THE EMPEROR’S NEW QUBITS

Quantum Computing, the Encryption Mirage, and the Constitutional Stakes of a Trillion-Dollar Fraud

I. Introduction: The Spectre That Isn’t

A spectre is haunting cybersecurity—the spectre of the quantum computer. Or so we are told. Governments have poured approximately fifty billion dollars into quantum computing research globally.¹ Publicly traded quantum firms have achieved multi-billion-dollar valuations on virtually no revenue.² NIST has issued new post-quantum cryptography standards.³ Executive orders have been signed. Entire regulatory frameworks have been erected around the premise that quantum computers will, within the foreseeable future, shatter the mathematical foundations of public-key encryption. The story is familiar: Shor’s algorithm, published in 1994, demonstrated that a sufficiently powerful quantum computer could factor large integers in polynomial time, rendering RSA, elliptic-curve cryptography, and Diffie-Hellman key exchange obsolete.⁴

There is one small difficulty with this narrative. No logical qubit of the kind required to execute Shor’s algorithm at cryptographically relevant scale exists. No quantum computer has ever factored a number larger than thirty-five using Shor’s algorithm—and even that attempt failed.⁵ The largest number successfully factored by a quantum computer without what the literature politely calls “sleight-of-hand” preprocessing is twenty-one. A 1981 Commodore VIC-20 with 3.5 kilobytes of usable RAM can replicate or exceed every published quantum factorisation record.⁶ So can an abacus. So, as Gutmann and Neuhaus demonstrated with characteristic Auckland dryness, can a dog.

This essay argues that the quantum computing industry’s claims regarding the imminent threat to encryption constitute, in the aggregate, a pattern of material misrepresentation with profound constitutional implications. The analysis proceeds in four parts. Part II examines the factual state of quantum computing and its actual capacity to threaten encryption. Part III situates encryption within the constitutional architecture of the Fourth and Fifth Amendments. Part IV analyses the securities-fraud implications of quantum hype under federal law. Part V considers the policy consequences of misallocating resources to a phantom threat while real cryptographic vulnerabilities go unaddressed.

II. The State of the Art: Physics Experiments Masquerading as Computers

A. What Quantum Computers Have Actually Achieved

To understand why the quantum threat to encryption is not merely exaggerated but functionally non-existent for any reasonable planning horizon, one must grasp what quantum computers have actually done—as distinct from what press releases claim they have done.

Peter Shor’s 1994 algorithm showed that integer factorisation could be performed in polynomial time on a quantum computer.⁴ In 2001, an IBM team used nuclear magnetic resonance to factor the number fifteen.⁷ Eleven years later, a group at Bristol extended this to twenty-one.⁸ In 2019, an attempt to factor thirty-five failed.⁵ Since then, no legitimate new factorisation records have been set.

The Gutmann-Neuhaus paper, published through the IACR Cryptology ePrint Archive in 2025, is devastating in its simplicity.⁵ The authors demonstrate that every published quantum factorisation “record”—including claims of factoring numbers of twenty thousand bits and above—was achieved through preprocessing that rendered the quantum computation trivial. The standard technique involves selecting numbers whose prime factors differ by only a few bits, so that a simple square-root approximation yields the answer. This is not factorisation in any cryptographically meaningful sense. FIPS 186 requires that RSA prime factors differ by at least one hundred bits precisely to prevent such trivial attacks.⁶ Quantum researchers have systematically ignored this requirement to produce impressive-sounding headlines.

As the cryptographer Bruce Schneier observed upon reviewing the paper, the largest number legitimately factored by a quantum computer remains thirty-five—and that factorisation failed.⁹ Scott Aaronson, perhaps the world’s most prominent quantum computing theorist and a consistent defender of the field’s long-term prospects, has acknowledged that asking when quantum computers will factor large numbers is comparable to asking Manhattan Project physicists in 1943 when they would produce a small explosion. The relevant question is not whether the physics is sound in principle but whether the engineering is anywhere near the threshold of practical capability.¹⁰ By every available empirical metric, the answer is no.

