Two items collided on the information landscape in late 2024 and early 2025: a peer‑review‑listed paper claiming a D‑Wave quantum annealer had “factored” an RSA‑2048‑sized integer, and the continuing technical reality that gate‑model quantum machines remain many orders of magnitude short of being cryptanalytically relevant. Parsing these together matters because policymakers and operators will act on headlines, not on algorithmic caveats.

What was actually demonstrated. The paper in question reports a factoring procedure that succeeds for a narrow, highly structured class of 2,048‑bit composite integers and describes experiments using quantum annealing hardware and heavy classical pre‑ and post‑processing. The title is attention grabbing, but the body of the work makes clear it is not a general, practical break of RSA as deployed on the internet. In short, the authors showed that under special constraints one can turn an integer factorization instance into an optimization problem that an annealer can solve. That is a research result worth examining, but it is not a demonstration that standard RSA‑2048 keys in the wild are now crackable.

Where the real cryptanalytic threat remains. Demonstrations of Shor’s algorithm and related gate‑model factorizations on real hardware have historically been limited to toy numbers, typically in the tens of bits, as experimental proofs of principle rather than scalable attacks. The largest fully quantum demonstrations remain orders of magnitude below cryptographic key sizes used in production. Building a fault‑tolerant, cryptanalytically relevant quantum computer will require not only qubits but also error correction, low logical error rates, and architectures that multiply physical qubits into stable logical qubits at scale. The literature and experimental record reinforce that gap.

Why the hype persists. Two drivers keep fueling alarmist narratives. First, paper titles and press releases sometimes compress caveated technical findings into simpler headlines. Second, advances in related metrics such as qubit counts, benchmarking milestones, or specialized annealing demonstrations are easy to misframe as a single binary milestone: quantum equals break encryption. That framing ignores crucial differences between annealers and universal gate machines, between specially structured instances and random RSA moduli, and between raw qubit counts and the qubits you need once you factor in error correction. The net effect is repeated cycles of overstated apocalypse and subsequent expert correction.

Where industry and governments have already moved and why that matters for defense. Standards bodies have not been idle. NIST finalized its first set of post‑quantum encryption standards in 2024 so implementers can begin migrating away from cryptosystems vulnerable to future quantum attacks. The standardization path is an acknowledgement that, even if a cryptanalytic Q‑machine does not exist today, the prudent path is to migrate critical systems and long‑lived secrets before a future Q‑Day makes historical interception meaningful. For defense planners that dual imperative is immediate: inventory long‑lived secrets, prioritize migration of command and control and logistic links, and harden archives that adversaries might be harvesting for future decryption.

Concrete resource context you can use to plan. Estimates in public technical commentary and vendor disclosures show that recent high‑profile gate processors remain far below what cryptanalysis would demand. New chips demonstrate useful error‑rate reductions and improved scaling, but they are not yet “cryptanalytically relevant quantum computers.” Practical estimates still point to machines needing millions of physical qubits and robust logical qubit architectures before Shor‑style factorizations of real 2048‑bit moduli are feasible. That order of magnitude gap should shape procurement and risk prioritization rather than panic.

Operational recommendations for defense and industry. Translate the technical gaps above into defensible action:

  • Assume optimistic but realistic timelines. Treat quantum cryptanalysis as a high‑impact medium‑term risk and budget for migration now rather than wait for a cryptanalytic breakthrough.
  • Inventory and classify. Identify systems carrying long‑lifespan secrets or signatures; those are highest priority for early post‑quantum migration.
  • Adopt hybrid deployments. Implement post‑quantum key‑establishment in parallel with well‑tested classical schemes where performance and interoperability permit, and validate using operational testbeds.
  • Harden for the harvest problem. Assume adversaries may be collecting encrypted traffic today for decryption later; where confidentiality must survive decades, migrate or re‑encrypt sooner.

What defense R&D must do differently. Operational leaders must fund two parallel lines: (1) defensive implementation of vetted post‑quantum algorithms across comms, signatures, and device provisioning; and (2) sober, reproducible research that stresses quantum cryptanalysis claims under adversarial review. One role for defense labs is to establish transparent test suites and blinded challenges that separate trivial, structured instances from general exponential‑hard cases. That will reduce cycles of hype and enable evidence‑based decisions on when a true cryptanalytic capability has arrived.

Bottom line. As of January 28, 2025, the headlines that claim quantum machines have broken deployed RSA or elliptic curve cryptography conflate important laboratory advances with practical cryptanalysis. The research is real and incremental, but the technical gap to a general, scalable cryptanalytic quantum computer remains large. That is not an excuse for complacency. Standards bodies have produced post‑quantum algorithms and the sensible course for defense planners is to accelerate migration and inventory planning now, while continuing to monitor genuine advances in cryptanalytic capability with discipline and skepticism.