Has the Internet Been Hacked? The Quantum Threat to RSA Encryption
Summary
Yesterday, a researcher at Google Quantum AI confirmed a breakthrough that could change the internet as we know it: RSA-2048 encryption — long seen as a cornerstone of online security — may be broken in under a week using fewer than a million noisy qubits. This is more than a theoretical milestone; it's a wake-up call. The cryptographic foundations of the internet are now under real and present threat from emerging quantum technologies.
What Is Encryption and How Do We Use It?
Encryption protects our digital lives. Whether you're sending a message via WhatsApp, accessing online banking, logging into email, or shopping online, encryption ensures that your data is scrambled in transit so that only the intended recipient can read it.
One of the most commonly used methods is RSA encryption, which relies on a key pair:
A public key is used to encrypt the data and can be shared openly.
A private key is kept secret and is used to decrypt the data.
With traditional (classical) computers, breaking RSA-2048 would take millions of years. Quantum computing changes that equation.
What Is Quantum Computing?
Traditional computers process data in bits, which are either 0 or 1. Quantum computers, by contrast, use qubits, which can be 0 and 1 simultaneously — a concept known as superposition. They also exploit entanglement, allowing qubits to be correlated in complex ways that massively boost computational power.
This makes them ideally suited to tackle problems considered impractical for classical systems. Such as factoring large prime numbers, the core challenge behind RSA encryption. Shor’s Algorithm, a quantum algorithm for factoring, is the primary threat to RSA and ECC (Elliptic Curve Cryptography).
The Quantum Breakthrough
As confirmed yesterday, a Google Quantum AI researcher published findings demonstrating that RSA-2048 encryption can theoretically be cracked using fewer than one million noisy qubits over a period of about one week. This represents a dramatic drop from previous estimates, which required roughly 20 million qubits and far longer runtimes.
This advancement is made possible by:
Improved quantum error correction
More efficient quantum compilers
Smarter modular exponentiation techniques
While the required quantum computer hasn't been built yet, the direction of travel is clear and it’s faster than many predicted.
How Does This Affect the Average Person?
This isn’t just a niche problem for tech firms and governments. It has real-world implications for everyday people:
Banking, healthcare, and messaging data could be intercepted and stored now, with the intent to decrypt it once quantum computing matures.
VPNs may not be safe: Many widely-used VPN providers rely on RSA or ECC for key exchange. If those are broken, the entire secure tunnel collapses.
Digital signatures, certificates, and software updates all rely on RSA-based trust. If that trust is compromised, systems and data are no longer secure.
“Harvest now, decrypt later” strategies are already in play among nation-state actors.
This is not a future risk, it’s a now risk, with deferred consequences.
How Widespread Is RSA-2048?
RSA-2048 remains dominant across the global internet. As of today:
Over 90% of websites use RSA in some form during the TLS/SSL handshake.
It’s embedded in email servers, VPNs, operating systems, browsers, and even IoT devices.
Top websites still using RSA-2048 include:
However, some high-security platforms have already moved to RSA-4096 or ECC, which offer enhanced protection:
Examples of sites using RSA-4096 or ECC:
Cloudflare.com (ECC by default)
Signal.org (ECC for end-to-end encryption)
Apple.com (uses ECC with frequent key rotations)
gov.uk domains (many adopting ECC under NCSC guidance)
How Can You Adjust Your Infrastructure?
With the quantum threat no longer theoretical, organisations and security teams should act now:
Upgrade Key Sizes Move from RSA-2048 to RSA-4096 or stronger. While not quantum-safe, it increases the cost and complexity of any attack.
Adopt Elliptic Curve Cryptography (ECC) ECC provides strong security with smaller key sizes and better performance. It too is vulnerable to quantum attacks but offers greater efficiency for now.
Plan for Post-Quantum Cryptography (PQC) Begin trials with NIST’s post-quantum standards, like Kyber (key exchange) and Dilithium (digital signatures), in hybrid modes.
Conduct Crypto Audits Identify where RSA-2048 is still in use across your infrastructure, in certificates, APIs, devices and plan upgrades.
Raise Awareness Internally Business leaders, IT teams, and developers must understand the urgency and scale of the risk, and build it into long-term planning.
Is This the Biggest Internet Security Issue in Decades?
It may be.
This isn’t just another CVE or system misconfiguration, it’s a potential extinction-level event for public key infrastructure (PKI) as we know it.
For individuals:
If you use online banking, your encrypted transactions could eventually be decrypted.
If you rely on secure messaging or store passwords in a vault, those could be accessed if quantum-enabled decryption becomes viable.
For businesses:
Your cloud-based email traffic, now considered safe, could be exposed.
Code signing, digital identity, and IP protection mechanisms all face obsolescence.
Regulatory exposure increases if previously encrypted data becomes accessible.
From personal privacy to global commerce, digital trust is at stake. And if trust in cryptography fails, so does trust in the internet itself.
Conclusion: The Clock Is Ticking
Quantum computing hasn’t hacked the internet, not yet. But yesterday’s confirmation of RSA-2048’s vulnerability puts us all on notice.
The cryptographic guarantees we’ve relied on for decades may not survive the next. Transitioning to post-quantum solutions is no longer a question of "if", but "how fast".
What do you think? Is the internet prepared for the quantum era or are we sleepwalking into a security collapse?