B. The Error-Correction Chasm

The fundamental obstacle to cryptographically relevant quantum computing is error correction. Contemporary quantum computers suffer error rates of approximately one error per few hundred operations.¹ To execute Shor’s algorithm against a 2048-bit RSA key, a quantum computer would require thousands of logical qubits, each constructed from many thousands of error-prone physical qubits. Craig Gidney’s 2025 paper estimated that fewer than one million noisy physical qubits might suffice—a dramatic reduction from his 2019 estimate of twenty million.¹¹ But this remains a theoretical estimate assuming hardware parameters that no existing machine approaches.

Google’s Willow chip, announced in December 2024, achieved quantum error correction below the surface code threshold using 101 physical qubits at code distance seven, producing a logical error rate of 0.143 percent per cycle.¹² This is a genuine scientific achievement. It is also approximately five orders of magnitude short of what would be required to run Shor’s algorithm on a cryptographically relevant number. IBM has announced plans for fault-tolerant quantum computing by 2029, with current processors running circuits of approximately five thousand two-qubit gates.¹³ Breaking RSA-2048 would require circuits containing billions of gates operating on hundreds of qubits with near-perfect fidelity.

The gap between what exists and what is required is not merely large; it is of a different character than the gaps that separate engineering challenges from their solutions. Microsoft’s quantum computing framework categorises current machines as “Level 1”—noisy, intermediate-scale devices with roughly one thousand qubits—while a cryptographically relevant machine would require “Level 3,” meaning hundreds of thousands or millions of error-corrected qubits.¹⁴ No credible roadmap exists for traversing this gap within the next decade. The most optimistic industry timelines—those produced by companies with direct financial interests in maintaining hype—place “quantum advantage” by 2026 and fault tolerance by 2029.¹³ But “quantum advantage” means outperforming classical computers on specific benchmark problems, not breaking encryption. And “fault tolerance” on the industry’s own roadmaps means small-scale demonstrations, not the million-qubit machines required for cryptanalysis.

The physicist Sankar Das Sarma, a professor at the University of Maryland who has published over a hundred technical papers on quantum computing, has stated plainly that the field’s commercialisation potential remains unclear and that vague claims about practical applications amount to “hoping for the best, not technology.”¹⁵ Nikita Gourianov, an Oxford physicist, has described the quantum computing sector as a classic bubble driven by investors who have no understanding of quantum physics and by researchers who have learned that exaggeration attracts funding.¹⁶

III. Encryption and the Constitution: The Fourth and Fifth Amendment Dimensions

A. The Fourth Amendment’s Digital Frontier

The Fourth Amendment provides that “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.”¹⁷ Since Justice Harlan’s concurrence in Katz v. United States, the operative test has been whether an individual has a “reasonable expectation of privacy” that society is prepared to recognise.¹⁸

The Supreme Court’s digital-age Fourth Amendment jurisprudence has moved decisively toward stronger protections. In Riley v. California, the Court unanimously held that police may not search a cell phone incident to arrest without a warrant, reasoning that the immense storage capacity of modern phones makes them qualitatively different from the wallets and address books that earlier precedent had addressed.¹⁹ In Carpenter v. United States, the Court held that accessing historical cell-site location information constitutes a Fourth Amendment search, recognising that digital surveillance technologies give the government capabilities that the Framers could not have imagined.²⁰

Encryption is the mechanism by which the Fourth Amendment’s protections are given practical effect in the digital world. When a citizen encrypts her communications, she is doing the digital equivalent of closing her curtains, locking her door, and sealing her correspondence—acts that the Fourth Amendment has always protected. The Senate Republican Policy Committee has recognised this explicitly, observing that encryption “underpins the modern internet and is critical to nearly every part of the American economy and national security” and that the Fourth Amendment’s warrant process makes no exception for encrypted data.²¹

This constitutional architecture depends upon encryption’s continued mathematical integrity. If a technology genuinely threatened to break encryption at scale, the constitutional implications would be profound: the Fourth Amendment’s protections would become effectively unenforceable against a government equipped with such technology. The historical analogy is to the “writ of assistance”—the general warrant that allowed British customs officers to search any premises at will—which was among the principal grievances that animated the Fourth Amendment’s adoption. A quantum computer capable of breaking RSA would be a digital writ of assistance, enabling warrantless access to every encrypted communication, financial record, and medical file.

