Superpositioned

Chapter III: The Challenges

3.1 The Race to the Quantum Data Center: Capital and Infrastructure

The capital dynamics of quantum computing differ from AI in important ways. AI’s scaling thesis requires trillions of dollars in electricity and GPU infrastructure. Quantum computing’s capital requirements are currently orders of magnitude smaller—billions, not trillions—but the per-machine cost is extremely high and scaling is harder. Unlike AI data centers, which are essentially warehouses full of GPUs with standardized power and cooling, quantum computing facilities require bespoke infrastructure: dilution refrigerators for superconducting systems, ultra-high vacuum and precision laser arrays for trapped ions, cleanroom fabrication for chip production. These are not off-the-shelf components. The supply chain for quantum-specific hardware—cryogenic electronics, specialized optical components, high-purity materials—is thin and fragile.

Building an AI data center is expensive but straightforward: buy hardware, plug it in, and go. Building a quantum computing facility is more like building a particle physics experiment—every component is custom, the supply chains are tiny, and the engineering is bespoke.

Bottleneck resources:

IBM's shift to 300mm wafer fabrication at the Albany NanoTech Complex represents an important strategic move: by using industrial-grade semiconductor tooling, the company has doubled its R&D cycle speed and achieved a ten-fold increase in the physical complexity of its quantum chips. This kind of manufacturing infrastructure investment will be essential as quantum systems scale.

3.2 The Cryptographic Threat: Security Implications

This is the section most relevant to policymakers. It requires precision and the absence of hype.

The threat: A sufficiently powerful quantum computer running Shor's algorithm could break RSA and elliptic curve cryptography (ECC), which underpins virtually all internet security: banking, communications, government systems, military command and control.

Almost everything you do online is protected by encryption that relies on certain math problems being impossibly hard for regular computers. A powerful enough quantum computer could solve those problems, effectively picking every digital lock on the internet. This isn't happening soon, but it's not science fiction either.

How far away? The long-standing estimate from Gidney & Ekerå (2021) placed breaking RSA-2048 at approximately 4,000 logical qubits[1] with very low error rates (≤10⁻¹⁵ per gate), or roughly 20 million physical qubits on surface codes. Two 2025–2026 results have compressed that resource budget materially. In May 2025, Craig Gidney (Google Quantum AI) reduced the physical-qubit requirement for RSA-2048 to under 1 million noisy qubits—a ~20× algorithmic compression since Gidney-Ekerå 2019/2021 that holds the physical-gate-error assumption (~10⁻³) and surface-code cycle time (~1 μs) constant—using approximate residue arithmetic, yoked surface codes for idle storage, and magic state cultivation; the estimated runtime is under one week[6]. In March 2026, Ryan Babbush and Hartmut Neven (Google Quantum AI) published a companion analysis focused on elliptic-curve cryptography—the signature scheme underpinning Bitcoin, Ethereum, and most modern TLS connections—showing that breaking 256-bit ECDSA could be done with fewer than 1,200 logical qubits and ~90 million Toffoli gates (or 1,450 logical qubits and 70 million Toffolis in an alternative circuit), executable "in a few minutes" on a superconducting processor with fewer than 500,000 physical qubits under the same ~10⁻³ / ~1 μs hardware assumption; Google disclosed the result responsibly in coordination with the U.S. government, Coinbase, the Stanford Institute for Blockchain Research, and the Ethereum Foundation[7]. We are at 48–100 logical qubits today. A cryptographically relevant quantum computer is not imminent, but the target has moved closer: most credible estimates now place it 10 to 25+ years away based on current hardware trajectories, and the algorithmic compressions above narrow the hardware threshold without accelerating its construction.

The "harvest now, decrypt later" threat: This is the real urgency. Adversaries can intercept and store encrypted data today, waiting to decrypt it when quantum computers become powerful enough. For data that must remain secret for decades —national security secrets, medical records, financial data, diplomatic communications—the threat timeline is effectively today. Every day of encrypted data captured before post-quantum cryptography migration is a day of future vulnerability.

The scenario that keeps intelligence agencies up at night: an adversary records your encrypted communications today—they can't read them yet. Years later, a quantum computer breaks the encryption and they decrypt everything they've been hoarding. For secrets that must stay secret for decades, the threat is now, even though the quantum computer won't exist for years.

