Cryptographically relevant quantum computer (CRQC)

A cryptographically relevant quantum computer (CRQC) is a Quantum computer powerful and reliable enough to run Shor's algorithm against the key sizes used in deployed public-key cryptography, breaking RSA and elliptic-curve systems. The term names a capability threshold, not a specific hardware design or a fixed qubit count.

Distinguishing a CRQC from other milestones

A CRQC is a far higher bar than Quantum supremacy, which only requires beating classical machines on a contrived benchmark. Breaking 2048-bit RSA is estimated to need thousands of logical qubits and billions of fault-tolerant operations, which in turn demands millions of noisy physical qubits under current error-correction assumptions. No publicly known device is close to that scale.

Why the threshold matters

The arrival of a CRQC defines Q-Day, the point at which currently protected data and communications become decryptable. Because Harvest now, decrypt later lets an adversary store ciphertext today and decrypt it once a CRQC exists, migration to Post-quantum cryptography is treated as urgent even though no CRQC has been demonstrated. Expert timeline estimates for when one might appear vary widely and remain disputed.

Sources

  1. Post-Quantum Cryptography Project (NIST, 2025)
  2. Quantum-Readiness: Migration to Post-Quantum Cryptography (CISA, NSA, NIST, 2023)
Cite this entry
"Cryptographically relevant quantum computer (CRQC)." postquantum.wiki. Updated July 11, 2026. https://postquantum.wiki/crqc@misc{pqwiki-crqc, title = {Cryptographically relevant quantum computer (CRQC)}, howpublished = {\url{https://postquantum.wiki/crqc}}, year = {2026}, note = {postquantum.wiki, updated 2026-07-11} }