B. The Fifth Amendment and Compelled Decryption

The Fifth Amendment’s privilege against self-incrimination intersects with encryption law in the compelled-decryption context.²² Courts have struggled with whether compelling a suspect to provide an encryption password constitutes testimonial self-incrimination. The prevailing distinction holds that while providing a physical key (or biometric) may be compelled, revealing the contents of one’s mind—such as a memorised password—is testimonial and therefore protected.

The quantum threat narrative muddies this constitutional water. If the government could simply break encryption without requiring a suspect’s cooperation, the Fifth Amendment question becomes moot—not because it has been resolved but because the constitutional protection has been rendered technologically irrelevant. The false promise that such capability is imminent distorts the policy debate by suggesting that compelled-decryption doctrine is a temporary legal curiosity rather than a permanent feature of the constitutional landscape.

Moreover, if government actors have been acquiring and stockpiling encrypted data under a “harvest now, decrypt later” theory—and multiple credible reports indicate that they have²³—then the constitutional implications extend further. The seizure of encrypted communications for later decryption, premised on the expectation that quantum computers will eventually render those communications legible, constitutes a present-tense seizure based on a speculative future capability. Under Carpenter’s reasoning, the comprehensive nature of such a programme would implicate Fourth Amendment protections regardless of whether the data is ever actually decrypted.²⁴

IV. Quantum Hype as Securities Fraud

A. The Regulatory Framework

Section 10(b) of the Securities Exchange Act of 1934 and SEC Rule 10b-5 prohibit, in connection with the purchase or sale of securities, the making of any untrue statement of material fact or the omission of a material fact necessary to make statements not misleading.²⁵ The test for materiality is whether there is a substantial likelihood that a reasonable investor would consider the information important in making an investment decision. The test for scienter is whether the defendant acted with knowledge of the misrepresentation or with reckless disregard for its truth.

B. The Quantum Computing Industry’s Track Record

The quantum computing sector has produced a remarkable number of securities-fraud allegations in a remarkably short time. Quantum Computing Inc. (“QCI”), a NASDAQ-listed company that reached a valuation exceeding two billion dollars despite virtually no revenue, is the subject of multiple class-action securities-fraud lawsuits. Investigative reports allege that QCI fabricated technical achievements, overstated partnerships with NASA, and misrepresented the capabilities of its purported quantum chip foundry in Arizona.² When investigators visited the Arizona facility, they found it unable to substantiate QCI’s core claims.

IonQ, the first “pure-play” public quantum computing company, was the subject of a blistering short-seller report by Scorpion Capital in 2022, which described the company’s technology as incapable of performing basic arithmetic and its CEO’s educational credentials as apparently fabricated. A class-action securities-fraud complaint followed.²⁶ D-Wave, another publicly traded quantum company, has faced separate fraud allegations from short-sellers claiming that its quantum annealing technology provides no advantage over conventional computing.

These are not isolated instances of corporate malfeasance. They are symptoms of a structural pathology. The quantum computing industry is characterised by the systematic presentation of theoretical possibilities as imminent capabilities, the conflation of laboratory demonstrations with commercially viable products, and the exploitation of public scientific illiteracy to inflate valuations. When a company tells investors that its technology can “revolutionise” an industry while its machines cannot factor the number thirty-five, the gap between representation and reality exceeds any reasonable definition of “puffery” and enters the domain of material misrepresentation.

C. The “Quantum Threat” Narrative as Market Manipulation

The broader narrative that quantum computers pose an imminent threat to encryption functions as a species of market manipulation, even when it is not advanced by any single company. The narrative creates demand for “post-quantum” cryptography products and services; drives government procurement spending; justifies continued public funding for quantum research programmes; and inflates the valuations of quantum computing companies. Each of these effects benefits identifiable market participants who have financial interests in maintaining the narrative.