Post-quantum cryptography (PQC): NIST finalized PQC standards in 2024[2], establishing algorithms (ML-KEM, ML-DSA, SLH-DSA) designed to resist both classical and quantum attacks. The PQC market is valued at approximately $1.9 billion in 2025, projected to reach $12.4 billion by 2035. Migration to PQC is underway but painfully slow—most enterprises have not yet begun. On the policy side, the U.S. National Quantum Initiative Reauthorization Act (S.3597), introduced January 8, 2026 by Senators Cantwell and Young, was advanced by the Senate Commerce Committee on April 14, 2026 (World Quantum Day) with seven amendments; the bill extends NQI authorities through December 2034 and is the first substantive NQI reauthorization progress since the program lapsed in 2023[8]. IBM's April 17, 2026 quantum-safe brief goes further in tone, arguing that fault-tolerant quantum computers could begin approaching cryptographic relevance by the end of the decade; that should be read as vendor risk framing, but it is directionally consistent with the resource-estimate compression above[11].

The critical question: Is the PQC migration happening fast enough relative to quantum hardware progress? The honest answer: probably, but with insufficient margin. If quantum hardware progress follows the base-case scenario, there is ample time for migration. If a breakthrough accelerates the timeline (Scenario B), organizations that have not migrated by the early 2030s could be vulnerable. The prudent course—and the one recommended by NIST, NSA, and CISA—is to begin migration immediately.

3.3 The Algorithm Gap: Software Maturity

Even if we had a perfect 1,000-logical-qubit machine tomorrow, the honest truth is that we have very few algorithms that could immediately exploit it for problems that matter to the economy.

The awkward secret: hardware is advancing faster than software. Even a perfect quantum computer would have a limited menu of solvable problems today. It's like building the world's fastest race car but only having two racetracks—the tracks are behind schedule.

Where algorithms are most mature: Quantum simulation—modeling the behavior of molecules, materials, and quantum systems—is closest to demonstrating practical advantage. Quantinuum has used Helios to simulate high-temperature superconductivity and magnetism. The IonQ/Ansys collaboration reported a 12% speedup on a single medical device simulation instance[4], but this result has not been independently replicated, the classical baseline has not been independently verified, and a 12% margin on one problem does not yet constitute robust practical advantage. IBM's April 2026 Q4Bio update is a more useful application signal: finalists ran healthcare and biology algorithms on real hardware, including circuits up to roughly 100 qubits, and the winning Algorithmiq/Cleveland Clinic/IBM work framed photodynamic-therapy simulation as a scalable hybrid quantum-classical workflow. That is not demonstrated practical quantum advantage, but it is evidence that the algorithm pipeline is moving from toy benchmarks toward chemically and biologically relevant workflows[12]. Shor's algorithm for factoring is well-understood but requires massive scale (thousands of logical qubits at extremely low error rates).

Where algorithms are least mature: Quantum machine learning, despite accounting for the largest projected market value (~$150 billion of Bain's $250 billion estimate), remains largely theoretical with key algorithmic and data-loading bottlenecks. Research on "barren plateaus" (Cerezo et al. 2021) has identified a potentially fundamental barrier: variational quantum algorithms face exponentially vanishing gradients as system size increases—a structural mathematical limitation, not merely an engineering challenge that better hardware will solve. Quantum optimization has shown promise via quantum annealing (D-Wave) but is continuously challenged by improving classical heuristics.

Classical competition

This is the uncomfortable backdrop for every quantum advantage claim—and it deserves more than a backdrop role in the analysis. Classical algorithms and hardware are not standing still; they are experiencing their own revolution driven by AI accelerators, GPU computing, and algorithmic advances.

The erosion of quantum advantage claims has been systematic and rapid. Google's 2019 Sycamore "quantum supremacy" claim—that its 53-qubit processor performed a computation in 200 seconds that would take a classical supercomputer 10,000 years—was challenged repeatedly: IBM argued the classical simulation could be done in 2.5 days with sufficient disk storage, and by 2022, Pan et al. demonstrated that tensor network methods[3] on classical GPUs could perform the same computation in approximately 5 minutes.

The only remaining robust quantum computational advantage—random circuit sampling (RCS)—has no practical application.

The "dequantization" literature, beginning with Ewin Tang's 2019 breakthrough showing that quantum-inspired classical algorithms could match proposed quantum speedups for recommendation systems, has continued to narrow the theoretical advantage window. Multiple proposed quantum speedups for linear algebra, machine learning, and optimization problems have been partially or fully matched by classical approaches.

Classical computing is not merely maintaining pace—it is accelerating. NVIDIA's data center revenue has grown from ~$15 billion in 2023 to over $100 billion annually, driven by AI demand that is simultaneously pushing GPU, TPU, and specialized accelerator performance forward at rates that quantum computing must outpace to deliver commercial value.

Tensor network methods, variational classical algorithms, and AI-driven simulation techniques represent a moving target that quantum computers must clear—not a static benchmark.

