In early March 2026, a wave of headlines announced a dramatic breakthrough in quantum computing. The Advanced Quantum Technologies Institute (AQTI) revealed a new algorithm called JVG—named after its creators Jesse Van Griensven, Victor Oliveira Santos, and Bahram Gharabaghi—that claimed to reduce the resources needed to break RSA encryption by a factor of one thousand. According to the announcement, the algorithm could factor the numbers protecting global finance, government communications, and digital identities using fewer than 5,000 qubits, potentially completing the task in just 11 hours . Social media and technology news outlets amplified the story, with some suggesting that the encryption protecting the internet’s infrastructure was on the verge of collapse. This investigation examines what the JVG algorithm actually claims, how the scientific community has responded, and what this means for the real, documented threat that quantum computing poses to global encryption.
Claim 1: The JVG algorithm represents a validated breakthrough that reduces the quantum resources needed to break RSA encryption by a factor of one thousand.
Evaluation: This claim originates from a press release issued by the Advanced Quantum Technologies Institute on March 2, 2026, and distributed through PR Newswire . The release announces research describing the JVG algorithm, a “hybrid method that restructures how quantum computers could approach integer factorization.” It states that the algorithm requires “thousand-fold less quantum computer resources, such as qubits and quantum gates” and that “research extrapolations suggest it will require less than 5,000 qubits to break encryption methods used in RSA and ECC” .
However, the scientific community’s response has been swift and devastating. Scott Aaronson, a professor of computer science at the University of Texas at Austin and one of the world’s leading experts in quantum computing, published a detailed critique on his blog, Shtetl-Optimized . He explains the paper’s fundamental flaw: the authors propose precomputing all possible values of a mathematical function on a classical computer and then loading them into the quantum state. The problem is that there are exponentially many such values. For RSA-2048, this would require precomputing and loading more values than there are atoms in the observable universe. Aaronson writes: “Computing them all takes exponential time, and loading them into the quantum computer also takes exponential time. We’re out of the n²-time frying pan but into the 2ⁿ-time fire. This can only look like it wins on tiny numbers; on large numbers it’s hopeless” .
Aaronson also notes several red flags. The paper did not appear on arXiv, the primary preprint server for physics and computer science, but on Preprints.org, a platform he associates with low-quality submissions. The claim was amplified by “clickbait link-farming news sites” but ignored by reputable science outlets, “even the usual quantum hypesters weren’t touching this one” . He concludes with strong language: “Often, when something is this bad, the merciful answer is to let it die in obscurity. In this case, I feel like there was a sufficient level of intellectual hooliganism, just total lack of concern for what’s true, that those involved deserve to have this Shtetl-Optimized post as a tiny bit of egg on their faces forever” .
Verdict: False. The JVG algorithm’s claims have been thoroughly debunked by experts in quantum computing. The fundamental mathematics does not work, and the algorithm would require exponential time on classical computers, negating any quantum advantage.
Claim 2: RSA-2048 can now be broken in 11 hours using fewer than 5,000 qubits.
Evaluation: This specific claim, cited in multiple news reports , is directly refuted by the expert analysis. The 11-hour figure and the 5,000-qubit requirement are extrapolations from the flawed JVG paper. Since the algorithm’s core approach is mathematically invalid for large numbers, these numbers are meaningless.
The confusion may arise from conflating two different things: physical qubits and logical qubits. Current quantum computers have physical qubits that are noisy and error-prone. Shor’s algorithm, the legitimate quantum factoring algorithm, requires millions of physical qubits to implement the error correction needed for reliable computation. The JVG claim of 5,000 qubits likely refers to physical qubits, but even if that number were accurate, the algorithm’s exponential classical precomputation makes it useless .
The Privacy Guides article notes this crucial caveat: “It’s important to note that Shor’s algorithm has been heavily studied and scrutinized over decades while this algorithm is quite new, so these claims haven’t had the same scrutiny” . That scrutiny has now arrived, and the algorithm has failed it.