The Howey test for determining whether an arrangement constitutes an investment contract—and therefore a security—asks whether there is an investment of money in a common enterprise with the expectation of profits derived from the efforts of others.²⁷ When investors purchase shares in quantum computing companies based on representations about the imminence of fault-tolerant quantum computing, and those representations are materially misleading, the elements of securities fraud are met regardless of whether the company’s physicists believe, in good faith, that fault tolerance will eventually be achieved. The law does not require that a misrepresentation be a deliberate lie; reckless disregard for the truth—the publication of breathless timelines that no competent physicist would endorse under oath—is sufficient.

V. Policy Consequences: The Opportunity Cost of Phantom Threats

A. The Misallocation of Cryptographic Resources

The most consequential harm of the quantum encryption narrative is not that it is false but that it diverts attention and resources from real and present threats. As the RSA Corporation’s own security blog has observed, the Change Healthcare breach was accomplished with stolen credentials and disabled multi-factor authentication—not quantum computers.²⁸ The Scattered Spider attacks succeeded through social engineering of IT helpdesk staff. The overwhelming majority of data breaches exploit human error, credential theft, and software misconfigurations—problems that exist today and that existing technology can mitigate.

Yet government budgets increasingly prioritise “post-quantum” migration over the mundane but critical work of patching systems, enforcing multi-factor authentication, and training personnel. NIST’s guidance calls for deprecating current cryptographic systems by 2030 and prohibiting them by 2035²⁹—a timeline driven not by demonstrated quantum capability but by the precautionary logic of a threat that does not yet exist and may not materialise within the lifetimes of anyone reading this document. This is equivalent to diverting the fire department’s budget to prepare for a meteor strike while houses are burning.

B. The First Amendment and Encryption as Speech

The quantum threat narrative also distorts the ongoing First Amendment debate over encryption regulation. The Ninth Circuit’s decision in Bernstein v. United States Department of Justice held that computer source code is protected speech under the First Amendment,³⁰ and the Sixth Circuit reached a similar conclusion in Junger v. Daley.³¹ The logical extension of these holdings is that encryption software—the means by which citizens exercise their Fourth Amendment rights in digital form—enjoys First Amendment protection as well.

When policymakers invoke the quantum threat to justify mandating backdoors, requiring key escrow, or weakening encryption standards, they are leveraging a fiction to erode constitutional protections. The argument has a seductive logic: if quantum computers will break encryption anyway, why not give law enforcement access now? The answer is that the premise is false. Quantum computers will not break encryption within any reasonable policy horizon. The largest number factored by a quantum computer remains twenty-one. NIST itself has stated that 2048-bit RSA keys should continue to offer sufficient protection through at least 2030.²⁸ The “harvest now, decrypt later” threat model, while theoretically coherent, depends entirely on the assumption that cryptographically relevant quantum computers will be built within the secrecy lifetime of the harvested data. For most practical purposes, that assumption is unfounded.

C. The Democratic Costs of Manufactured Urgency

Perhaps the most insidious effect of the quantum hype cycle is its distortion of democratic deliberation. When legislators and regulators are told—by lobbyists, defence contractors, and quantum computing companies—that encryption will be broken within five to fifteen years, they make policy on the basis of false information. The result is legislation that is either premature (mandating costly transitions that are not yet necessary) or counterproductive (weakening encryption in the name of preparing for a threat that does not exist).

The Communications Assistance for Law Enforcement Act of 1994³² was enacted in response to a genuine technological shift: the transition from analogue to digital telecommunications made lawful wiretaps more difficult to execute. CALEA imposed reasonable obligations on carriers to maintain intercept capabilities. The quantum threat, by contrast, involves no analogous shift. No quantum computer can decrypt anything today. The appropriate policy response is continued monitoring and gradual adoption of post-quantum standards as they mature—not panic-driven mandates that benefit the quantum computing industry at the public’s expense.

