惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

MyScale Blog
MyScale Blog
U
Unit 42
The Register - Security
The Register - Security
S
Security Affairs
博客园 - 【当耐特】
Latest news
Latest news
爱范儿
爱范儿
T
The Exploit Database - CXSecurity.com
F
Full Disclosure
C
Cisco Blogs
宝玉的分享
宝玉的分享
C
Cyber Attacks, Cyber Crime and Cyber Security
L
LangChain Blog
P
Privacy & Cybersecurity Law Blog
腾讯CDC
C
CXSECURITY Database RSS Feed - CXSecurity.com
V
Vulnerabilities – Threatpost
Jina AI
Jina AI
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 叶小钗
www.infosecurity-magazine.com
www.infosecurity-magazine.com
博客园_首页
博客园 - 三生石上(FineUI控件)
D
DataBreaches.Net
WordPress大学
WordPress大学
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Microsoft Security Blog
Microsoft Security Blog
N
News and Events Feed by Topic
Recorded Future
Recorded Future
Scott Helme
Scott Helme
Hacker News: Ask HN
Hacker News: Ask HN
Webroot Blog
Webroot Blog
AWS News Blog
AWS News Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
人人都是产品经理
人人都是产品经理
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
T
Tor Project blog
F
Fortinet All Blogs
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
H
Hacker News: Front Page
J
Java Code Geeks
A
About on SuperTechFans
The GitHub Blog
The GitHub Blog
博客园 - 聂微东
Last Week in AI
Last Week in AI
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
W
WeLiveSecurity
V2EX - 技术
V2EX - 技术
T
Troy Hunt's Blog
Attack and Defense Labs
Attack and Defense Labs

