Scott Aaronson doesn't often sound surprised. But a recent preprint from a Sydney-based research team managed it. The paper suggests that breaking RSA-2048 encryption could require fewer than 100,000 physical qubits... an order of magnitude improvement over previous estimates.
That number matters. Because until now, the assumption has been that breaking RSA-2048 would require millions of physical qubits. A distant horizon. Something to worry about later. This research suggests later might arrive sooner than expected.
What Changed?
The breakthrough comes from using Low-Density Parity-Check codes, or LDPC codes for short. These are a type of quantum error correction that's been gaining attention in the quantum community for their efficiency. Unlike surface codes, which have been the standard approach, LDPC codes can protect quantum information using significantly fewer physical qubits per logical qubit.
Here's why that matters for cryptography. Shor's algorithm, the quantum algorithm capable of factoring large numbers and breaking RSA encryption, requires logical qubits... stable, error-corrected qubits that can perform reliable computations. The number of physical qubits needed to create those logical qubits has always been the bottleneck. Surface codes typically require thousands of physical qubits to create a single logical qubit. LDPC codes can do it with far fewer.
The Sydney team's preprint shows that by using LDPC codes, you could theoretically break RSA-2048 with fewer than 100,000 physical qubits. Previous estimates using surface codes suggested you'd need over a million. That's not a minor improvement. That's a different timeline.
What This Actually Means
First, the caveats. This is a preprint. It hasn't been peer-reviewed yet. And even if the maths holds up, building a quantum computer with 100,000 high-quality physical qubits is still a monumental engineering challenge. We're not there yet. Current systems are in the hundreds or low thousands of qubits, and most of those aren't stable enough for long computations.
But the trajectory matters. Quantum computing progress isn't linear. Companies like IBM, Google, and Amazon are investing heavily in error correction and qubit quality. If LDPC codes prove viable at scale, the path to RSA-breaking quantum computers gets shorter. Not imminent, but closer than the previous roadmap suggested.
For organisations still relying on RSA encryption... and that's most of the internet... this is a wake-up call. Post-quantum cryptography isn't a distant concern anymore. It's a practical transition that needs to start now. NIST has already published standards for quantum-resistant algorithms. The question is how quickly organisations can migrate to them.
The Bigger Picture
This isn't just about breaking encryption. It's about the maturation of quantum computing as a field. For years, the focus has been on increasing qubit counts. But raw qubit count is meaningless without error correction. LDPC codes represent a shift in strategy... prioritising efficiency over brute force scale.
That shift has implications beyond cryptography. If you can build logical qubits more efficiently, you can tackle other quantum algorithms sooner. Materials science. Drug discovery. Optimisation problems. The same efficiency gains that bring RSA-breaking forward also accelerate other applications.
Aaronson's commentary on the preprint is worth reading in full. He's cautiously optimistic but highlights several technical hurdles that still need solving. LDPC codes are more complex to implement than surface codes. They require more sophisticated control systems. And proving they work at scale will take time.
But the fact that the estimate has dropped from over a million qubits to under 100,000 is significant. It changes the conversation from "someday" to "within this decade, if progress continues." That's enough to make RSA-2048 obsolescence a practical concern rather than a theoretical one.
For anyone managing secure systems, the takeaway is clear. Start planning the transition to post-quantum cryptography now. The timeline just got shorter.