CRQC, a 2025 perspective

Introduction: What Are CRQCs?

Cryptographically Relevant Quantum Computers (CRQCs) are quantum computing systems capable of executing quantum algorithms, such as Shor’s algorithm, at scales sufficient to break modern public-key cryptosystems such as RSA and ECC. Unlike general-purpose quantum computers, CRQCs refer specifically to those with enough qubits and low enough error rates to threaten real-world cryptography.

As of 2025, CRQCs are not yet a reality. However, growing investments by tech giants (Google, IBM, Microsoft), combined with rapid advancements in quantum error correction and qubit stability, suggest that such machines may emerge within 10–20 years. The looming threat of a so-called “Q-Day”—the point when a CRQC can decrypt today’s encrypted data—is already prompting governments and industry to adopt post-quantum defenses  [1].

Technical Update: CRQC Progress and Projections

Quantum Hardware Milestones

In December 2024, Google unveiled Willow, a quantum processor with 105 physical qubits and improved two-qubit gate fidelity. While insufficient for running Shor’s algorithm on practical RSA keys, it demonstrates consistent scaling toward fault-tolerant systems  [2]. Researchers estimate that a CRQC capable of factoring a 2048-bit RSA key would require around 20 million physical qubits, factoring in error correction overhead  [3].

In early 2025, Microsoft announced a significant advancement in topological quantum computing: the experimental realization of Majorana zero modes that exhibit the necessary properties for constructing topological qubits  [4]. Unlike standard superconducting qubits, topological qubits promise lower error rates and longer coherence times due to their inherent protection against local noise.

This development reopens the race toward scalable, fault-tolerant quantum computing, with Microsoft projecting a path to 1 million physical qubits within a decade—substantially fewer than surface-code estimates for CRQC. If scalable, topological qubits could drastically reduce the overhead for implementing Shor’s algorithm at CRQC scale.

The “Harvest Now, Decrypt Later” Risk

One of the key motivations for early transition is the so-called Harvest Now, Decrypt Later (HN-DL) threat. Adversaries may collect encrypted communications today with the intention of decrypting them once a CRQC becomes available. This has particularly severe implications for:

• Long-term sensitive data (e.g., health, defense, intellectual property).
• Encrypted backups and archives.
• Blockchain technologies with weak key reuse policies.

Recent Policy and Industry Reactions

In early 2025:

• Cisco released guidance encouraging quantum-readiness roadmaps for critical infrastructure  [1].
• Cloudflare announced deployment of hybrid TLS key exchange protocols combining X25519 and Kyber  [5].
• Microsoft integrated PQC algorithms into Windows Server 2025 for LDAP over TLS.

Governments are also responding: the U.S. National Security Agency (NSA) has mandated a transition to PQC for all national security systems by 2035, under its CNSA 2.0 framework.

Conclusion

CRQCs remain a long-term threat, but one that demands immediate action. As 2025 unfolds, the focus is shifting from theoretical vulnerability to real-world preparation. The intersection of quantum hardware evolution and cryptographic migration is now a central axis in cybersecurity strategy.

References