes Confirmed

Peer-reviewed evidence in Physical Review of inducing topological Majorana modes — the building block of topological qubits.

Feb 2025

Majorana 1 — First Topological Chip

8 topological qubits on a chip designed for 1 million. Digital qubit control vastly simplifies quantum computing architecture.

~2027 — Target

Topological Qubits at Scale

Microsoft claims its approach will reach a cryptographically relevant scale "in years, not decades" — potentially leapfrogging competitors.

scrollen →

2016

PQC Competition Launched

NIST calls for submissions of quantum-resistant cryptographic algorithms. 69 candidates enter from teams worldwide.

2022

NSA: Migrate Critical Systems by 2030

NSA's CNSA 2.0 directive orders U.S. national security systems to complete post-quantum migration by 2030.

2024

First PQC Standards Published

NIST finalizes CRYSTALS-Kyber, CRYSTALS-Dilithium, and SPHINCS+ — the world's first post-quantum cryptography standards.

2030 — Deadline

NSA Migration Deadline

All U.S. national security systems must complete migration to post-quantum cryptography. Most global infrastructure still at risk.

2035 — Risk Window

Global Risk Institute Q-Day Estimate

GRI's 50% probability estimate: the moment a quantum computer can crack RSA-2048 arrives by 2035.

scrollen →

2021

$450M Series D

Largest quantum funding round to date. Bet: silicon photonic chips manufactured at scale using standard CMOS semiconductor fabs.

2023

GlobalFoundries Partnership

First quantum company to manufacture chips in a commercial semiconductor fab — enabling mass production of photonic qubits.

Feb 2025

Omega Photonic Processor

Silicon photonic processor unveiled — key building block toward a fault-tolerant machine with 1M+ physical qubits.

2025

$1B Raise — $7B Valuation

World's most-funded quantum startup. Backed by Microsoft, HSBC, BlackRock among others.

2027–2028 — Target

1,000,000 Physical Qubits

First commercially useful fault-tolerant quantum computer with 1M+ photonic qubits — potentially enabling Shor's algorithm against RSA.

scrollen →

2021

IPO — First Pure-Play Quantum Stock

IonQ lists on NYSE — the first publicly traded company focused solely on quantum computing.

2023

Forte — 35 Algorithmic Qubits

Trapped-ion system reaches 35 #AQ — one of the highest-quality qubit metrics in the industry.

2024

Real-World Quantum Speedup

Engineering firm Ansys uses IonQ to accelerate fluid dynamics analysis for medical devices — 12% speedup over classical computing.

2028 — Target

Cryptographically Relevant QC

IonQ roadmap targets a CRQC capable of running Shor's algorithm on RSA-2048 — requires ~4,000 logical qubits.

2030 — Target

2M Physical / 80K Logical Qubits

Long-term: a trapped-ion system with 2 million physical qubits and 80,000 logical qubits for broad quantum advantage.

scrollen →

2021

First Fully Error-Corrected Logical Qubit

Demonstrates a fully error-corrected logical qubit using the Steane code — a world first in quantum error correction.

2022

H1 — World Record Quantum Volume

H1 processor sets a world record quantum volume score — a holistic measure of overall system capability.

2024

H2 — 56 Trapped-Ion Qubits

H2 ships with best-in-class two-qubit gate fidelity (>99.9%). Partners with Microsoft on logical qubit research.

2025

12 Logical Qubits — 800× Error Reduction

With Microsoft: runs 12 logical qubits on H2 with error rates 800× better than physical qubits — largest logical qubit demo to date.

Late 2020s — Target

Small Fault-Tolerant Machine

Roadmap: tens of logical qubits fully fault-tolerant — sufficient for early quantum advantage in chemistry and materials science.

scrollen →

Erklär-Artikel

Was ist Q-Day und warum sollte es dich interessieren?

Q-Day refers to the moment a quantum computer becomes powerful enough to break RSA encryption — the foundation of most internet security today. Here's what that means for you.

Technologie

Post-Quanten-Kryptografie: Das Rennen zum Schutz des Internets

NIST has finalized its first post-quantum encryption standards. But how quickly will the world actually adopt them — and is it fast enough?

Forschung

Googles Willow-Chip: Ein Meilenstein auf dem Weg zu Q-Day

Google's latest quantum processor raises the stakes. We break down what the Willow breakthrough actually means for the Q-Day timeline.

Standards & Politik

NIST wählt HQC: Ein Backup-Schutz gegen Quantenangriffe

In March 2025, NIST chose HQC as a fifth post-quantum algorithm — a fallback built on entirely different mathematics, in case the primary standard ever falls.

What is Q-Day?

Q-Day is the predicted moment when a quantum computer becomes powerful enough to break RSA encryption — the system protecting most internet traffic, banking, and communications today. When it arrives, any data encrypted with current standards can be decrypted retroactively.

When will it happen?

Estimates vary: Google's internal security team targets 2029, NIST and the NSA are planning for 2030 as a critical migration deadline, and the Global Risk Institute puts a 50% probability on 2035. The timeline depends heavily on progress in qubit quality and error correction.

Am I already at risk?

"Harvest now, decrypt later" attacks are already happening — state actors are collecting encrypted data today to decrypt once a capable quantum computer exists. Sensitive data with long shelf-life (medical records, financial history, state secrets) is most at risk.

What is post-quantum cryptography?

Post-quantum cryptography (PQC) refers to cryptographic algorithms designed to be secure against quantum attacks. In 2024, NIST published the world's first PQC standards — CRYSTALS-Kyber and CRYSTALS-Dilithium — to replace vulnerable RSA and ECC encryption.

