The advent of quantum computing poses a funda- mental threat to public-key cryptography based on integer factoring (RSA) and discrete logarithms (ECC). This paper presents an empirical study bridging both sides of this challenge. On the threat side, we implement Shor’s algorithm from first principles using Qiskit and execute it on quantum simulators, successfully factoring N = 15 (50.1% success rate) and N = 21 (32.8%). Resource extrapolation based on Gidney and Ekera˚ (2021) places RSA-2048 at approximately 20 million noisy qubits—roughly four orders of magnitude beyond current hardware. On the defense side, we benchmark ML-KEM-768 (NIST FIPS 203) against X25519 over 10,000 iterations per operation, finding that ML- KEM-768 is 7–18× faster than X25519 on Apple Silicon (keygen: 9.6 µs vs. 66.3 µs median), with the primary cost being a 35× increase in key and ciphertext sizes (2272 B vs. 64 B total wire cost). Our integrated analysis demonstrates that the quantum threat is approaching but distant, while the post-quantum defense is ready and computationally inexpensive, supporting the case for immediate migration under the harvest-now-decrypt-later threat model.
Chaturvedi et al. (Mon,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: