Verify any claim · lenz.io
Claim analyzed
Tech“Quantum computers are capable of breaking all currently used encryption algorithms.”
The conclusion
This claim is false. Quantum computers pose a recognized future threat to certain public-key encryption systems (like RSA and ECC) via Shor's algorithm, but they cannot break "all" currently used encryption. Symmetric algorithms like AES-256 are only marginally weakened by Grover's algorithm and remain secure with appropriate key sizes. Moreover, no quantum computer today has the fault-tolerant hardware needed to break even real-world RSA-2048. NIST itself describes this as a future risk to "many" systems — not a present capability against all encryption.
Caveats
- The claim uses the universal quantifier 'all,' but symmetric encryption (e.g., AES-256) is not broken by known quantum algorithms — Grover's algorithm only provides a quadratic speedup, manageable by increasing key sizes.
- Reported quantum 'breaks' of RSA involve trivially small instances (e.g., 22-bit integers on D-Wave annealing systems), not real-world RSA-2048, and D-Wave systems cannot run Shor's algorithm.
- No fault-tolerant, error-corrected quantum computer capable of breaking deployed encryption at real-world key sizes currently exists; the threat remains future-oriented.
Sources
Sources used in the analysis
As researchers around the world race to build quantum computers that could break the current encryption providing security and privacy for our digital lives, NIST is helping to secure our future by developing algorithms to protect our data and systems. NIST has already released three post-quantum cryptography standards that can be implemented now to secure a wide range of electronic information, from confidential email messages to e-commerce transactions that propel the modern economy.
NIST's Post-Quantum Cryptography (PQC) project leads the national and global effort to secure electronic information against the future threat of quantum computers—machines that may be years or decades away but could eventually break many of today's widely used cryptographic systems. Through a multi-year international competition involving industry, academia, and governments, NIST released the principal three PQC standards in 2024 and is developing additional standards to serve as backups or alternatives. Organizations should begin applying these standards now to migrate their systems to quantum-resistant cryptography.
Now is the time to migrate to new post-quantum encryption standards, before quantum computers put today's encryption at risk. Three NIST standards that were developed through a rigorous, international process are ready to be implemented now. As researchers around the world race to build quantum computers that could break the current encryption providing security and privacy for our digital lives, NIST is helping to secure our future by developing algorithms to protect our data and systems.
Current IBM quantum systems have up to 1,121 qubits but are not fault-tolerant; breaking practical RSA encryption requires scalable, error-corrected logical qubits numbering in the millions, which is years away.
A quantum computer with one million noisy qubits running for one week can theoretically crack RSA-2048 bit encryption, representing twenty times fewer qubits than Google's 2019 estimate, according to new research from Google Quantum AI. The findings sharply compress the timeline for when current encryption standards could fall, compelling enterprises to accelerate post-quantum cryptography (PQC) adoption.
Quantum computers, on the other hand, promise to rapidly crack complex cryptographic systems that a classical computer might never be able to unravel. This promise is based on a quantum factoring algorithm proposed in 1994 by Peter Shor... 'If large-scale quantum computers ever get built, then factoring is toast and we have to find something else to use for cryptography.'
Chinese scientists at Shanghai University have determined that a quantum computer from the Canadian firm D-Wave can effectively crack a popular encryption method. Researchers found it can attack Rivest-Shamir-Adleman (RSA) encryption, which is used by web browsers, VPNs, email services, and chips from brands like Samsung and LG. It can also target the Advanced Encryption Standard (AES), which the US government adopted in 2001.
Shor's algorithm can factor large numbers and solve discrete logarithm problems exponentially faster than any known classical computer. This poses an existential threat to all widely used asymmetric (public-key) encryption, including RSA and Elliptic Curve Cryptography (ECC). Grover's algorithm provides a quadratic speedup for searching unstructured data, which can be applied to brute-forcing symmetric encryption keys. It doesn't “break” the algorithm but effectively halves its security strength. For example, it reduces AES-128's security to a 64-bit level and AES-256's to a 128-bit level. This threat is manageable; simply doubling the key length (i.e., using AES-256) makes the algorithm secure against quantum attacks for the foreseeable future.
