The Nobel Prize and the Quantum Era
On Tuesday, the Nobel Prize in Physics was awarded to John Clarke, Michel H. Devoret, and John M. Martinis. Their experiments with superconducting circuits and Josephson junctions demonstrated that quantum mechanics can govern the behavior of an entire electronic circuit—not just individual particles. They showed that these macroscopic systems could tunnel through energy barriers, change states, and absorb or emit energy in discrete amounts.
The groundbreaking work of this trio of physicists and its recognition with the Nobel Prize underscores an important idea: quantum mechanics is not just a microscopic phenomenon; it can be engineered at scale. This idea forms the basis for all the advances in quantum technology and quantum computation that we are witnessing today.
The Quantum Threat to Cryptography
The idea of a quantum computer is credited to Richard Feynman who, in 1982, observed that the number of bits required to simulate a quantum system on a classical computer grows exponentially with the size of the quantum system. His conclusion was that efficient simulations of large quantum systems require a fundamentally new kind of computer—one built on the principles of quantum mechanics. Feynman’s idea of a quantum computer would have applications and consequences far beyond just simulating physics.
In 1994, one such unforeseen application entered the picture when Peter Shor, a mathematician working at Bell Labs (and now a professor at MIT), formulated an algorithm to factor large integers into their prime factors using a quantum computer. Shor’s algorithm, when implemented on a quantum computer, can factor a large integer composed of two prime factors exponentially faster than any classical computer can. I was fortunate to take Peter Shor’s class as a graduate student. Seeing him lecture on the algorithm he invented and then drawing the entire factorization procedure as a single elegant circuit diagram was a reminder of how an abstract idea can rewrite the rules of an industry—namely cryptography.
Shor’s algorithm threatens RSA and elliptic-curve discrete logarithm cryptography, two of the most widely used public-key schemes today. Modern public-key cryptography relies on mathematical problems that are infeasible for classical computers to solve. For example, the security of RSA relies on the difficulty of factoring large numbers into their prime factors. RSA-2048 would take classical supercomputers trillions of years to break. However, a sufficiently large and fault-tolerant quantum computer with 1–10 million qubits, running Shor’s algorithm, could do it in a few days, if not hours.
Such large quantum computers with sufficiently high two-qubit gate fidelity are not yet available. But the direction of progress—higher qubit counts, better fidelities, and improved error correction—points toward that possibility within a few decades. Compounding the risk is the “harvest now, decrypt later” strategy: encrypted data can be intercepted today and stored until quantum computers are powerful enough to break it. For long-lived sensitive information, the threat is already active.
Rapid Growth in Hardware Capabilities
In 2001—a mere seven years after Shor published his algorithm—physicists Isaac Chuang and Lieven Vandersypen collaborated with IBM to perform the first implementation of Shor’s algorithm on a physical quantum system. Using nuclear magnetic resonance in specially engineered test-tube molecules, they manipulated spin states to encode qubits and successfully factored the number 15 into its prime factors 3 and 5. Though modest, it was the first demonstration that Shor’s algorithm could be run on hardware.
From that point on, progress has been accelerating at a frightening pace. In 2019, Google’s 53-qubit Sycamore chip completed a calculation in 200 seconds that would have taken classical supercomputers thousands of years to complete. Soon after, China’s Jiuzhang photonic processor performed boson sampling far beyond classical reach. In 2023, IBM unveiled Condor, the first quantum processor to cross the 1,000-qubit threshold. And in 2024, Quantinuum’s H-Series achieved 99.9% two-qubit gate fidelity, a key milestone for error correction.
Taken together, these advances illustrate a clear trend: quantum computing hardware is scaling up and improving in quality. Each milestone brings us closer to the threshold of cryptographically relevant quantum computers—systems capable of breaking the encryption that secures a significant amount of our data and communications.
Post-Quantum Cryptography
To address this looming risk, NIST launched the Post-Quantum Cryptography (PQC) project in 2016. In 2024, the first standards for asymmetric encryption were finalized:
- FIPS 203: Module-Lattice-Based Key Encapsulation Standard
- FIPS 204: Module-Lattice-Based Digital Signature Standard
- FIPS 205: Stateless Hash-Based Digital Signature Standard
The U.S. government has since mandated federal agencies to begin migration, with RSA and ECDSA scheduled for deprecation by 2030 and full disallowance by 2035. OpenSSL 3.5 has already added support for these PQC standards, making adoption technically feasible today. The responsibility now lies with organizations to begin the transition: to catalog where quantum-vulnerable cryptography is used, to adopt systems which enable the swapping of encryption algorithms without disruption, and to integrate quantum-safe encryption alongside the traditional ones during this period of change.
Preparing for the Next Era
The 2025 Nobel Prize recognized experiments with superconducting circuits that extended quantum behavior from the microscopic to the macroscopic scale. Clarke, Devoret, and Martinis’ experiments emphasize that quantum mechanics is not just a microscopic phenomenon; it can be engineered at scale. This makes the line from their experiments to the future of cryptography direct: as quantum hardware improves, so does the risk to traditional asymmetric encryption. Even the Nobel Committee itself made this connection explicit. In their press release, the very first opportunity they listed for the next generation of quantum technologies was quantum cryptography, followed by quantum computers and quantum sensors.
Hence, the shift to post-quantum cryptography is not an academic exercise. It is a practical necessity. Sensitive data—medical records, financial information, state secrets—must remain secure for decades. Waiting until large-scale quantum computers arrive would be far too late; by then, anything encrypted using cryptographically vulnerable algorithms could already be exposed. Preparing now ensures that when quantum computers become powerful enough to challenge existing cryptography, our data will remain beyond their reach.
— Arjun Srinivasan Kudinoor