Two Big Revelations

Bring Q-Day Closer

Watching the evolution of quantum technologies over the past decade, I periodically am struck by advances that bring them into reality from the lab. In the past week, two key thought pieces should bring every organizational leader to the table and consider the implications for their organizations. I’ll split them into two substacks because they’re both meaty subjects.

Revelation One

The first revelation for industry observers focused on the most urgent element in the quantum spectrum, cryptography. And the message was “we have the wrong target”.

Image source: Brian Lenahan/Midjourney

A 44-page report by Global Quantum Intelligence, LLC’s David Shaw and highlighted by long-time industry observer Doug Finke argued that RSA 2048 should no longer be the benchmark to measure a cryptographically relevant computer (CRQC) and Q-Day’s approach.

“When people think about Q-Day, they are looking at the wrong thing…
From a classical standpoint, ECC-256 has advantages because it is faster, has a smaller key size, and reduced overhead while still retaining the same level of security offered by RSA-2048. But here is the key point: ECC-256 IS SUBSTANTIALLY EASIER TO BREAK THAN RSA-2048 WITH A QUANTUM COMPUTER USING SHOR'S ALGORITHM. This means that less powerful quantum computers, which will become available sooner, will do the job.” - Doug Finke, GQI

Image Source: Quantum Computing Report by GQI

GQI’s report calls out starkly to the world’s business leaders. Time’s up. And focus on ECC. I understand this may not be a revelation to some, especially those close to the world of cybersecurity. Yet its hard to argue the point is clear and urgent.

In the same vein, recent analysis by the Global Head of Santander Quantum Threat Program, and one of the Top 25 Most Influential in Quantum Security, Jaime Gomez Garcia , who has been travelling the globe reinforcing the urgency of quantum cryptographic readiness, is chilling in terms of implications. He consistently takes a practical approach.

“The transition to post-quantum cryptography (#PQC) will only succeed if it is driven by business priorities, not just technology timelines. By systematically identifying and prioritising business use cases based on risk and feasibility, organisations can move from abstract readiness discussions to concrete, executable actions that streamline the journey to quantum safety.” - Jaime Gomez Garcia

Scott Aaronson, one of the newest members of the US National Academy of Sciences, argues that cryptographically relevant quantum computers are inevitable and racing ahead is better done openly by US companies than secretly by adversaries. Despite years of warnings, cybersecurity remains in denial. His duty is clear: sound the alarm—start migrating to quantum-resistant encryption now, before it’s too late.

“Haven’t these slumberers shown that won’t wake up until dramatic achievements in fault-tolerant QC roust them—the way Anthropic’s Mythos model has now jolted even the most ostrich-like about the cybersecurity risks of AI? So, mixing metaphors, mightn’t we just as well rip this Band-Aid off ASAP, rather than giving foreign intelligence agencies extra years to catch up? Indeed, when you think about it that way, isn’t racing to build a cryptographically relevant QC, as quickly as possible, the most ethical, socially responsible thing for an American QC company to do?” - Scott Aaronson

Aaronson’s core warning is sound and timely: Migrate to post-quantum crypto aggressively because timelines are shortening and denial persists. Recent hardware gains justify updating priors. Ignoring the ethics question, I take a somewhat more balanced view: Accelerate defensive preparation and resilient tech while treating CRQC development as a high-stakes national capability (with safeguards), not a moral imperative for private firms to sprint toward disruption. Truth-seeking demands evidence-based urgency without turning it into a geopolitical cheer (although the ring of urgency remains relevant). The real test is whether warnings translate to widespread PQC rollout before any “rousting” event.

Summary

Organizations must keep an eye on ECC disruption as much as, or even moreso than RSA 2048. That’s the message from GQI. Urgency is the message from Jaime Gomez Garcia and Scott Aaronson especially for the “slumberers” in the business world. In part two, I’ll discuss my next revelation.

Brian Lenahan is founder and chair of the Quantum Strategy Institute, author of seven Amazon published books on quantum technologies and artificial intelligence and a Substack Top 50 Rising in Technology. Brian’s focus on the practical side of technology ensures you will get the guidance and inspiration you need to gain value from quantum now and into the future. Brian does not purport to be an expert in each field or subfield for which he provides science communication.

Brian’s books are available on Amazon. Quantum Strategy for Business course is available on the QURECA platform.

Copyright © 2026 Aquitaine Innovation Advisors