Quantum Computing  |  Cybersecurity  |  Enterprise Strategy

Estimated read time: 14 minutes

<100K Qubits now needed to break RSA-2048

3–5 yrs Hardware partner timeline to CRQC

$7–12M Enterprise PQC migration cost estimate

2035 NCSC deadline for full PQC migration

The number that should keep every CISO awake tonight is 100,000.

That’s the qubit count Iceberg Quantum’s Pinnacle architecture needs to break RSA-2048, the encryption standard protecting virtually every financial transaction, secure communication, and government database on the planet. Until February 12, 2026, the consensus estimate was somewhere between one million and twenty million qubits. Pinnacle just compressed that gap by a factor of ten.

For security leaders who assumed they had a comfortable decade to migrate, the calculus changed overnight. Hardware partners including PsiQuantum, Diraq, and IonQ are projecting systems of this scale within three to five years. The store-now-decrypt-later threat, where adversaries harvest encrypted data today to decrypt it once a cryptographically relevant quantum computer arrives, is no longer a distant theoretical concern. It is an active, present-tense risk.

This isn’t a reason to panic. It is a reason to act.

This guide examines exactly what the Pinnacle breakthrough means technically, why hardware timelines make the threat credible within the decade, how NIST and the UK’s NCSC have already handed organizations a migration roadmap, and what a realistic implementation plan looks like, including costs. By the end, you’ll have both the strategic framing and the operational checklist to brief your board and begin moving.

---

To understand the significance of Iceberg Quantum’s announcement, you need context on why qubit counts have historically seemed so prohibitive.

The Pre-Pinnacle Baseline

In 2019, researchers Craig Gidney and Martin Eklera published the benchmark estimate: breaking RSA-2048 would require roughly 20 million physical qubits. At the time, state-of-the-art hardware was operating in the hundreds of qubits with error rates far too high for cryptographic applications. The gap between capability and threat felt enormous.

By October 2025, Google’s Quantum AI team published analysis reducing that estimate to approximately one million noisy qubits, a meaningful 20x reduction. Security teams updated threat models but still felt comfortable. A million qubits remained well beyond any hardware roadmap’s near-term horizon.

Then came Pinnacle.

The Quantum LDPC Innovation

Key technical finding: The Pinnacle arXiv preprint (arxiv.org/abs/2602.11457), published February 12, 2026, demonstrates RSA-2048 factoring with fewer than 100,000 physical qubits, assuming a 10⁻³ error rate and 1 microsecond gate cycle time.

The mechanism behind this reduction is quantum Low-Density Parity-Check (QLDPC) codes. Classical error correction in quantum computing has historically required enormous qubit overhead, you need many physical qubits to encode each logical qubit reliably. Surface codes, the dominant approach, are reliable but expensive in qubit count. QLDPC codes achieve comparable error correction with dramatically lower overhead, unlocking significant reductions in the physical qubit budget required for complex computations.

Iceberg’s architecture doesn’t just adopt QLDPC codes; it integrates them into a complete fault-tolerant system design, what the company calls the Pinnacle architecture, optimized specifically for the Shor’s algorithm computations needed to factor large integers.

The progression from 2019 to today:

Architecture / Estimate	Qubits Required for RSA-2048	Year	Source
Gidney-Eklera Baseline	~20 million	2019	arXiv (peer-reviewed)
Google Quantum AI Update	~1 million (noisy)	Oct 2025	Google Quantum AI preprint
Iceberg Pinnacle Architecture	<100,000	Feb 2026	arXiv 2602.11457 + press release

Table 1: Qubit requirement reductions for breaking RSA-2048 (2019–2026). Each estimate uses different technical assumptions; Pinnacle’s figure assumes 10⁻³ error rate.

What the Caveats Mean

The 100,000-qubit figure is not a guarantee, it’s a simulation-validated estimate with specific technical assumptions that hardware must eventually meet. The 10⁻³ error rate (one error per thousand gate operations) is aggressive but within the target envelope of advanced quantum hardware programs. The one-microsecond gate cycle time is similarly demanding.

Neither Iceberg Quantum nor any partner has built a system demonstrating these capabilities at scale. Peer review of the preprint is still in progress. These are important caveats, and they don’t neutralize the urgency. The architectural blueprint is published. Multiple hardware programs are racing toward the necessary specifications. The question is no longer if, but when.

“Iceberg’s advances in qLDPC-based architectures will bring forward utility-scale applications on our devices by years. This is a deeply challenging area, and Iceberg has assembled the rare expertise required to make real progress.” — Andre Saraiva, Head of Theory, Diraq — via Iceberg Quantum press release

---

A Cryptographically Relevant Quantum Computer (CRQC) is a machine capable of running Shor’s algorithm at a scale sufficient to break deployed encryption. For RSA-2048, that threshold just moved significantly closer. But how close, realistically?

