Part 1 of 5

Understanding
Quantum
Computers

Before you can understand why quantum computers threaten cryptography, you need to understand what they actually are — and, more importantly, what they are not. Quantum computers are not simply faster classical computers.

Next: The Threat →

Foundations

Bits and Qubits

A classical computer processes information in binary: each bit is either 0 or 1. A quantum computer uses qubits, which behave very differently.

The classical bit

In a classical system, a bit is like a light switch — definitely on or definitely off. Every computation is a deterministic sequence of bit flips following Boolean logic. The power of classical computers comes from performing billions of these simple operations per second.

The qubit: superposition

A qubit (quantum bit) can exist in a superposition of 0 and 1 simultaneously — not in a fuzzy "half-on" sense, but as a coherent quantum state described by a probability amplitude. Only when you measure a qubit does it collapse to a definite 0 or 1.

This doesn't mean a qubit "is both at once" in a classical sense. It means the qubit's state is a complex linear combination |ψ⟩ = α|0⟩ + β|1⟩, where |α|² + |β|² = 1. The amplitudes α and β encode interference relationships, which is where the computational power hides.

Entanglement

Quantum entanglement links multiple qubits so their states cannot be described independently. Two entangled qubits in the Bell state (|00⟩ + |11⟩)/√2 are correlated: measuring one instantly determines the other, regardless of distance. For computation, entanglement is a resource that creates correlations across all qubits in a register, enabling certain algorithms to explore an exponentially large space of possibilities in a structured way.

Quantum interference

Quantum algorithms are designed to make amplitudes of wrong answers cancel each other (destructive interference) while amplitudes of right answers reinforce (constructive interference). This is the mechanism by which quantum algorithms accelerate computation — not raw parallelism.

💡

Key intuition

A quantum computer doesn't try all paths at once and pick the winner. It's more like a wave passing through a diffraction grating — interference concentrates probability at the right answer. Shor's and Grover's algorithms are precisely engineered interference patterns.

Computation model

Quantum Gates and Circuits

Quantum computation is performed by applying quantum gates — unitary transformations that rotate qubit states on the Bloch sphere. Unlike classical gates, quantum gates are reversible (unitary matrices), which is a fundamental constraint.

Common single-qubit gates

  • Hadamard (H) — creates superposition: maps |0⟩ to (|0⟩+|1⟩)/√2. Used to initialize qubits for parallel exploration.
  • Pauli-X — the quantum NOT gate; flips |0⟩ ↔ |1⟩.
  • Phase gates (T, S) — add relative phase to |1⟩ without changing measurement probability. Critical for interference engineering.

Two-qubit gates

  • CNOT (Controlled-NOT) — flips the target qubit if the control qubit is |1⟩. Essential for creating entanglement.
  • Toffoli (CCNOT) — doubly-controlled NOT; provides universal classical computation within a quantum circuit.

Circuit depth and quantum complexity

A quantum algorithm is expressed as a circuit: a sequence of gates acting on a register of qubits, ending with measurements. The depth (number of sequential gate layers) must stay low enough that decoherence doesn't destroy the quantum state before the circuit finishes. This is the central engineering challenge.

Hardware landscape

Quantum Computing Platforms

Several physical approaches to building qubits are under active development. Each has distinct trade-offs in qubit count, coherence time, gate fidelity, and connectivity.

Approach 1

Superconducting Qubits

Tiny microwave-resonant circuits cooled to near absolute zero (~15 mK). Fast gates (nanoseconds). Main platform for IBM (Eagle, Condor, Heron) and Google (Sycamore, Willow). Current challenge: high error rates, requires dilution refrigerators, limited connectivity between qubits.

IBM Heron Google Willow
Approach 2

Trapped-Ion Qubits

Individual ions suspended in electromagnetic traps, manipulated by lasers. Very high gate fidelity and long coherence times. Slower gates (microseconds). All-to-all connectivity on a chip. Main players: IonQ, Quantinuum (formerly Honeywell). Scaling is harder — more ions = more complex laser optics.

IonQ Forte Quantinuum H2
Approach 3

Neutral Atom Arrays

Atoms (Rb, Cs) held in optical tweezer arrays, entangled via Rydberg interactions. Highly reconfigurable arrays with mid-circuit measurement. Atom Computing, QuEra, Pasqal. Promising for fault-tolerant architectures due to native error correction potential.

Atom Computing QuEra
Approach 4

Photonic & Other

Photons as qubits — operates at room temperature, suitable for networking. Gate operations are probabilistic. PsiQuantum targets fault-tolerant photonic QC using silicon photonics fabrication. Also: spin qubits in silicon (Intel, SiQuanT), topological qubits (Microsoft / majorana fermions, announced 2025).

PsiQuantum Microsoft

Error correction

Physical Qubits vs. Logical Qubits

Every physical qubit is noisy. Gates have error rates of 0.1–1%. Qubits decohere — they lose their quantum state to the environment — within microseconds to milliseconds depending on the platform. Running a long algorithm on noisy qubits produces garbage.

Quantum Error Correction (QEC)

Quantum error correction encodes one logical qubit in many physical qubits. The surface code, the leading QEC scheme, requires roughly 1,000–10,000 physical qubits per logical qubit depending on gate error rates. A circuit of L logical operations needs logical qubits with error rate < 1/L.

What does "cryptographically relevant" mean?

Breaking RSA-2048 with Shor's algorithm requires approximately 4,000 logical qubits and ~10⁸ logical gates, per the landmark Gidney & Ekerå (2021) analysis. Translating to physical qubits with current surface-code overhead means roughly 20 million physical qubits at error rates near 10⁻³, or ~4 million at 10⁻⁴.

Today's best machines (IBM Heron: 133 qubits; Google Willow: 105 qubits; IonQ Forte: 36 algorithmic qubits) are 5–6 orders of magnitude away from this threshold. However, progress has been rapid and non-linear.

📊

State of the art (2024–2025)

Google Willow (2024) demonstrated exponential error suppression beyond the break-even point for the first time — meaning error correction actually improved the logical error rate. This is a critical milestone, not a cryptographic threat, but it validates the error-correction roadmap. Microsoft announced topological qubit progress (2025) potentially offering lower overhead.

Timeline

When Could a CRQC Arrive?

A Cryptographically Relevant Quantum Computer (CRQC) is one capable of running Shor's algorithm to break RSA-2048 in a reasonable time. Estimates vary widely.

Source / Survey Year of publication CRQC estimate
Mosca & Piani (Global Risk Institute)2022~1 in 7 chance by 2031; ~1 in 2 by 2036
NIST IR 84132022Possible by 2030; likely before 2040
NSA CNSA 2.0 rationale2022Possible within 10–20 years
BSI quantum threat assessment20232030–2040 window; planning horizon 2030
ENISA quantum threat analysis2023Uncertain; migration should begin immediately

The wide range reflects genuine scientific uncertainty. What is certain is that the migration of large enterprise IT estates takes 5–10 years, and that adversaries harvesting traffic today face no deadline — they wait as long as needed.

🔗

Key reference: Gidney & Ekerå (2021)

The definitive modern estimate of the resources needed to run Shor's algorithm against RSA-2048: "How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits." Quantum 5, 433. Available on arXiv:1905.09749.

Next: The Cryptographic Threat

Now that you understand what quantum computers can do, learn which cryptographic algorithms they break — and why the attack is already under way.

The Threat →