Verdict: False. The specific numbers are based on a debunked algorithm. No credible evidence supports the claim that RSA-2048 can be broken in 11 hours with 5,000 qubits.
Claim 3: The quantum threat to encryption is still decades away, so there is no urgency to prepare.
Evaluation: This claim represents the opposite extreme from the JVG hype, and it is equally incorrect. While the JVG algorithm is not a valid breakthrough, the broader threat from quantum computing to encryption is real, documented, and approaching faster than many organizations realize.
Amazon’s Chief Technology Officer Werner Vogels, in his annual technology predictions published January 2026, warned that the timeline has accelerated dramatically. He noted that estimates for breaking 2,048-bit RSA have fallen from 20 million qubits six years ago to under one million today, a 95 percent reduction . This progress comes from real advances: AWS’s Ocelot quantum chip reduces error correction overhead by 90 percent, Google’s Willow chip demonstrates exponential error reduction, and IBM has announced a roadmap to fault-tolerant quantum computing by 2029 .
The “harvest now, decrypt later” threat is already active. Nation-states and criminal groups are collecting encrypted data today, storing it until quantum computers become powerful enough to decrypt it . This means that data with long-term sensitivity—financial records, health information, state secrets, intellectual property—is at immediate risk.
Major governments and international bodies have set firm timelines. The G7 Cyber Expert Group, in a January 2026 statement, identified 2035 as an overall target date for completing the transition to quantum-resistant cryptography, with critical systems prioritized for 2030-2032 . The European Commission’s recommendation sets milestones: national plans by December 2026, high-risk use cases by 2030, and broad completion by 2035 . In the United States, NIST and NSA guidance will deprecate RSA and ECC by 2030 and disallow them entirely by 2035 .
Palo Alto Networks’ Anand Oswal explains why this timeline is so pressing: large-scale cryptographic migrations typically take five to ten years for complex enterprises . An organization starting today barely meets the 2035 deadline. Any delay creates risk of non-compliance, inoperable systems, and data breaches.
Verdict: False. The quantum threat is not decades away. Major governments and industry bodies have established firm timelines for transition, and the “harvest now, decrypt later” risk is already present.
Claim 4: Post-quantum cryptography standards are ready, and organizations are actively transitioning.
Evaluation: This claim requires nuance. Post-quantum cryptography (PQC) standards are indeed ready. NIST has finalized new algorithms, and they are being integrated into products. Microsoft, Apple, and Google have incorporated ML-KEM (based on lattice cryptography) into Windows, iOS, and Chrome . Signal and iMessage have implemented PQC for end-to-end encryption .
However, the claim that organizations are actively transitioning is overstated. The Entrust/Ponemon Institute study published January 2026 surveyed over 4,000 IT and security professionals worldwide. It found that only 38 percent of global organizations and 40 percent of U.S. organizations reported actively transitioning to post-quantum cryptography—a decline from 41 percent the previous year .
The barriers are significant. Limited visibility into cryptographic assets was cited by 41 percent as the top obstacle. Budget concerns rose to 39 percent, and lack of expertise to 38 percent . Only 43 percent reported having full visibility into the certificates in their enterprises, making it difficult even to know where to begin .
The transition challenge is immense. Beyond visibility, organizations face the complexity of updating millions of devices, many with long lifecycles and embedded firmware that cannot be easily upgraded. Internet of Things devices, industrial control systems, and satellite communications equipment present particular difficulties .
Verdict: Partially True. PQC standards exist and are being deployed in some applications, but the majority of organizations are not actively transitioning, and significant barriers remain.
Claim 5: Certificate lifetimes are collapsing to 47 days, creating an automation crisis that will force organizations to modernize their cryptographic infrastructure.
Evaluation: This claim is accurate and represents a parallel deadline to the quantum threat. The Certificate Authority/Browser Forum has mandated a rapid reduction in the validity period of public TLS certificates. Lifetimes will shrink from the current 398 days to 200 days, then to 100 days, and ultimately to 47 days by 2029 .
