China’s Quantum Computer Will Make US Encryption Obsolete

China’s Quantum Supremacy: The State of Play

China has identified quantum technology as a national strategic priority, aiming to promote cutting-edge industries like quantum technology as new economic growth points in its Five-Year Plan (2026–2030). The country is reportedly the world’s largest investor in quantum technology, with estimates suggesting China is investing $10 billion to $15 billion, compared to the US plan of $1 billion over five years and the EU’s $1 billion over ten years.

This centralized, state-driven approach allows China to mobilize resources and coordinate across institutions effectively, accelerating progress. The results speak for themselves: 

Quantum Computing Milestones:

• Jiuzhang 3.0 (October 2023): A photonic quantum prototype that solved a sampling problem in one microsecond—a task estimated to take the world’s top supercomputer over 20 billion years. Jiuzhang 3.0 operates with 105 qubits.
• Origin Wukong (early 2025): A 72-qubit quantum processor that has been used to fine-tune a billion-parameter AI model.
• Zuchongzhi 3.0 (March 2025): A 105-qubit superconducting processor that achieved quantum computational advantage, reportedly one million times faster than Google’s latest quantum chip results in similar experiments.
• Tianyan-504 (December 2024): A 504-qubit chip, China’s most powerful quantum computer to date. The Tianyan platform hosts an 880-qubit superconducting quantum computing cluster. China Telecom Quantum Group plans to launch the country’s largest quantum computing cluster, exceeding 1,200 qubits, by the end of 2025.

Quantum Communications Leadership:

China leads the world in quantum communications. In September 2017, it demonstrated the transmission of quantum encryption keys, enabling two ground stations to exchange secure data with efficiencies 20 orders of magnitude greaterthan comparable optical fiber networks. China Telecom Quantum Group has launched the world’s first commercial cryptography system integrating Quantum Key Distribution (QKD) and Post-Quantum Cryptography (PQC), demonstrating quantum-encrypted voice calls over 1,000 kilometers.

Encryption Attacks: Chinese researchers have published work demonstrating methods to attack encryption:

• RSA Factorization: A team led by Wang Chao from Shanghai University factored a 22-bit RSA integer using a D-Wave quantum annealer in May 2024, later a 50-bit RSA number using a hybrid quantum-classical method, and in April 2025, a 90-bit RSA number—the largest quantum-assisted factorization to date.
• Symmetric Encryption: The Shanghai University team also reported attacking algorithms crucial to the Advanced Encryption Standard (AES), including Present, Rectangle, and the Gift-64 block cipher. They claimed this was the first time a real quantum computer posed a substantial threat to multiple full-scale SPN structured algorithms.

The Reality Check: Not Quite Obsolete (Yet)

Before we panic, it’s important to understand the limitations of these achievements. Despite the impressive headlines, experts largely agree that these breakthroughs do not yet represent an imminent threat to current, widely used encryption.

Trivial Key Sizes:

The 22-bit, 50-bit, or 90-bit RSA keys factored by Chinese researchers are astronomically smaller than the 2048-bit RSA keys used in real-world encryption. A classical laptop can factor a 22-bit RSA modulus in milliseconds. The difficulty of factoring increases exponentially with the size of the number, meaning the gap between a 90-bit integer and a 2048-bit integer is immense.

No Proven Quantum Speedup for Large Keys:

The experiments have not demonstrated a scalable quantum speedup over classical algorithms for larger inputs. Experts like Peter Shor have pointed out that proposed hybrid methods for factoring RSA-2048 could still take millions of years.

Heavy Classical Assistance: The quantum annealing methods relied heavily on classical computation for pre-processing and embedding problems onto quantum hardware. This is a hybrid quantum-classical approach, not a pure quantum solution.

Exponential Scaling Remains: The approaches used still suffer from exponential scaling as the numbers grow larger, meaning there is no feasible path demonstrated to break modern RSA without a massive leap in quantum computing capabilities.

As Dr. Erik Garcell of Classiq stated: “Factoring a 50-bit number using a hybrid quantum-classical approach is a far cry from breaking ‘military-grade encryption.'” Researchers estimate that a theoretical 20 million qubit computer would require eight hours to crack a single 2048-bit RSA key. The most powerful quantum computers currently have just over 1,000 qubits and can maintain stable operation for only 1-2 milliseconds.

The “Harvest Now, Decrypt Later” Threat

Even if quantum computers can’t break encryption today, there’s a more insidious threat: “harvest now, decrypt later”(HNDL). This strategy involves adversaries collecting encrypted data today with the intention of decrypting it once quantum capabilities mature. This poses a delayed risk, especially for sensitive information with long-term confidentiality requirements:

• Classified government communications
• Long-term financial contracts
• Medical records
• Intellectual property
• Personal communications

If China (or any other adversary) is collecting encrypted data today, they could decrypt it in 5-10 years when quantum computers become powerful enough. This means that essentially all encrypted data is at risk, even if it’s protected by current standards. The US-China Strategic Competition Commission has warned that the country that achieves supremacy in quantum computing will play a disproportionate role in encrypting the digital economy and gain significant advantages in intelligence collection and precision targeting.

The Race to Post-Quantum Cryptography

The looming threat of quantum computers breaking current encryption has spurred a global race to develop post-quantum cryptography (PQC)—new forms of encryption designed to withstand attacks from even the most powerful quantum computers.

NIST’s Leadership: The U.S. National Institute of Standards and Technology (NIST) has been leading efforts since 2012 to develop encryption standards resistant to quantum attacks. In 2022, NIST selected candidate algorithms like CRYSTALS-Kyberand CRYSTALS-Dilithium for post-quantum cryptography. In March 2025, NIST selected HQC (Hamming Quasi-Cyclic Algorithm) as a backup cryptographic scheme. NIST has released three new post-quantum FIPS encryption standards:

• FIPS 203 (ML-KEM): Module-Lattice-Based Key-Encapsulation Mechanism
• FIPS 204 (ML-DSA): Module-Lattice-Based Digital Signature Algorithm
• FIPS 205 (SLH-DSA): Stateless Hash-Based Digital Signature Algorithm

These algorithms rely on mathematical problems believed to be resistant to quantum attacks, such as lattice-based cryptography, hash-based signatures, and code-based systems.

China’s Parallel Effort:

China has launched its own global initiative to develop post-quantum cryptographic algorithms through the Institute of Commercial Cryptography Standards (ICCS). This move is seen as a strategic divergence from US-led efforts, partly due to concerns over potential “back doors” that could allow US intelligence agencies access to encrypted communications.

In early 2025, China launched its own national cryptographic competition (NGCC), indicating a desire to develop indigenous alternatives to US-led standards. The U.S. government has initiated policies and legislation, such as the Quantum Cybersecurity Preparedness Act, to push federal agencies towards quantum-safe standards.