Post-Quantum Migration Window Narrows to 2030

Project Eleven published a 110-page report this week on the timeline for quantum computers breaking public-key cryptography. CEO Alex Pruden presented it at Consensus Miami 2026. The short version: Q-Day could land as early as 2030, and almost certainly by 2033.

The report is framed around cryptocurrency, but the underlying problem is the same for anyone running RSA, ECDH, or ECDSA for TLS, VPNs, code signing, or identity infrastructure.

The qubit numbers keep shrinking

In 2019, breaking RSA-2048 was estimated to require about 20 million physical qubits. By 2025, algorithmic improvements had brought that below one million. Papers from early 2026 push it toward 100,000 for some schemes.

Elliptic curve cryptography, which protects most TLS certificate authentication and every major cryptocurrency, looks breakable at under 500,000 physical qubits. Hardware vendors are targeting machines in that range within five to eight years.

In April, independent researcher Giancarlo Lelli broke a 15-bit elliptic curve key on publicly accessible quantum hardware and claimed a 1 BTC bounty from Project Eleven. Fifteen bits is obviously nothing close to 256-bit. But the attack path works on real hardware now, not just in papers, and each generation of quantum machines closes the gap faster than the last.

Migrations are slow, and we know this

The part of the report that stuck with me most wasn’t about qubits. It was the reminder that cryptographic migrations in large systems consistently take five to ten years. That number comes up again and again in real-world protocol transitions, and there’s no reason to think post-quantum will be faster.

Bitcoin’s Taproot upgrade was a relatively modest protocol change and still took years of coordination across users, exchanges, custodians, and miners. A full post-quantum swap means replacing key exchange, updating certificate chains, renegotiating handshakes, and testing every integration point. If you’re running hybrid cloud with legacy on-prem and thousands of TLS-terminating endpoints, you already know how this goes.

Google announced in March 2026 that it plans to finish its full post-quantum infrastructure migration by 2029. Cloudflare published a phased roadmap with the same target: post-quantum key exchange already covers over 65% of human-initiated traffic, post-quantum authentication via ML-DSA arrives mid-2026, Merkle Tree Certificates come mid-2027, and the full SASE suite follows by early 2028.

If Google and Cloudflare need until 2029, most enterprises should probably assume they need longer.

Harvest now, decrypt later is not theoretical anymore

State actors are collecting encrypted traffic now and banking on quantum decryption later. CISA’s January 2026 guidance told federal agencies to prioritize PQC-capable products in all hardware and software procurement, and the federal deadline for TLS 1.3 with post-quantum support is January 2030.

If you handle financial records, patient data, government communications, or trade secrets, the question is simple: does this data need to stay confidential past 2030? If yes, it should already be moving over quantum-safe channels.

What to actually do right now

The NIST standards are done: FIPS 203 (ML-KEM) for key encapsulation, FIPS 204 (ML-DSA) for digital signatures, FIPS 205 (SLH-DSA) for hash-based signatures. HQC, a code-based backup, should reach final standardization in 2027. The algorithms aren’t what’s holding anyone up anymore. The hard part is getting them deployed across real infrastructure.

This quarter, if you haven’t already: run a cryptographic inventory across your TLS endpoints, VPN tunnels, and certificate infrastructure. Find out which of your vendors support ML-KEM in their TLS stacks. Spin up a staging environment and test hybrid key exchange with classical and post-quantum running side by side. Start mapping a migration timeline that targets 2029.

Given how long these transitions take, the worst outcome is getting to 2028 and realizing you should have started two years earlier.