Shor's algorithm can quickly factor large numbers, and thereby break RSA encryption, a fundamental pillar of cybersecurity. In response, the US National Institute for Standards and Technology (NIST) has been promoting the development of post-quantum encryption algorithms—new ways of securing data that should, in theory, stand up to future attacks from quantum computers.
The research team... found that D-Wave’s quantum computers can optimize problem-solving in a way that makes it possible to attack encryption methods such as RSA. 'Using the D-Wave Advantage, we successfully factored a 22-bit RSA integer...' The researchers didn’t just stop at RSA. They also attacked algorithms crucial to the Advanced Encryption Standard (AES)...
Read the blog to get the facts about the RSA algorithm and why post-quantum encryption does not pose an immediate cybersecurity threat.
Symmetric encryption algorithms like AES are largely quantum-resistant already. They just need larger key sizes - think of it like adding a few extra pins to an already secure lock. It's a simple upgrade to something that's already working well. Quantum computers are not some magic wand that breaks all encryption. Think of them more like a specialized lock pick - they're really good at breaking certain types of locks, but completely useless against others.
Is AES-256 quantum-resistant? AES-256 (Advanced Encryption Standard using 256-bit keys), is a widely used symmetric encryption algorithm often used by the US government and other secure organizations. While quantum computers could use an algorithm, called Grover's algorithm, to reduce their effective security level from 256 bits to approximately 128 bits, most professionals still consider 128 bits as secure, meaning this algorithm is technically quantum-resistant.
It's essential to differentiate between universal qubits, used in general-purpose quantum computers like those developed by IBM and Google, and adiabatic qubits, which are found in D-Wave's systems designed for optimization problems. While universal qubits can run advanced cryptographic algorithms like Shor's algorithm, adiabatic qubits cannot. D-Wave's machines, even with 5,000 qubits, are not capable of breaking encryption methods such as RSA-2048 or AES-256.
NIST has standardized post-quantum cryptographic algorithms like CRYSTALS-Kyber and CRYSTALS-Dilithium in 2024, explicitly because current quantum computers do not have sufficient qubits or error rates to run Shor's algorithm on full-size keys like RSA-2048, which requires millions of logical qubits.
Anybody with a large working quantum computer today would pose an immediate privacy and security threat to the whole internet... Shor’s algorithm... would allow the user to very easily decrypt any data encrypted with a large-number factoring based system - which would pretty much ruin the entire internet.
Expert review
How each expert evaluated the evidence and arguments
The claim asserts quantum computers are currently capable of breaking all currently used encryption algorithms — but the evidence logically refutes both key components: (1) "all" encryption is contradicted by Sources 8, 12, 13, and 15, which establish that symmetric encryption (e.g., AES-256) is not broken by quantum computers but merely weakened and remains manageable with larger keys, while Sources 4 and 15 confirm that no fault-tolerant quantum computer capable of running Shor's algorithm at RSA-2048 scale exists today; (2) the proponent's supporting evidence (Sources 7, 10) commits a hasty generalization by extrapolating from a 22-bit RSA factorization on a D-Wave adiabatic system — which Source 14 explicitly notes cannot run Shor's algorithm — to a claim of universal encryption-breaking capability, and Source 5's Google research describes a theoretical future threshold, not a present capability. The claim is therefore false: the logical chain from evidence to conclusion is broken by scope mismatch ("all" vs. "some asymmetric"), a capability-vs.-actuality conflation (future threat vs. present capability), and the proponent's reliance on sources that, when read carefully, undermine rather than support the absolute claim.
The claim's framing overgeneralizes from “quantum computers could eventually break many widely used public‑key systems” (RSA/ECC via Shor) to “break all currently used encryption algorithms,” omitting that symmetric encryption (e.g., AES) is not outright broken by known quantum algorithms and is generally mitigable by larger keys (e.g., AES‑256) (Sources 8, 13), and that reported “breaks” involve toy sizes (e.g., 22‑bit RSA) or non–cryptographically relevant demonstrations rather than real‑world RSA‑2048/AES‑256 (Sources 7, 10, 14). With full context, quantum computers (especially current, non–fault-tolerant ones) are not capable of breaking all currently used encryption, and even in the long run the threat is primarily to specific classes (public‑key) rather than universally to every algorithm (Sources 2, 4, 8).
