Insider Brief
- A new MITRE report concludes that quantum computers will not break high-security encryption for decades but warns that the U.S. must act now to secure sensitive data against future quantum decryption threats.
- The study estimates that a quantum computer capable of breaking RSA-2048 encryption is unlikely before 2055-2060, though some experts argue it could arrive by 2035 with advances in error correction and algorithm design.
- MITRE urges immediate action on post-quantum cryptography, monitoring adversarial quantum programs, and securing the quantum supply chain to maintain U.S. technological and security leadership.
Quantum computers will not be capable of breaking high-security encryption for decades, according to a new MITRE report. But the study warns that the U.S. government and intelligence agencies must act now to safeguard sensitive data from adversaries banking on quantum breakthroughs.
The report, aimed mainly at the Intelligence Community (IC) and written by MITRE researchers Yaakov Weinstein and Brandon Rodenburg, assesses the state of quantum computing and its implications for national security. The primary concern is that once a sufficiently powerful quantum computer exists, it could render today’s encryption obsolete. The researchers predict that an RSA-2048 encryption key — currently used to secure classified information — will remain safe for at least the next few decades. They are saying this timeline should hold unless there are unexpected advances in quantum computing.
While the study suggests quantum threats are not immediate, it stresses that adversaries, particularly China, are already planning for a future where quantum decryption is feasible.
“While U.S. industry currently leads the way in quantum computing, other nations, especially China, are not far behind,” the analysts write.
They add that China has made significant progress in related fields, such as quantum communication and cryptographic key distribution.
The report warns that China’s leadership in these areas could provide an advantage in quantum computing, potentially widening a military and technological gap that the U.S. might struggle to close. Even if China does not develop a quantum computer before the U.S., it could still decrypt sensitive intelligence it has harvested once the technology is available.
Measuring Quantum Progress
MITRE’s study evaluates quantum computing progress using quantum volume (QV), a metric developed by IBM that considers both the number of qubits and their ability to perform computational tasks without errors. Although other experts would suggest that QV is not the only, or even the best, way to measure quantum progress.
With that limitation in mind, based on historical QV trends, MITRE estimates that a quantum computer capable of breaking RSA-2048 encryption is unlikely to emerge before 2055-2060.
However, the report notes that some experts believe this timeline is too conservative. Optimistic projections suggest that recent advances in quantum error correction and algorithm design could accelerate development, potentially bringing quantum decryption capabilities by 2035.
Quantum error correction can suppress, though not eliminate, errors during computation, the MITRE report states, adding that protecting against these errors is essential to making quantum computers practical for real-world applications.
Beyond Cybersecurity: The Broader Quantum Impact
While much of the focus is on the security threat, the report also highlights potential benefits of quantum computing. These include breakthroughs in materials science, pharmaceuticals and artificial intelligence. Quantum computers could solve optimization problems far faster than today’s best supercomputers, making them valuable for logistics, supply chain management, and defense applications.
Machine learning, another area of national security interest, could also be transformed by quantum computing. MITRE researchers suggest that quantum algorithms might enable AI systems to learn from smaller datasets, leading to faster and more accurate decision-making.
The Urgency of Post-Quantum Cryptography
Even though large-scale quantum computers are decades away, MITRE emphasizes that U.S. agencies must start transitioning to post-quantum cryptography (PQC) now. The report echoes recent moves by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA), both of which are developing new cryptographic standards resistant to quantum attacks.
“The IC has an important role to play in protection from and the utility of quantum computers,” the research team writes. “The IC must protect its classifed data from the threat of a quantum computer, and it should monitor the state of quantum computers to prepare for future threats and capabilities and determine use cases for a future quantum computer. By acting decisively and quickly, the IC will demonstrate the seriousness of the quantum computing threat.”
The analysts add that adversaries are already stockpiling encrypted communications in hopes of decoding them later. This “harvest now, decrypt later” strategy could lead to major security breaches in the future if agencies delay transitioning to quantum-safe encryption.
A Call for Strategic Investment
MITRE’s findings reinforce the need for sustained investment in quantum research, not just for security but also for technological leadership. The study notes that U.S. industry leads in quantum computing today, but warns that dominance is not guaranteed. It calls for careful monitoring of global developments and a coordinated national strategy to ensure the U.S. remains at the forefront of quantum technology.
Additionally, the report raises concerns about the quantum supply chain, noting that adversaries could attempt to weaken the U.S. access to critical quantum components such as cryocoolers and lasers. MITRE recommends proactive efforts to secure domestic supply chains and prevent foreign dependence on key quantum materials.
What’s Next?
The study concludes that while quantum computers capable of breaking encryption are not imminent, the intelligence community cannot afford to wait. The MITRE researchers recommend decisive and swift action to take on this quantum computer threat.
To mitigate risks, specifically, the report recommends immediate action in three key areas:
- Accelerating the transition to post-quantum cryptography to safeguard sensitive information before quantum computers arrive.
- Enhancing monitoring of adversarial quantum programs to ensure the U.S. is not caught off guard by an unexpected breakthrough.
- Investing in quantum research and supply chain security to maintain U.S. leadership and avoid reliance on foreign components.
MITRE is a not-for-profit company that operates federally funded research and development centers (FFRDCs) and engages in public-private partnerships to address national security, infrastructure and technological challenges. The organization collaborates with government agencies and industry to enhance safety, stability, and operational effectiveness across critical sectors. Its research supports policy development, emerging technology integration, and risk mitigation strategies to strengthen national resilience.
The report offers a deeper technical dive that cannot be provided in this summary article. You can read the entire MITRE report here.