The symmetric risk this creates is underappreciated: every year that fault-tolerant quantum computers are delayed, classical computing has an additional year to push the advantage threshold further out. The honest quantum analyst must always ask: "Can a classical computer do this better?" Today, the answer is still "yes" for nearly all practical problems. The question is whether quantum hardware can scale fast enough to outrun classical improvements—and that race is far from decided.

3.4 The Geopolitical Dimension: Who Wins the Quantum Race?

United States: Dominant in private-sector diversity (Google, IBM, Microsoft, Quantinuum, IonQ, Rigetti, PsiQuantum, QuEra, Atom Computing, Infleqtion, D-Wave) and venture capital funding ($1.7 billion of $2.6 billion global VC in 2024). Home to DARPA QBI, CHIPS and Science Act quantum funding, NSF quantum information science centers, and major national laboratories. JPMorgan recently announced plans[5] to invest up to $10 billion across strategic technology sectors including quantum computing. On April 14, 2026 (World Quantum Day), DARPA announced a second quantum program—Heterogeneous Architectures for Quantum (HARQ)—complementary to QBI and focused on combining qubit modalities (e.g., computing qubits with memory qubits). 19 performer teams across 15 organizations were selected at launch, including IonQ for diamond-NV quantum memory work[9].

China: Estimated $15 billion+ in government investment (unconfirmed officially). USTC (Hefei) is world-class, having demonstrated quantum advantage claims with Jiuzhang (photonic) and Zuchongzhi (superconducting). Strong in quantum communications, operating a QKD satellite network. In March 2025, China announced a national venture capital guidance fund mobilizing 1 trillion yuan ($138 billion) for cutting-edge fields including quantum technology. In February 2026, Origin Quantum released Origin Pilot, the first publicly downloadable quantum operating system, aligned with the 15th Five-Year Plan's designation of quantum as one of six strategic "future industries"[10]. Visibility into private-sector activity remains limited and collaboration with the Western research community has narrowed further under tightening U.S. export controls.

Europe: EU Quantum Flagship (>€1 billion). Strong academic base and growing startup ecosystem: IQM (Finland), Pasqal (France), Alice & Bob (France), Quantum Motion (UK). Multiple DARPA QBI Stage B companies are European-affiliated (Nord Quantique, Quantum Motion, Xanadu). Concern about “brain drain” to the US remains persistent.

Other notable programs:

The U.S. has the most companies and private investment. China has the biggest government program. Europe has strong research but struggles to commercialize it. The key risk: quantum technology could become another front in great-power competition, with export controls limiting progress on both sides.

Key asymmetry: The US leads in private-sector diversity, VC funding, and the number of distinct hardware approaches being pursued commercially. China leads in government-directed scale and quantum communications. Europe leads in academic research but lags in commercialization. The risk of technology decoupling—restricted access to quantum hardware, talent, or materials across geopolitical blocs—is real and growing.

Notes

  1. Gidney, C. & Ekerå, M., 'How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits,' Quantum 5, 433 (2021).
  2. NIST, Post-Quantum Cryptography Standards: ML-KEM, ML-DSA, SLH-DSA (finalized 2024).
  3. Pan, F. et al., 'Solving the sampling problem of the Sycamore quantum circuits,' Physical Review Letters 129, 090502 (2022).
  4. IonQ/Ansys, reported 12% speedup on medical device simulation using 36-qubit Forte Enterprise system (March 2025).
  5. JPMorgan Chase, quantum computing research initiatives and enterprise partnerships (2025).
  6. Gidney, C., 'How to factor 2048 bit RSA integers with less than a million noisy qubits,' arXiv:2505.15917 (May 21, 2025); Google Online Security Blog, 'Tracking the cost of quantum factoring' (May 23, 2025). [link]
  7. Babbush, R. & Neven, H., Google Quantum AI, 'Safeguarding cryptocurrency by disclosing quantum vulnerabilities responsibly,' research.google (March 31, 2026); accompanying whitepaper (quantumai.google cryptocurrency whitepaper). [link]
  8. U.S. Senate, National Quantum Initiative Reauthorization Act (S.3597), introduced January 8, 2026; advanced by Senate Commerce Committee April 14, 2026 (World Quantum Day). [link]
  9. DARPA, 'Quantum computing: different qubits, better together,' Heterogeneous Architectures for Quantum (HARQ) program announcement (April 14, 2026); 19 performer teams across 15 organizations; IonQ selection for NV-diamond quantum memory. [link]
  10. Origin Quantum / CGTN, 'China launches quantum computer operating system Origin Pilot,' news.cgtn.com (February 26, 2026; public release March 7, 2026). [link]
  11. IBM, 'Quantum computers are speeding towards cryptographic relevancy: The time to prepare is now' (April 17, 2026). [link]
  12. IBM, 'How IBM Quantum is Enabling Healthcare and Biology Research' (April 16, 2026). [link]