top of page
Search

Q-Day Is Moving Left: Why 2035 May Be a Dangerous Assumption

For years, the cybersecurity and risk community has had a convenient anchor point: ~2035 as a rough horizon for when quantum computers might begin to break widely deployed public-key cryptography.  I have been working towards that date myself for lack of any better predictor.

That timeline—often associated with guidance emerging from National Institute of Standards and Technology—has shaped roadmaps, funding decisions, and, in some cases, complacency.


But recent developments suggest we may need to seriously challenge that assumption.


A Shift From Theory to Capability



This is not just incremental progress.  Whereas Moore’s law was linear, the progress on Quantum is growing exponentially with the number of qubits added.


This signals a transition:

  • From experimental demonstrations

  • To credible early-stage capability


We are no longer debating if quantum advantage is possible—we are now observing the first hints of it and where it begins to matter.


Why This Pulls Q-Day Forward

There’s a critical misunderstanding in how many organizations think about Q-Day.

They treat it as a fixed point in time—a moment when a machine suddenly becomes powerful enough to break RSA or ECC.


In reality, Q-Day is the outcome of multiple accelerating curves:

  • Qubit stability and error correction

  • Algorithmic efficiency (especially around Shor’s algorithm)

  • Hardware scaling and engineering breakthroughs

  • Hybrid classical–quantum optimization

When even one of these curves bends faster than expected, the entire timeline compresses.

What we are now seeing is evidence that several of these curves are bending at once.


The Real Risk: You Won’t See It Coming


Here’s the uncomfortable part.


We are unlikely to get a clean, public signal that says:

“Quantum computers can now break encryption.”


Instead, the earliest indicators may be:

  • Classified capabilities

  • Nation-state breakthroughs not immediately disclosed

  • Sudden shifts in intelligence advantage

Which means by the time Q-Day is confirmed, it may have already occurred in practice.


“Harvest Now, Decrypt Later” Is No Longer Hypothetical

Even if cryptographically relevant quantum computers are still a few years away, the risk window is already open.


Sensitive data with long lifetimes—think:

  • Financial transactions

  • State communications

  • Identity systems

  • Critical infrastructure data

can be captured today and decrypted later.  In fact, it has been.  The largest example of such a breach is the exfiltration of records a few years ago from the Office of Personnel Management in the US.


This fundamentally breaks the traditional model of risk timing.


You are not protecting data for today’s adversaries. You are protecting it against future capabilities that may already be planned for.


Why 2035 May Be Too Late as a Planning Assumption

If you take the 2035 timeline at face value, most large organizations would plan PQC migration somewhere between:

  • 2030–2035 (design + rollout)


But that ignores three realities:

  1. Crypto migration takes longer than expected (often a decade in large enterprises)

  2. Discovery of cryptographic dependencies is incomplete in most environments

  3. Business resistance and architectural inertia slow everything down


In practice, waiting until the 2030s to act means finishing after the risk materializes.  Think of the Y2K projects at the end of the 20th century, and you realize the timescale we are talking about to touch every system in a company.


What I’m Seeing in Large Institutions

Across the industry—especially in some large, complex environments—the pattern is familiar:

  • Distributed ownership of cryptography

  • Limited crypto-agility

  • PQC treated as an emerging topic rather than a transformation program

  • Leadership assuming there is still “plenty of time”

That assumption is becoming increasingly fragile.


What a Rational Response Looks Like

If the timeline is uncertain—but plausibly shorter than expected—the only defensible strategy is to pull action forward.


And here’s the important nuance:none of this is “quantum-only” work. Much of what needs to happen is simply good security hygiene that has been deferred for years—quantum is just the forcing function.


Organizations should be:

  • Establishing a cryptographic inventory (what you actually use, where, and why)

  • Eliminating hard-coded and unmanaged cryptography

  • Identifying long-lived data and high-value assets

  • Building crypto-agility into architecture (so Quantum resistant algorithms can be swapped without breaking systems)

  • Strengthening key management and lifecycle practices


These are things we should already be doing.


Quantum doesn’t create the need—it removes the excuse to delay it.

In that sense, PQC is not just a defensive response to a future threat.It’s an opportunity to modernize cryptographic practices that are already lagging behind today’s risk landscape.


Final Thought


The biggest mistake organizations can make right now is anchoring on a date like 2035 and treating it as a deadline.
IT'S NOT

It’s a guess—and increasingly, it looks like an optimistic one.

Q-Day isn’t arriving all at once.It’s creeping toward us through a series of breakthroughs that, taken individually, seem manageable…

…but collectively may be pulling the future forward faster than we are prepared for.

If you’re working through quantum risk, crypto-agility, or PQC strategy, I’d welcome a conversation. The window to prepare may be shorter than we think.
 
 
 

Recent Posts

See All

Comments

bottom of page