The Clock Is Already Ticking: Taiwan's Quantum Godfather on Why the Encryption War Has Already Begun

"The Industrial Revolution harnessed mechanics and thermodynamics. The semiconductor revolution built the digital world. The quantum revolution will transform the classical Earth into a quantum Earth — and that transformation has already begun."

— Chang Ching-ray, Ph.D., IBM-NTU Q Hub Director

Three great transformations have reshaped human civilization. The first used steam and steel. The second built the digital world from silicon and light. The third — quantum — is quietly rewriting the rules again. And according to one of Asia's most respected voices in quantum science, the battle is no longer on the horizon. It is already underway.

Chang Ching-ray, Ph.D. — IBM-NTU Q Hub Director, Chair Professor of Physics at Chung Yuan Christian University, Fellow of both the American Physical Society (APS) and the IEEE, and member of the Research Institute for Engineering and Applications (RIEA) — has spent decades at the frontier of condensed matter physics and spintronics. A former acting president and vice president of National Taiwan University, he is widely regarded as Taiwan's leading architect of quantum strategy and its most influential bridge to the global quantum research community.

Today, his most urgent message is not about laboratories or Nobel prizes. It is about a countdown that most organizations have not yet started taking seriously.

While the world debates when quantum computers will truly leave the laboratory, a more urgent and immediate question has quietly taken center stage: even before quantum computing reaches full maturity, the countdown clock on today's encryption systems may already be ticking.

Q-Day is most commonly described as the moment when a quantum computer becomes powerful enough to break RSA — the public-key encryption standard in widespread use today across banking, government communications, healthcare records, and global supply chains. Chang explains that the reason 2035 keeps appearing in market discussions is that the United States has been moving toward retiring RSA after that year. Many analysts have since taken this as a benchmark, estimating that around that point the risk of quantum computers cracking current encryption will shift from theoretical to a real pressure that governments and enterprises must directly confront.

But Chang is careful to stress that Q-Day is not a single fixed moment. He distinguishes at least three stages of quantum development: first, a "quantum breakthrough" — notable progress in specific technologies or experiments; second, "quantum advantage" — when quantum computers begin demonstrating superiority over classical computers across a broader range of problems; and third, a "quantum ecosystem" — the stage at which quantum technology enters widespread application and forms a complete industrial system. In his assessment, Q-Day is more likely to arrive after the quantum ecosystem matures, which is why 2035 is better understood as a commonly referenced market benchmark rather than a fixed and immovable deadline.

What companies cannot afford to overlook goes beyond the question of which year their encryption might be broken. The more immediate concern is a risk the cybersecurity community has debated for years: store now, decrypt later.

Even if an adversary today lacks the capability to decode encrypted traffic, they can harvest and store that data now, then decrypt it once quantum hardware matures. For organizations whose sensitive data must be retained for five, ten, or more years — think medical records, defense contracts, financial instruments, or semiconductor IP — the moment to begin replacing encryption algorithms is not Q-Day itself. It is well before that.

"Q-Day's countdown has already begun," Chang warns. The industry is still working through the transition from physical qubits to logical qubits, and then toward error-correction systems capable of sustained stable operation. But as long as hardware continues to advance and algorithms continue to improve, it is only a matter of time before existing cryptographic mechanisms face serious challenge. That trajectory alone, he argues, is sufficient reason for organizations to start auditing and migrating their systems today.

These warnings align closely with the latest developments in international cryptographic standards. In 2024, the U.S. National Institute of Standards and Technology (NIST) formally approved three post-quantum cryptography (PQC) standards — FIPS 203, FIPS 204, and FIPS 205 — covering core functions including key encapsulation and digital signatures, explicitly identifying them as measures to address the threat that future quantum computers pose to current encryption systems. In March 2025, NIST further selected HQC as a backup algorithm alongside ML-KEM, and again urged organizations to continue migrating to the post-quantum cryptographic standards finalized in 2024.

Chang is careful to clarify that "post-quantum cryptography" does not mean using quantum technology to perform encryption. Rather, it means adopting mathematical methods resistant to quantum attacks — replacing mechanisms that existing quantum algorithms could more readily compromise. The challenge, he emphasizes, has never been knowing what the new standards are called. The hard part is auditing existing systems, progressively replacing underlying cryptographic architecture, and maintaining compatibility and operational continuity throughout the entire transition.

For Taiwanese businesses, the question has long since moved past "should I buy a quantum computer right now?" The real question, Chang insists, is: which data, which systems, and which supply chain connections will be affected first when Q-Day arrives?

Finance, government, defense, healthcare, high-tech manufacturing — every sector holding long-term sensitive data faces not merely a future technical shock but a cryptographic audit that needs to begin now. Taiwan's central position in the global semiconductor and AI supply chain makes this particularly acute. Companies that lack sensitivity to encryption upgrades and PQC migration timelines risk facing greater pressure down the line on cross-border collaboration, supply chain verification, and cybersecurity compliance.

This is also why Chang has spent years building not just research infrastructure, but human capital. As Director of the Quantum Information Center at Chung Yuan Christian University — established with a deliberate focus on talent development and bridging academia with industry — he has pushed for what he calls the "Q-generation": a cohort of professionals who understand quantum technology deeply enough to navigate the coming transition. Quantum computers are already on the cloud, he notes. The golden period of quantum computing applications has arrived. The quantum Internet will soon provide faster and more secure endpoint connections. The redistribution of the world's wealth and power, as it has before, is being quietly activated again.

Chang's vision extends well beyond cybersecurity. In his framing, quantum technology is nothing less than civilization's third great lens — after the telescope that opened space, and the microscope that revealed the microcosm. With this third lens, humanity will be able to see and act on dimensions of reality previously inaccessible. The emerging quantum Internet, he suggests, may become the necessary infrastructure for the metaverse: capable of instantly conveying sensation and experience across a network that operates at the boundaries of physics.

But before that future arrives, there is an immediate reckoning to be made. When Chang talks about 2035, his point is not to provoke panic over a specific year. It is to make organizations recognize that quantum threats will not necessarily arrive on a single dramatic day — but if encryption migration does not begin now, there may not be enough time later.

Viewed this way, the most important thing about Q-Day may never have been whether it arrives on schedule. It is whether companies, even as standards, risks, and roadmaps grow steadily clearer, continue to treat it as someone else's problem. （Related： ASE Group Breaks Ground at Renwu Site, Expanding Advanced Testing Capacity in Kaohsiung ｜ Latest ）

AboutChang Ching-ray, Ph.D.

• IBM-NTU Q Hub Director
• Chair Professor, Department of Physics, Chung Yuan Christian University
• Director, Quantum Information Center, CYCU.
• Fellow, American Physical Society (APS)
• Fellow, IEEE
• Member, Research Institute for Engineering and Applications (RIEA)
• Former Acting President and Vice President, National Taiwan University
  

Source: Chung Yuan Christian University Quantum Information Center Website​

​Original Article in Chinese​