VI. Conclusion: Distinguishing Physics from Fraud

Quantum computing is a legitimate field of physics with genuine scientific interest. Superposition and entanglement are experimentally verified phenomena. Fault-tolerant quantum computing may eventually be achievable. These propositions are not in dispute.

What is in dispute—and what this essay has argued—is the claim that quantum computers pose a meaningful threat to encryption within any legally or strategically relevant timeframe. The empirical record is unambiguous. No quantum computer has legitimately factored any number that a 1981 home computer cannot also factor. The largest legitimate factorisation stands at twenty-one. The error-correction requirements for cryptographically relevant computation are orders of magnitude beyond current capabilities. Every publicly traded quantum computing company that has been subjected to serious financial scrutiny has faced fraud allegations. The entire industry operates on a cycle of hype, speculative valuation, and government subsidy that bears more resemblance to the perpetual-motion-machine promotions of the nineteenth century than to legitimate technological development.

The constitutional implications of this fraud are not abstract. Encryption is the practical mechanism by which the Fourth Amendment’s protections are enforced in the digital age. The Fifth Amendment’s privilege against compelled self-incrimination depends in part on the government’s inability to access encrypted data without the suspect’s cooperation. The First Amendment protects the software that implements encryption. Each of these protections is undermined when policymakers accept false claims about the imminence of quantum decryption and enact legislation that weakens cryptographic standards or mandates government access to encrypted communications.

The physicist Peter Gutmann has proposed rigorous standards for evaluating future quantum factorisation claims—standards that, if applied, would prevent the kind of “stunt factorisations” that have characterised the field to date.⁵ Similarly, the law must develop standards for evaluating the technological claims upon which policy is based. When a company tells investors that its technology will revolutionise computing, it should be required to substantiate that claim with the same rigour that the FDA demands of pharmaceutical companies. When a government agency tells Congress that a technology will render encryption obsolete, it should be required to identify the specific engineering milestones that must be achieved and the evidence that those milestones are achievable within the claimed timeframe.

The Constitution was designed to protect citizens against the exercise of arbitrary power. In the digital age, encryption is the citizen’s first line of defence. The quantum computing industry’s assault on the credibility of that defence—conducted through press releases, investor decks, and lobbying campaigns rather than through demonstrated capability—is a constitutional harm that the law must address. The emperor has no qubits. It is past time we said so.

Notes

¹ Riverlane, The Quantum Error Correction Report 2025, at 14–18 (Nov. 2025); Global government funding for quantum computing has reached approximately $50 billion.

² Capybara Research, Quantum Computing Inc.: An Apparent Fraud (Jan. 2025); Iceberg Research, QCI Report (2024); In re Quantum Computing Inc. Sec. Litig. (multiple class actions filed, S.D.N.Y. 2025).

³ Nat’l Inst. of Standards & Tech., FIPS 203, FIPS 204, FIPS 205 (Aug. 2024); NIST Selects HQC as Fifth Algorithm for Post-Quantum Encryption (Mar. 11, 2025).

⁴ Peter Shor, Algorithms for Quantum Computation: Discrete Logarithms and Factoring, in Proceedings of the 35th Annual Symposium on Foundations of Computer Science 124 (1994).

⁵ Peter Gutmann & Stephan Neuhaus, Replication of Quantum Factorisation Records with an 8-bit Home Computer, an Abacus, and a Dog, Cryptology ePrint Archive, Paper 2025/1237 (2025) (last revised Dec. 1, 2025).

⁶ Id. at §§ 3–4; see also FIPS 186-5 § B.3.1 (requiring |p − q| > 2^n/2−100).

⁷ Lieven M.K. Vandersypen et al., Experimental Realization of Shor’s Quantum Factoring Algorithm Using Nuclear Magnetic Resonance, 414 Nature 883 (2001).

⁸ Enrique Martín-López et al., Experimental Realization of Shor’s Quantum Factoring Algorithm Using Qubit Recycling, 6 Nature Photonics 773 (2012).