Hardware Partner Projections

Iceberg Quantum’s Pinnacle announcement came alongside confirmation of active partnerships with three of the most credible quantum hardware programs in the world: PsiQuantum, Diraq, and IonQ. These aren’t marketing relationships. These are hardware companies that have reviewed the Pinnacle architecture and believe their development roadmaps intersect with its requirements.

According to the Iceberg Quantum press release, hardware partners project ‘timelines to build systems of this scale within the next three to five years.’ At current trajectories, that puts a credible CRQC threat window between 2029 and 2031.

PsiQuantum is developing photonic quantum computing and has published roadmaps targeting fault-tolerant operation in the latter half of this decade. Diraq, an Australian-UK quantum spinout, focuses on silicon-spin qubits with density advantages that could facilitate large-scale qubit arrays. IonQ’s trapped-ion architecture currently leads on error rates among commercially available systems.

None of these companies is guaranteed to hit aggressive targets. Hardware development routinely slips. But the convergence of multiple credible programs moving toward the same technical threshold, and doing so in coordination with a team that has shown how to dramatically reduce the qubit requirement, is a qualitatively different situation than existed even six months ago.

The Store-Now-Decrypt-Later Problem

Here’s the threat that makes even a 2029-2031 timeline actionable today: adversarial actors can harvest encrypted data now and decrypt it once a CRQC becomes available.

This attack vector is known as harvest now, decrypt later (HNDL), or store-now-decrypt-later (SNDL). Nation-state actors with long-horizon intelligence goals have operational incentive to stockpile encrypted communications, financial records, intellectual property, and government data captured today. Classified assessments from multiple intelligence agencies have flagged this as an active, ongoing collection activity.

If your encrypted data has value in 2030, trade secrets, long-term contracts, health records, national security information, financial models, it should be treated as potentially compromised today. That’s the operating posture post-Pinnacle demands.

“Our ambition is to help accelerate the transition to, and ultimately power, the fault-tolerant era of quantum computing.” — Felix Thomsen, Co-founder and CEO, Iceberg Quantum

The Uncertainty Principle (And Why It Doesn’t Provide Comfort)

Will the CRQC actually arrive in 2029? Possibly not. Hardware timelines slip. Error correction improvements may plateau. Engineering challenges not yet visible may emerge. There are genuine, substantive reasons to maintain calibrated uncertainty about any specific timeline.

The problem with using that uncertainty as a reason to wait is asymmetric. If migration is delayed until the threat materializes, the window to act may have closed, or will require crisis-mode spending at multiples of the cost of orderly migration. If migration happens and the quantum threat proves slower to materialize, the cost is a compliance investment that also reduces classical cryptographic risk and satisfies regulatory mandates now coming into force.

The risk calculus is not close. Migration wins even under optimistic quantum timelines.

---

The good news: governments and standards bodies didn’t wait for Pinnacle to start building the migration framework. NIST finalized the first three post-quantum encryption standards in August 2024. The UK’s National Cyber Security Centre published official migration timelines with specific milestones. Organizations that start now are working within an established, well-resourced framework, not pioneering into the unknown.

NIST’s Post-Quantum Standards: What Was Finalized

After a multi-year evaluation process involving global cryptographers, NIST published three finalized post-quantum cryptography standards in August 2024:

• ML-KEM (Module-Lattice Key Encapsulation Mechanism), the primary standard for general encryption and key exchange. Based on the CRYSTALS-Kyber algorithm. Suitable for TLS, VPNs, and most enterprise encryption use cases.
• ML-DSA (Module-Lattice Digital Signature Algorithm), the primary standard for digital signatures. Based on CRYSTALS-Dilithium. Suitable for code signing, certificate authorities, and authentication systems.
• SLH-DSA (Stateless Hash-Based Digital Signature Algorithm), a conservative, hash-based signature standard providing a security guarantee independent of lattice assumptions. Serves as a backup if lattice cryptography is later found vulnerable.

These standards are not provisional, they’re finalized, published, and ready for implementation. The NIST post-quantum cryptography standards represent eight years of international cryptographic scrutiny. Enterprises can implement against them with confidence.

The NCSC Migration Timeline: Official Milestones

The UK’s National Cyber Security Centre has published the most explicit government migration timeline currently available. It provides three concrete milestones that serve as useful benchmarks for enterprise planning globally:

NCSC Milestone	Target Date	What It Means for Your Organization
Full Cryptographic Discovery	By 2028	Complete inventory of all systems using classical public-key cryptography. Know what you’re protecting and where it runs.
Highest-Priority Migration	By 2031	Critical infrastructure, financial systems, health data, government systems migrated to PQC standards.
Complete PQC Migration	By 2035	All organizational systems migrated. Classical RSA/ECC encryption fully retired from production environments.

Table 2: UK NCSC PQC Migration Milestones (Source: NCSC PQC Migration Timelines Guidance, 2025). These milestones apply to UK critical infrastructure but serve as global best-practice benchmarks.

