For instance, the popular Rivest-Shamir-Adleman (RSA) encryption algorithm relies on the assumption that factoring a large number is very difficult.

There has been no demonstration of a single logical qubit that could serve as the building block of a large-scale quantum computer, and thousands of such qubits would be needed for applications to cryptanalysis. And although there is substantial uncertainty about the future pace of improvements to quantum computers, and some experts question whether quantum computers large enough to impact cryptography can ever be built, it is realistically possible that a practical quantum computer could become available over the next ten to twenty years that would be sufficiently large to place many encryption systems at risk.The product of multiplying P and Q is published, but it is assumed that an adversary who knows the product of P and Q cannot derive the factors P and Q from that product except by a variant of brute-force search.Factoring appears to be very time-consuming for classical computers, but a quantum computer could quickly extract the factors P and Q by using a method called Shor’s Algorithm.In a world with large quantum computers, RSA would not be secure because someone without the key who knows the publicly available product of P and Q could quickly recover the secret key.Other encryption algorithms are not prone to being defeated so thoroughly by a method like Shor’s Algorithm.