PostQuantum – Quantum Computing, Quantum Security, PQC

Lightning Network's Quantum Problem Ethereum's Five Quantum Vulnerabilities Bitcoin's Quantum Vulnerability — Anatomy How Close Is the Quantum Threat? Resource Estimates The Quantum Threat to Cryptocurrencies: What's Real Lattice-Based PQC "Limitations" Paper — A Reality Check China's Hanyuan-2 Dual-Core Quantum Computer Pick One Layer First for Your Post-Quantum Migration Cisco Quantum Switch: Room-Temperature Qubit Routing IonQ Claims Q-Day by 2029 — Here's What They Actually Said Project Eleven's 110-Page Quantum Blockchains Report QuantWare Raises $178M Series B Q-CTRL Claims Practical Quantum Advantage Quantum Computing Simulates 12,635-Atom Protein How Quantum Snake Oil Vendors Respond to Hard Questions Simulated Quantum Entanglement | PostQuantum.com Quantum Snake Oil: Guide to Misleading Quantum Terms Quantum AI Trading — Quantum Snake Oil Dictionary Quantum-Proof — Quantum Snake Oil Dictionary Quantum-Grade Encryption — Quantum Snake Oil Dictionary Quantum-Safe Certified — Quantum Snake Oil Dictionary Military-Grade Quantum Encryption | PostQuantum.com What Is a QBOM? Quantum Bill of Materials vs CBOM Explained Quantum-Inspired Encryption — Quantum Snake Oil Dictionary What Is Trust Now, Forge Later (TNFL)? Quantum Blockchain — Quantum Snake Oil Dictionary What Is PQC Migration? The Largest Cryptographic Overhaul Quantum Financial System (QFS) | PostQuantum.com What Is QKD (Quantum Key Distribution)? What Is Quantum Error Correction (QEC)? Unhackable Quantum Encryption | PostQuantum.com Unconditionally Secure — Quantum Snake Oil Dictionary Perfect Secrecy — Quantum Snake Oil Dictionary Information-Theoretic Security | PostQuantum.com Quantum Encryption / Quantum Cryptography Quantum-Enhanced — Quantum Snake Oil Dictionary Quantum-Safe vs Quantum-Resistant vs Post-Quantum Anatomy of Quantum Denial: Bitcoin's Example What Is a Logical Qubit? The Metric That Actually Matters What Is a CRQC? Quantum Computer That Breaks Encryption What Is Q-Day? When Quantum Computers Break Encryption What Is Harvest Now, Decrypt Later (HNDL)? What Is Grover's Algorithm? What Is Quantum Safe? What the Label Means for CISOs What Is Quantum Computing Security? What Is Quantum Cyber Security? What Is Quantum Cryptography? QKD, PQC, and related? Quantum Security: A Complete Guide for Security Leaders What Is Post-Quantum Cryptography (PQC)? Crypto-Agility Is an Architecture Problem, Not a Library Swap IBM Quantum Advantage 2026: Heron + Fugaku Analyzed Aaronson Warns: CRQC by 2029 Is Plausible U.S. Quantum Policy: NQI Reauthorization and PQC Bills The Narrow Advantage: Why Quantum Computing Will Transform Five Industries and Disappoint Twenty The Error Correction Revolution Rewriting Quantum Timelines The Signature Supply Chain: How Deep Does Digital Trust Go? Quantum Chemistry's Honest Ledger: What the Resource Estimates Actually Say About Drug Discovery, Catalysis, and Materials Design Why Quantum Won't Save Wall Street (Yet): An Honest Assessment of Quantum Computing in Finance PQC Standards Fragmentation Quantum Sovereignty and the Utility Trap The Decoder Bottleneck: The CRQC Challenge Nobody Is Talking About IonQ Publishes Complete Fault-Tolerant Blueprint for Trapped Ions — The Walking Cat Architecture Quantum Computing by 2033: Which Industries Win, Which Wait, and Why Nature Reviews Publishes the Definitive CMOS–Spin Qubit Compatibility Assessment IonQ Photonic Interconnect: First Networked Commercial Quantum Computers QuEra Achieves 2:1 Physical-to-Logical Qubit Ratio With Ultra-High-Rate qLDPC Codes Grover's Algorithm vs AES - Why "Ignore It" Is Almost Right McKinsey Quantum Monitor 2026: Tipping Point? Meta PQC Migration Playbook: Lessons for CISOs NVIDIA Ising: Open AI Models for Quantum Calibration and Error Correction Harvard's Cascade Neural Decoder PQC Signature Migration Before Encryption Architecture Matters as Much as the Algorithm: Q-CTRL's Heterogeneous Quantum Computer Design Cuts RSA-2048 to 190k-381k Qubits China's Quantum Sensing Ecosystem: From Deep-Sea Diamonds to Drone-Mounted Submarine Hunters China's Quantum Sensing Ecosystem: From Deep-Sea Diamonds to Drone-Mounted Submarine Hunters China's Quantum Networking and QKD — World's Most Ambitious Quantum Communication Program Anthropic's Mythos Preview and the End of a Twenty-Year Cybersecurity Equilibrium China's Quantum Networking and QKD — World's Most Ambitious Quantum Communication Program Cloudflare Joins Google: Two Internet Giants Now Say 2029 for Post-Quantum Migration China's Quantum Computing Hardware: The Core Capability the West Keeps Misjudging China's Quantum Computing Hardware: The Core Capability the West Keeps Misjudging QuiX Quantum Achieves First Below-Threshold Error Mitigation in Photonic Quantum Computing China's Quantum Talent Ecosystem: Building a Superpower's Workforce Quantum Threat Timeline Report 2025: Record Predictions, But Can the Survey Keep Up? China's Quantum Talent Ecosystem: Building a Superpower's Workforce China's Hefei National Laboratory: The Nerve Center of a Quantum Superpower China's Hefei National Laboratory: The Nerve Center of a Quantum Superpower Gauge Theory Meets Quantum Computing China's 15th Five-Year Plan Makes Quantum an Industrial Imperative — Not Just a Research Priority China's 15th Five-Year Plan Makes Quantum an Industrial Imperative — Not Just a Research Priority QuantumShield360 AI Achieves World's First Complete Post-Quantum Cryptography Migration — Full Quantum Resilience Across All Enterprise Systems 10,000 Qubits to Run Shor's Algorithm Google Quantum AI Achieves 10x Reduction in Resources to Break Bitcoin's Cryptography The U.S. Intelligence Community Just Put Quantum on Equal Footing with AI. And Expanded the Threat Definition Google Just Drew a Line in the Sand: PQC Migration by 2029 Silicon Crosses the Logical Threshold: First Universal Logical Operations Demonstrated in a Silicon Quantum Processor The 1,000-Qubit Ceiling That Probably Isn't Science Confirms What Large Corporate Survivors Already Knew - Organizational Bullshit Makes You Worse at Your Job A New Algorithm Shrinks the Quantum Attack Surface for ECC Quantinuum Squeezes 94 Logical Qubits from 98 Physical — But What Does It Actually Mean?
What Is Shor's Algorithm? The Quantum Threat Explained
Marin Ivezic · 2026-05-04 · via PostQuantum – Quantum Computing, Quantum Security, PQC

This is part of the Quantum Security Reference Deep Dive series. For the full landscape overview, see the capstone article on quantum security.

Introduction

Shor’s algorithm is a quantum algorithm that efficiently factors large integers and computes discrete logarithms, the two mathematical problems that underpin RSA, Elliptic Curve Cryptography (ECC), and Diffie-Hellman key exchange. Published by mathematician Peter Shor in 1994, it proved that a quantum computer could break the public-key cryptography protecting virtually all digital communications. Shor’s algorithm is the reason post-quantum cryptography (PQC) exists.

What It Does

Classical computers struggle with certain mathematical problems that grow exponentially harder as the numbers get larger. Factoring the product of two large prime numbers is one of them. RSA encryption depends on this difficulty: multiplying two 1,024-bit primes together is trivial, but recovering those primes from the product is computationally infeasible for any classical machine. The best classical factoring algorithms would take longer than the age of the universe to break RSA-2048.

Shor’s algorithm changes the complexity class of this problem. On a quantum computer, it reduces integer factorization from exponential time to polynomial time, meaning the problem becomes tractable rather than impossible. The same applies to the discrete logarithm problem, which protects ECC and Diffie-Hellman.