⁹ Bruce Schneier, Cheating on Quantum Computing Benchmarks, Schneier on Security (July 31, 2025).

¹⁰ Scott Aaronson, Quantum Computing Bombshells That Are Not April Fools, Shtetl-Optimized (Apr. 1, 2026) (comment #21: “Once you understand quantum fault-tolerance, asking ‘so when are you going to factor 35 with Shor’s algorithm?’ becomes sort of like asking the Manhattan Project physicists in 1943, ‘so when are you going to produce at least a small nuclear explosion?’”).

¹¹ Craig Gidney, How to Factor 2048 Bit RSA Integers in 8 Hours Using 20 Million Noisy Qubits, 20 Quantum 433 (2021); cf. Craig Gidney, Factoring 2048-bit RSA with Fewer Than a Million Noisy Qubits (2025) (arXiv preprint).

¹² Google Quantum AI, Quantum Error Correction Below the Surface Code Threshold, 637 Nature 920 (2024).

¹³ IBM, IBM Delivers New Quantum Processors, Software, and Algorithm Breakthroughs on Path to Advantage and Fault Tolerance (Nov. 12, 2025).

¹⁴ Dina Genkina, Neutral Atom Quantum Computing: 2026’s Big Leap, IEEE Spectrum (Feb. 9, 2026) (describing Microsoft’s three-level framework for quantum computing progress).

¹⁵ Sankar Das Sarma, Quantum Computing Has a Hype Problem, MIT Tech. Rev. (Mar. 28, 2022).

¹⁶ Nikita Gourianov, Quantum Computing Is Overhyped, Financial Times (Aug. 2022); see also Computing, Oxford Physicist: Quantum Computing Is Overhyped Scam (Sept. 5, 2022).

¹⁷ U.S. Const. amend. IV.

¹⁸ Katz v. United States, 389 U.S. 347, 361 (1967) (Harlan, J., concurring).

¹⁹ Riley v. California, 573 U.S. 373, 386 (2014).

²⁰ Carpenter v. United States, 585 U.S. 296, 305 (2018).

²¹ U.S. Senate Republican Policy Comm., Encryption Technology (July 31, 2020).

²² U.S. Const. amend. V; see also Doe v. United States, 487 U.S. 201, 210 (1988) (distinguishing testimonial from physical acts for Fifth Amendment purposes).

²³ Citi Inst., The Trillion-Dollar Security Race: Quantum Threat 6–12 (Jan. 2026); U.S. Cybersecurity Mag., The Quantum Threat Is Already Here: We Just Can’t See It Yet (Jan. 2, 2026).

²⁴ See Orin S. Kerr, Fourth Amendment Seizures of Computer Data, 119 Yale L.J. 700, 703 (2010).

²⁵ 15 U.S.C. § 78j(b); 17 C.F.R. § 240.10b-5.

²⁶ Scorpion Capital, IonQ: A Scam CV Disguised as a Company (May 2022); Glancy Prongay & Murray LLP v. IonQ, Inc., No. 1:22-cv-04099 (E.D.N.Y. filed May 6, 2022).

²⁷ SEC v. W.J. Howey Co., 328 U.S. 293, 301 (1946).

²⁸ RSA Blog, Setting the Record Straight on Quantum Computing and RSA Encryption (Nov. 14, 2025).

²⁹ NIST IR 8547, Transition to Post-Quantum Cryptography Standards (2024); Exec. Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity (Jan. 16, 2025).

³⁰ Bernstein v. U.S. Dep’t of Justice, 176 F.3d 1132, 1141 (9th Cir. 1999) (holding source code is protected speech under the First Amendment), reh’g granted, opinion withdrawn.

³¹ Junger v. Daley, 209 F.3d 481, 485 (6th Cir. 2000).

³² Communications Assistance for Law Enforcement Act, Pub. L. No. 103-414, 108 Stat. 4279 (1994) (codified at 47 U.S.C. §§ 1001–1010).