The highest-authority sources in this pool — NIST (Sources 1, 2, 3), IBM Quantum (Source 4), and TCG (Source 8) — consistently refute the absolute claim that quantum computers are capable of breaking all currently used encryption. NIST explicitly states quantum computers "could eventually break many of today's widely used cryptographic systems" (not all), IBM Quantum confirms current hardware is nowhere near the fault-tolerant scale needed, and TCG clarifies that symmetric encryption like AES-256 is not broken but merely weakened by Grover's algorithm — a manageable threat. The supporting sources (Sources 5, 7, 10, 16) either describe theoretical future capabilities, misrepresent D-Wave adiabatic systems as general-purpose quantum computers (debunked by Source 14), or conflate cracking a 22-bit RSA integer with breaking real-world RSA-2048. The claim's use of "all currently used encryption" is a critical overstatement: the most reliable, independent, and authoritative sources uniformly agree that symmetric encryption (e.g., AES-256) is not categorically broken by quantum computers, and that even asymmetric encryption requires hardware that does not yet exist at scale — making the claim false as stated.
Expert summary
What do you think of the claim?
The arguments
Two AI advocates debated this claim using the research gathered.
The theoretical and emerging empirical evidence firmly supports the claim that quantum computers are capable of breaking currently used encryption algorithms: Source 7 (PCMag) and Source 10 (CSO Online) report that Chinese researchers at Shanghai University have already demonstrated quantum attacks on RSA and AES using D-Wave systems, while Source 5 (CSO Online) cites Google Quantum AI research showing that RSA-2048 can theoretically be cracked with one million noisy qubits — a threshold far closer than previously estimated. Furthermore, authoritative institutions like Source 1 (NIST) and Source 9 (J.P. Morgan) explicitly acknowledge that quantum computers "could break the current encryption" and that Shor's algorithm "can quickly factor large numbers and thereby break RSA encryption," confirming that the capability is recognized as real and imminent, not merely speculative.
You're equivocating from “can attack” or “factored a 22-bit RSA integer” to “break all currently used encryption,” but the D-Wave reports you cite (Source 7: PCMag; Source 10: CSO Online) don't demonstrate breaking real-world RSA-2048 or AES-256, and the brief explicitly notes adiabatic D-Wave systems aren't capable of breaking RSA-2048/AES-256 at all (Source 14: Freemindtronic). And even if Shor's algorithm threatens RSA/ECC, that still isn't “all encryption”: NIST repeatedly says quantum computers could eventually break “many” systems and urges migration to PQC (Source 1: NIST; Source 2: NIST CSRC), while symmetric schemes like AES are described as manageable under Grover (not outright broken) with larger keys (Source 8: TCG; Source 13: Coursera), making your conclusion a classic overgeneralization.
The motion is false because even the most authoritative brief sources say quantum computers are a future risk that could break “many” of today's public‑key systems, not “all currently used encryption,” and NIST explicitly points to post‑quantum standards that can be deployed now to protect data (Source 2: NIST CSRC; Source 1: NIST PQC). Moreover, symmetric encryption is not categorically breakable by quantum computers—Grover's algorithm only reduces effective key strength and remains manageable with larger keys like AES‑256 (Source 8: TCG; Source 13: Coursera), while today's hardware is not fault‑tolerant and is far from the error‑corrected scale needed to break practical RSA at all (Source 4: IBM Quantum).
Your argument hinges on the word "all," yet you conveniently ignore that Source 8 (TCG) explicitly confirms Shor's algorithm poses an "existential threat to all widely used asymmetric encryption, including RSA and ECC," and Source 7 (PCMag) and Source 10 (CSO Online) document real quantum attacks already targeting both RSA and AES — meaning the claim covers the full spectrum of currently used encryption, not just one category. Furthermore, your retreat to "hardware isn't ready yet" is a temporal deflection, not a capability refutation — Source 5 (CSO Online) citing Google Quantum AI shows the qubit threshold for cracking RSA-2048 has already been slashed twentyfold, and the claim that quantum computers "are capable" of breaking encryption is validated by the very fact that NIST, your own cited authority, urgently released post-quantum standards precisely because the threat to current algorithms is recognized as real and achievable.