The 2028 discovery milestone deserves emphasis. Most large organizations don’t have a complete, current inventory of their cryptographic dependencies. Libraries, APIs, cloud services, SaaS platforms, IoT devices, and legacy systems all use encryption, and most IT teams can’t enumerate them precisely. Building that inventory is the essential first step, and 2028 gives two years to complete it. That clock is running.

The PQC Migration Timeline at a Glance

Year	Event / Milestone
2024	NIST finalizes ML-KEM, ML-DSA, SLH-DSA, the three core PQC standards
2026	Iceberg Quantum Pinnacle: CRQC qubit threshold drops to <100,000 qubits
2028	NCSC target: Complete cryptographic asset discovery across all systems
2031	NCSC target: Highest-priority systems fully migrated to PQC
2029–2031 (est.)	Credible CRQC hardware window per hardware partner projections
2035	NCSC target: Full migration complete, classical RSA/ECC retired

Table 3: PQC Migration Timeline (NIST, NCSC, Iceberg Quantum projections). The overlap of the credible CRQC window and the 2031 priority migration deadline creates a narrow execution window.

The NSA CNSA 2.0 Suite

For US federal contractors and defense-adjacent enterprises, the timeline is even more prescribed. The NSA’s Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) has established specific deadlines for transitioning national security systems to post-quantum algorithms. The NSA’s posture is unambiguous: RSA and elliptic-curve cryptography are being deprecated for national security applications. Organizations in the defense industrial base need to treat compliance with CNSA 2.0 requirements as a non-negotiable operational mandate, not a future roadmap item.

“The path to fault-tolerant quantum computing needs exactly the type of innovations we’ve seen from the Iceberg team.” — Prineha Narang, DCVC (Investor in Iceberg Quantum)

---

CFOs will ask the question that CISOs need to be ready to answer: What does this cost, and how do we justify it? The honest answer is that migration is expensive. The complete answer is that the alternative is potentially catastrophic, and regulatory mandates are making investment involuntary for most industries.

Enterprise Cost Estimates

Migration costs vary enormously by organization size, sector, and cryptographic dependency footprint. For illustrative purposes, analysis of enterprise migration projects and budget modeling for large financial institutions provides a useful benchmark.

Organization Type	Estimated PQC Migration Cost	Key Cost Drivers
Large Multinational Bank	$7M – $12M	Core banking systems, payment rails, HSM upgrades, certificate authority overhaul, compliance testing
US Federal Agency (aggregate)	$7.1B (total govt)	Per White House/OMB analysis; includes all civilian agencies, legacy system remediation
Mid-Market Enterprise (1,000–5,000 employees)	$500K – $2M (est.)	SaaS migration, VPN/TLS updates, PKI refresh, training
Critical Infrastructure (Energy/Utilities)	$2M – $8M (est.)	OT/ICS systems, SCADA encryption, long hardware lifecycle

Table 4: Enterprise PQC Migration Cost Estimates. Large bank figures from PQC Budget Calculator (December 2025); federal aggregate from White House OMB analysis. Mid-market and infrastructure figures are modeled projections.

Where the Money Goes

Migration costs break across five primary categories:

• Cryptographic Asset Discovery (15–20%): Inventory tooling, code scanning, dependency mapping, external audit. Often the most time-intensive phase due to undocumented legacy dependencies.
• Algorithm Migration and Development (35–40%): Updating libraries, APIs, protocols, and applications to PQC standards. Includes hybrid deployment, running classical and PQC simultaneously during transition.
• Hardware Security Module (HSM) Upgrades (15–20%): HSMs are the physical root of trust for most enterprise cryptography. Many current-generation HSMs don’t support PQC algorithms and require either firmware updates or replacement.
• Testing and Compliance Validation (15%): Performance testing (PQC algorithms carry computational overhead), interoperability testing, regulatory certification.
• Training and Organizational Change (10–15%): Development teams, security operations, third-party vendors, and supply chain partners all need updated practices.

The ROI Frame That Works With CFOs

The correct framing for CFOs isn’t ‘this is a new cost.’ It’s ‘this is regulatory compliance investment with a risk-reduction payoff, and the alternative is potential multi-billion-dollar breach liability or regulatory sanction.’

Three financial arguments strengthen the migration business case:

1. Regulatory inevitability: NSA CNSA 2.0, NCSC guidance, and anticipated EU mandates make this a matter of when, not if. Delaying adds complexity and cost without reducing liability.
2. Breach cost benchmarks: IBM’s 2025 Cost of a Data Breach Report found the global average breach cost exceeded $4.5M. A quantum-enabled decryption event affecting multi-year harvested data could produce liability, regulatory fines, and reputational damage orders of magnitude larger.
3. Classical security co-benefits: Cryptographic discovery and modernization reduce classical vulnerabilities simultaneously. Many organizations find the migration process uncovers outdated libraries, weak key management, and certificate hygiene issues that were pre-existing risks.