For organizations that manage certificates manually using spreadsheets or ad hoc processes, this change will be impossible to sustain. The renewal workload increases exponentially as certificate lifetimes decrease. DigiCert’s 2026 outlook emphasizes that this change “will make manual processes untenable, driving organizations to fully automate certificate management to prevent outages” .
This automation requirement intersects with the quantum transition. The same automation capabilities needed to handle short-lived certificates are also essential for deploying new cryptographic algorithms across an enterprise. Organizations that fail to automate will face both outages from expired certificates and inability to migrate to quantum-safe algorithms at scale .
The G7 Cyber Expert Group’s roadmap explicitly includes “cryptographic agility” as a goal—the ability to replace cryptographic methods without rebuilding entire systems . This agility depends on automation and visibility, the very capabilities that organizations currently lack.
Verdict: True. Certificate lifetimes are collapsing to 47 days, and this will force automation. The timeline is mandated and verified by multiple sources.
Claim 6: Most organizations are prepared for the quantum threat and have full visibility into their cryptographic assets.
Evaluation: This claim is directly contradicted by survey data. The Entrust/Ponemon Institute study found that only 43 percent of organizations have full visibility into their certificates . This figure has not improved significantly from the previous year, indicating that progress has stalled.
The consequences of this lack of visibility are severe. Without knowing where keys and certificates are stored, how they are used, and when they expire, organizations cannot automate renewal, transition to quantum-safe algorithms, or prevent outages. The study found that 68 percent of respondents say managing cryptographic assets is extremely or very difficult .
The G7 Cyber Expert Group’s roadmap emphasizes that “discovery and inventory” is a foundational phase of migration. Organizations must create a “comprehensive inventory of cryptographic assets, communication protocols, and relevant third-party dependencies” before they can proceed to risk assessment and migration execution . Most organizations have not completed this essential first step.
Verdict: False. Survey data shows that less than half of organizations have full cryptographic visibility, and most find cryptographic asset management difficult.
Conclusion: Hype, Reality, and the Clock That Is Ticking
The JVG algorithm controversy illustrates two enduring patterns in discussions of quantum computing: exaggerated claims of breakthrough that collapse under expert scrutiny, and the genuine, documented progress that demands attention.
The JVG algorithm is not a valid breakthrough. Leading experts have explained its fundamental mathematical flaw: it attempts to solve an exponential problem with exponential precomputation, achieving nothing . The algorithm’s promotion through press releases rather than peer-reviewed scientific channels, and its amplification by clickbait sites rather than reputable science outlets, should have been warning signs . For those seeking to understand the real state of quantum computing, the lesson is to seek out expert consensus and peer-reviewed literature, not press releases.
But the real story is not that the JVG claims are false. The real story is that the quantum threat is advancing rapidly through legitimate channels, and most organizations are unprepared. Amazon’s CTO warns that estimates for the required qubits have fallen by 95 percent in just six years . Major technology companies are demonstrating steady progress toward fault-tolerant quantum computing . Governments have set firm deadlines: deprecation of RSA and ECC by 2030, disallowance by 2035 .
The “harvest now, decrypt later” threat means that data with long-term sensitivity is already at risk . Financial records, health information, intellectual property, and state secrets collected today may be decrypted tomorrow.
Yet survey data shows that only 38 percent of organizations are actively transitioning to post-quantum cryptography, and fewer than half have full visibility into their cryptographic assets . The barriers—limited visibility, budget constraints, lack of expertise—are not improving .
Meanwhile, certificate lifetimes are collapsing to 47 days, forcing automation and cryptographic agility . This parallel deadline may ultimately drive the quantum transition, as organizations are forced to modernize their cryptographic infrastructure to handle short-lived certificates and can then extend that capability to deploy quantum-safe algorithms.
The path forward is clear but demanding. Organizations must inventory their cryptographic assets, develop migration plans, demand post-quantum roadmaps from vendors, and deploy crypto-agile designs . Governments and international bodies have provided roadmaps and timelines . The standards are ready . The technology exists.
The JVG algorithm was a distraction, but the underlying threat it purported to address is real. The clock is ticking, and it is not measured in decades.