The implications for cybersecurity are total. RSA key exchange, ECDH key agreement, RSA signatures, ECDSA signatures, Diffie-Hellman negotiation in VPNs and TLS: all of it falls to a single algorithm. I cover the specific impact on each cryptographic family in my analysis of how ECC became the easiest quantum target.

What It Needs

Shor’s algorithm cannot run on today’s quantum hardware. It requires a fault-tolerant quantum computer with enough error-corrected logical qubits to sustain a computation over millions of operations without accumulating fatal errors. The machine that meets this threshold is called a Cryptographically Relevant Quantum Computer (CRQC).

The resource estimates for building a CRQC have been a moving target, and they have moved consistently in one direction.

In 2021, the best published estimate (Gidney and Ekerå) concluded that breaking RSA-2048 would require approximately 20 million physical qubits and roughly eight hours of computation. In May 2025, Gidney published an updated analysis that brought the requirement below one million physical qubits with a runtime of under one week. That 20× reduction came entirely from algorithmic and error correction improvements, not from any change in hardware assumptions. The physical error rates, qubit connectivity, and gate speeds were the same; the algorithm simply uses the machine more efficiently.

ECC may fall with even fewer resources. The Chevignard, Fouque, and Schrottenloher paper presented at EUROCRYPT 2026 estimated that breaking the P-256 curve (the most widely deployed ECC standard) requires only 1,193 logical qubits. In March 2026, Google’s quantum team published research suggesting that fewer than 500,000 superconducting physical qubits could break ECC-256 in under nine minutes.

For context, the largest gate-based quantum computers today operate with a few thousand physical qubits, and their error rates are orders of magnitude above what Shor’s algorithm requires. The gap is real. But five years ago, the gap was 20× larger.

What It Has Actually Achieved

Shor’s algorithm has been demonstrated on real quantum hardware, but only for trivially small numbers. The largest integers factored using Shor’s on a genuine quantum computer are 15 and 21. I maintain a detailed analysis of why “they’ve only factored 15” is the wrong way to judge quantum computing progress, and a companion piece examining the enormous gap between factoring a 48-bit number and cracking RSA-2048.

The point is not that these demonstrations are impressive. They are not, in isolation. The point is that the theoretical algorithm is proven, the resource estimates are being refined and reduced with every new paper, and the engineering trajectory of quantum hardware is pointed at eventually closing the gap. The question for security planners is not whether Shor’s algorithm works (it does, mathematically). The question is how quickly the hardware will catch up.

What It Does Not Threaten

Shor’s algorithm is specific. It breaks mathematical problems with a particular algebraic structure: integer factorization and discrete logarithms over finite groups. It does not threaten symmetric cryptography (AES), hash functions (SHA-256, SHA-3), or the new PQC algorithms standardized by NIST, which are built on different mathematical foundations (lattice problems, hash-based constructions, error-correcting codes).

Grover’s algorithm is the quantum threat to symmetric cryptography, and its impact is far less severe: it halves effective key lengths, meaning AES-256 retains roughly AES-128 equivalent security. The existential threat to modern cryptography comes from Shor’s, not Grover’s.

What This Means for Your Organization

If your systems use RSA, ECC, or Diffie-Hellman (and they almost certainly do), Shor’s algorithm is the reason you need to migrate to post-quantum cryptography. The HNDL threat means that data encrypted with these algorithms today is already at risk of future decryption. The TNFL threat means that digital signatures made today could be forged retroactively.

My CRQC Quantum Capability Framework tracks the engineering progress toward the machine that will run Shor’s at scale. The PQC Migration Framework provides the methodology for defending against it.

Go Deeper

Breaking RSA-2048 with 20M Qubits — the 2021 baseline for comparison

Shor’s Algorithm: A Quantum Threat to Modern Cryptography — full technical deep dive

How ECC Became the Easiest Quantum Target — Shor’s impact across RSA, ECC, and Diffie-Hellman

Quantum Breakthrough for RSA-2048 (Gidney 2025) — the latest resource estimate

Algorithm-Level Quantum Threat to ECC (EUROCRYPT 2026) — P-256 at 1,193 logical qubits

Google Quantum vs. Bitcoin ECDLP — ECC-256 under 500K qubits

What Is a CRQC? — the machine Shor’s algorithm needs

Quantum Upside & Quantum Risk - Handled

My company - Applied Quantum - helps governments, enterprises, and investors prepare for both the upside and the risk of quantum technologies. We deliver concise board and investor briefings; demystify quantum computing, sensing, and communications; craft national and corporate strategies to capture advantage; and turn plans into delivery. We help you mitigate the quantum risk by executing crypto‑inventory, crypto‑agility implementation, PQC migration, and broader defenses against the quantum threat. We run vendor due diligence, proof‑of‑value pilots, standards and policy alignment, workforce training, and procurement support, then oversee implementation across your organization. Contact me if you want help.

Talk to me Contact Applied Quantum