Q-Day 指能破解常用加密的具密码学相关性量子电脑出现之日，届时私人数位纪录可能变成公开秘密。全球风险研究院相关报告引述的专家调查估计：Q-Day 在 2035 年前发生的机率约三分之一，也有人猜测它已在暗中发生的机率约 15%。最关键的趋势是先收集、后解密：今天拦截的密文，未来硬体成熟后可被解开，让生物特征与情报等长期敏感资料多年后仍有价值。

公开金钥密码体系仰赖分解大数太慢：15 很快可分解，但 1,000 位数可能要耗上千年。RSA（1970 年代末）一旦能在足够可靠的量子位元上运行 Shor（1994）演算法就会失守。2019 年 Google 以 53 量子位元在 200 秒完成一项任务，估计若用 100,000 台传统电脑需约 10,000 年；其后 105 量子位元的 Willow 更大，但要用 Shor 破 RSA 仍可能需要数千到数百万量子位元。

风险可分为保密性与身分验证：不只窃听，还可能冒名发出指令，冲击电网、金融市场或军事系统。早期设备或许每天只能取得 1–2 把金钥，但若结合 AI，可挑选最具破坏性的目标。比特币被描述为特别脆弱：硬分叉需 51% 节点营运者同意并协调转移资产，且包含与中本聪相关、约 1,000 亿美元的钱包。防御面上，NIST 于 2016 年启动后量子算法遴选、于 2024 年发布首批标准，美国亦在 2025 年 1 月 17 日行政命令中要求比原 2035 期限更快导入，但 1990 年代遗留基础设施可能仍需数十年汰换。

Q-Day is when a quantum computer can break common encryption, turning private digital records into open secrets. A Global Risk Institute–linked survey cited a one-in-three chance Q-Day arrives before 2035, and some experts guessed a 15% chance it has already happened covertly. The key trend is harvest now, decrypt later: attackers can collect encrypted traffic today and unlock it later, so long-lived data (biometrics, intelligence) remains valuable for years.

Public-key crypto rests on factoring being infeasible: 15 is easy, but a 1,000-digit number could take millennia. RSA (late 1970s) fails if Shor’s 1994 algorithm runs on enough reliable qubits. In 2019 Google’s 53-qubit chip finished a task in 200 seconds that was estimated at 10,000 years on 100,000 classical computers; its newer 105-qubit Willow is bigger, but breaking RSA still likely needs thousands to millions of qubits.

Threats split into confidentiality and authentication: eavesdropping plus impersonation that can issue commands to grids, markets, or military systems. Early devices might yield only 1–2 keys per day, but AI could prioritize the most disruptive targets. Bitcoin is framed as especially brittle: a hard fork would need 51% of node operators and coordinated moves, including wallets tied to Satoshi holding about $100B. Mitigation is underway—NIST launched post-quantum selection in 2016, issued initial standards in 2024, and a Jan 17, 2025 U.S. order pushed adoption sooner than the 2035 deadline—yet 1990s-era legacy infrastructure can take decades to replace.