What can I do?

If you run critical infrastructure or handle sensitive long-lived data: begin a cryptographic inventory, follow NIST's migration guidance, and start transitioning to PQC-ready systems. Most major cloud providers are already offering PQC-compatible TLS options.

Will Bitcoin and crypto survive Q-Day?

Most cryptocurrencies use elliptic curve cryptography (ECC) for wallets — which is vulnerable to quantum attacks. Bitcoin's ECDSA signatures could be broken by a sufficiently large quantum computer. The crypto community is actively discussing post-quantum migration paths.

2016

NIST

PQC Competition Launched

NIST calls for quantum-resistant cryptography submissions. 69 candidates enter from teams worldwide.

2019

Google

Sycamore — Quantum Supremacy

53-qubit chip solves a task in 200 s that would take a classical supercomputer ~10,000 years.

2021

IBM

Eagle — 127 Qubits

First chip to break the 100-qubit barrier. IBM announces a fault-tolerant QC target by 2029.

2021

Quantinuum

First Error-Corrected Logical Qubit

Fully error-corrected logical qubit demonstrated using the Steane code — a world first.

2022

Google

Surface Code Below Threshold

Proven: adding physical qubits to a logical qubit reduces errors. A foundational QEC milestone.

2022

NSA

CNSA 2.0 — Migrate by 2030

NSA orders U.S. national security systems to complete post-quantum migration by 2030.

2023

IBM

Condor — 1,121 Qubits

World's first 1,000+ qubit chip. Also ships Heron (133Q) with best-in-class gate fidelity.

2023

Harvard / QuEra

48 Logical Qubits

First logical quantum processor using neutral atoms — 48 logical qubits at 99.5% gate fidelity.

2023

Microsoft

Majorana Zero Modes Confirmed

Peer-reviewed evidence of Majorana modes — the building block of Microsoft's topological qubit.

2024

Google

Willow — Exponential Error Reduction

105 qubits. Each code distance step halves error rate. 5 min vs. 10²⁵ years classically.

2024

NIST

First PQC Standards Published

CRYSTALS-Kyber, Dilithium, SPHINCS+ — the world's first post-quantum cryptography standards.

Feb 2025

Microsoft

Majorana 1 — Topological Chip

8 topological qubits on a chip built for 1 million. A new state of matter applied to quantum computing.

2025

Google

Verifiable Quantum Advantage

First quantum result impossible to replicate classically — certified random bit generation on Willow.

2025

PsiQuantum

$1B Raise + Omega Processor

World's most-funded quantum startup ($7B valuation). Photonic chip targeting 1M+ qubits by 2028.

Projected

2026

IBM · Target

Kookaburra — 4,158 Qubits

Three 1,386-qubit chips linked via quantum communication — IBM's first large-scale multi-chip system.

2028

IonQ · Target

Cryptographically Relevant QC

A machine capable of running Shor's algorithm on RSA-2048 — requires ~4,000 logical qubits.

2029

Google · IBM · Target

Fault-Tolerant Computers

Both companies target 2029 for fully error-corrected, commercially useful quantum computers.

2030

NSA · Deadline

PQC Migration Deadline

All U.S. national security systems must have completed post-quantum cryptography migration.

2035

GRI · Estimate

Q-Day Probability Peak

Global Risk Institute's 50% probability estimate: a quantum computer capable of breaking RSA-2048.

scrollen →

We are already having the wrong conversation in cryptography if we argue about whether we have one, three, or five years before quantum computers will break today's security algorithms. We must always be ahead of the curve — especially in the era of 'Store now, decrypt later'.

Johann Polecsak Co-Founder & CTO — QANplatform

In three to five years' time, we will have that moment where from a cryptographic standpoint we have to adapt to quantum, for sure.

Sundar Pichai CEO — Google · Bloomberg, Feb 2025

Preparing for a post-quantum world will be a complex change programme that makes fixing the Millennium Bug look easy.

Ollie Whitehouse Chief Technologie Officer — NCSC, UK National Cyber Security Centre

The averaged expert estimate of the probability of a cryptographically relevant quantum computer emerging within the next 10 years is now between 28% and 49% — the highest in this report's history.

Michele Mosca Co-founder, evolutionQ — Professor, University of Waterloo · Quantum Threat Timeline Report 2025

Q-Day could come as soon as 2025. The question is not if, but when — and most organisations are dangerously unprepared.

Tilo Kunz Executive VP — Quantum Defen5e · US Defense Information Systems Agency briefing

Elliptic curves are going to die. There is about a 20% chance that quantum computers capable of breaking today's cryptography arrive before 2030 — and that is not a risk Ethereum can afford to ignore.

Vitalik Buterin Co-founder — Ethereum · Devconnect, Buenos Aires, Nov 2025

It's a really serious threat, and I think the modern crypto community doesn't fully understand just how serious it is. My forecast is a matter of years — not decades.

Dmitry Gerasimov CEO — Demlabs · Founder, Cellframe Network · post-quantum blockchain infrastructure

When a suitably powerful quantum computer becomes available, conventional digital signature schemes will be broken — and all existing ledgers will be susceptible to attack. I built QRL because this is not a theoretical problem.

Peter Waterland Founder & Lead Developer — Quantum Resistant Ledger (QRL)

Q-Day

Wie wird dieser Countdown ermittelt?

Get in touch

Keep Q-Day ticking