By IonQ’s roadmap to deliver a cryptographically relevant quantum computer by 2028 means Q-Day—when quantum machines break RSA2048 encryption—could arrive in just three years. While skeptics claim the timeline is more like 10+ years, the debate misses a critical point: nation-states are already executing “harvest now, decrypt later” attacks, stealing encrypted data today to decrypt when quantum computers arrive. With large enterprises needing 12-15 years to migrate to post-quantum cryptography, organizations that haven’t started planning are already behind.
The Attack Happening Right Now
China and Russia aren’t waiting for quantum computers to materialize—they’re collecting petabytes of encrypted data today. The UK’s National Cyber Security Centre confirmed in 2019-2021 advisories that “harvest now, decrypt later” is an active, non-speculative threat, with observed bulk collection patterns in operations like APT41 and Fancy Bear. In 2020, Russia redirected data from Google, Amazon, Facebook, and over 200 networks. In 2016, Canadian internet traffic to South Korea was rerouted through China. These aren’t isolated incidents—they’re systematic campaigns targeting government communications, corporate secrets, healthcare records, financial transactions, and military plans.
The strategy is straightforward: Store encrypted data for 3-5 years until quantum computers can decrypt it. Data stolen in 2026 gets decrypted in 2029-2035. The timeline debate about when Q-Day arrives is irrelevant—the retroactive decryption risk exists regardless of whether quantum breakthrough happens in 3 years or 10.
IonQ’s 2028 Roadmap Meets Gidney’s Breakthrough
IonQ’s June 2025 announcement targets a CRQC with 20,000 physical qubits and 1,600 error-corrected logical qubits by 2028. That would be merely interesting if not for Google’s Craig Gidney, whose May 2025 paper demonstrated RSA-2048 can be broken with under 1 million qubits—a 20x reduction from the previous 20 million qubit estimate. More importantly, Gidney showed that 1,000-1,400 logical qubits are sufficient to factor a 2048-bit RSA key in about a week. IonQ’s 1,600 logical qubits exceeds that threshold.
Algorithmic breakthroughs add unpredictability. One IonQ example: A material simulation algorithm was reduced from 1.5 trillion to 410,000 quantum gate operations—a 4 million times improvement. Quantum resource estimates from even 2-3 years ago are obsolete. Progress doesn’t follow a predictable curve—it jumps.
The Timeline Debate is a Distraction
Bill Gates says useful quantum computers could arrive in three to five years. Google CEO Sundar Pichai estimates five to ten years. Nvidia CEO Jensen Huang predicts 15-30 years. The Quantum Doomsday Clock warns Q-Day could hit as early as March 2028. Metaculus moved estimates from 2052 to 2034.
Here’s why none of that matters: Large enterprises need 12-15 years to migrate to post-quantum cryptography. Medium enterprises need 8-12 years. Small enterprises need 5-7 years. If Q-Day arrives in 10 years (the middle estimate), organizations starting today finish migration in 2039—nine years too late. If Q-Day hits in 3 years (IonQ’s timeline), we’re already out of time.
The “prepare for worst case, hope for best case” strategy is the only rational response. Even if skeptics are right and Q-Day is a decade away, harvest now decrypt later attacks make immediate action essential. Waiting for timeline certainty is negligence disguised as prudence.
$30 Billion Market Response Validates the Threat
The post-quantum cryptography market is exploding from $1.68 billion today to a projected $29.95 billion by 2034—17x growth at a 37.72% compound annual growth rate. Gartner forecasts that by 2026, one in five organizations will already be budgeting for quantum threats. By 2029, Gartner predicts asymmetric cryptography will be unsafe, fully breakable by 2034.
This isn’t hype. Enterprises are racing to start multi-year migration projects now, spending billions on PQC infrastructure, training, and consulting. Government mandates reinforce urgency: US Federal systems must achieve widespread PQC adoption by 2035, the NSA requires pure PQC for National Security Systems by 2030.
NIST Standards Are Ready—No Excuse for Delay
On August 13, 2024, NIST finalized three post-quantum cryptography standards. ML-KEM (formerly CRYSTALS-Kyber) serves as the primary encryption standard with small keys and fast operation. ML-DSA (formerly CRYSTALS-Dilithium) is the primary digital signature standard. SLH-DSA (formerly Sphincs+) provides a backup signature method using different mathematics in case ML-DSA proves vulnerable. In March 2025, NIST selected HQC as a backup for general encryption.
Organizations have clear guidance on what to adopt. The standards have been published for 18 months. There’s no excuse for delay.
What organizations should do now: Conduct cryptographic practice audits to identify quantum-vulnerable algorithms in hardware, software, and services. Test NIST standards (ML-KEM, ML-DSA) in development environments. Develop roadmaps prioritizing NIST PQC algorithms. Implement a hybrid approach during transition, using both classic and post-quantum cryptography. Prioritize systems handling frequently transmitted sensitive data.
The challenges are real. Enterprise IT budgets allocate 70-80% to operations and maintenance, leaving limited capacity for transformation projects. PQC migration involves larger parameter sizes and unprecedented ecosystem coordination. Past cryptographic migrations like SHA-1 took over a decade, and PQC is more complex.
But budget constraints and complexity don’t change the math. Organizations starting PQC planning today might finish by 2039-2041. If Q-Day arrives in 2028-2030, that’s 9-11 years of vulnerability to retroactive decryption of harvested data. The timeline debate is irrelevant. The only question is whether you’ve started.
