QRI Research Note
When Quantum Can Break RSA-1024
Quantum Threat Level 60
The point where legacy systems move from risky to indefensible
RSA-1024 is no longer recommended for modern security, but it has existed in real systems, documents, certificates, and legacy products. A quantum RSA-1024 break would be a major transition point because it would show the machine can attack keys that were once widely trusted.
RSA-1024 is not Bitcoin. But a quantum RSA-1024 break would be one of the clearest public signs that cryptographically relevant quantum computing is approaching modern targets.
What this level means
RSA-1024 sits between obsolete RSA-512 and modern RSA-2048. Many organizations already treat it as insufficient, yet legacy systems can persist for decades. A quantum break at this level would make any remaining RSA-1024 use impossible to defend.
Technically, this milestone requires roughly double the input size of RSA-512 and much more arithmetic work. It would test whether fault-tolerant quantum systems can scale in a way that tracks theory rather than stalling at intermediate sizes.
What technology needs to be developed to get here
The technology stack must now look like an early cryptanalytic computer, not a research processor. The bottlenecks are no longer isolated components; they are system throughput, uptime, and resource orchestration.
The system needs enough logical qubits for large arithmetic registers, scratch space, and parallel operations. Efficient algorithms can reduce the requirement, but not remove the need for scale.
RSA-1024 makes non-Clifford resource production a central engineering challenge. Factories must produce high-quality states continuously while the main computation consumes them.
Resource estimates are sensitive to cycle time. Microsecond-scale or otherwise high-throughput correction cycles can change whether an attack takes hours, days, or far longer.
A cryptanalytic run may require sustained operation over long periods. Automatic recalibration, fault handling, and robust scheduling become mandatory.
A large error-corrected quantum computer is also a large real-time classical computing system. Decoders must process syndrome data without becoming the bottleneck.
Manufacturing repeatability, component availability, cryogenic capacity, photonic integration, or laser stability must become industrial capabilities rather than lab exceptions.
Expected timeline and development path
RSA-1024 is where planning estimates become highly sensitive to hardware platform assumptions. It may arrive much later than RSA-512 if scaling overheads grow, or sooner if architecture breakthroughs reduce costs.
A credible RSA-512 break, falling logical-error rates, and clear evidence that larger circuits remain controllable.
Early to mid-2040s is a conservative planning range, but aggressive roadmaps may try to pull this earlier through better codes, layouts, and arithmetic.
QRI would ask whether the machine can repeat the break, attack new keys, and publish enough data for independent analysis.
What this means in real life
This level would be more relatable than smaller benchmarks because RSA-1024 has existed in real infrastructure.
Old servers, appliances, or private systems that never upgraded could be exposed.
Long-lived industrial devices sometimes keep old cryptographic stacks because replacing them is expensive.
Old signed documents and software could face new authenticity questions if weak RSA keys remain trusted.
Records with long confidentiality lifetimes would face stronger harvest-now-decrypt-later concerns.
Acquired infrastructure may contain forgotten RSA-1024 keys or certificates.
Regulators would have little patience for organizations still relying on legacy public-key algorithms.
Bitcoin relevance
Bitcoin signatures are elliptic-curve signatures, not RSA. RSA-1024 does not directly break Bitcoin wallets.
However, RSA-1024 would be a strong warning that the same underlying quantum capabilities might eventually threaten elliptic-curve systems. Bitcoin planning should already be active by this point.
Signals QRI would look for
- A verified RSA-1024 factorization by a quantum system
- Evidence the result was not primarily classical factoring
- Machine uptime long enough for cryptanalytic workloads
- Commercial or government procurement of large fault-tolerant systems
- Rapid updates to PQC migration deadlines after the milestone
Sources and framing
QRI treats these dates as planning ranges, not predictions. The references below inform the article series: NIST has finalized practical PQC standards, NIST NCCoE emphasizes inventory and migration planning, NSA/CNSA guidance says planning and budgeting should happen now, and Google has published both an accelerated PQC migration target and updated factoring-resource estimates.