- Key insight: Two recent executive orders moved the federal deadline for quantum-resistant encryption forward to the end of 2030, a response to research that made breaking today's codes look far cheaper.
- Supporting data: Citi estimates a quantum-enabled attack on one of the five largest U.S. banks' Fedwire access could put $2 trillion to $3.3 trillion of U.S. GDP at risk.
- Forward look: The near horizon is 2030, when the National Institute of Standards and Technology plans to start retiring today's encryption and federal contractors must meet the new standards.
Overview bullets generated by AI with editorial review.
The federal government recently shortened its deadlines for replacing the encryption that guards sensitive data, responding to a year of research that suggests computers able to break today's codes are coming faster than experts previously expected.
President Trump signed two executive orders on the subject on June 22. One focused on defense, titled "
Banks are not named in the order, and it does not require them to do anything, but the financial industry runs on exactly the kind of encryption the order is racing to replace.
The same public-key cryptography the Trump and Biden administrations have been trying to leave behind also secures messaging between financial institutions, access to payment systems and years of stored customer data.
The new federal deadlines reset the clock against which the whole sector is migrating.
Citi Institute (the bank's research division) estimated such an attack would cost $2 trillion to $3.3 trillion in U.S. gross domestic product.
What the orders require
The first of Trump's orders on quantum computing requires agencies to, by the end of 2030, adopt new encryption standards built to withstand attacks from both ordinary and quantum computers.
That moves up a goal the previous administration set; a
The new deadlines bind the government and its contractors; the order tells federal contracting officials to write a rule requiring companies that sell to the government to meet the new standards by the end of 2030, and banks that hold federal contracts would fall under it.
The standards to which the order points come from the National Institute of Standards and Technology, or NIST, whose
The second order on quantum that Trump signed, titled "
The two orders reflect the opposite but complementary forces in the field of quantum computing research. The field has "an offensive mode and a defensive mode," according to Javad Shabani, a New York University physicist who directs its quantum institute.
In offensive mode scientists work on quantum computers to improve computation and unlock problems that are impossible to solve with today's computers, he said.
In defensive mode, scientists think about protecting systems and financial assets against such a powerful computer.
Shabani spoke at the Federal Reserve Bank of New York's Innovation Conference on June 26, on a panel of quantum specialists that mentioned the Trump orders.
Why the timeline moved
Washington moved because, on paper, breaking encryption got dramatically cheaper over the past year. Much of the research came from Google's quantum computing group.
In May 2025, Google researcher Craig Gidney
Most of the twentyfold improvement came not from better hardware but better algorithms. It's the kind of jump that happens suddenly rather than creeping in year by year.
In March, a team that included Gidney, his Google colleague Ryan Babbush, Stanford cryptographer Dan Boneh and the Ethereum Foundation's Justin Drake
They put the cost at under 500,000 qubits running for minutes. This is, again, about twenty times more efficient than earlier estimates. The mix of corporate, academic and cryptocurrency researchers gave the finding weight Google's solo research did not have.
The authors backed their finding with a proof that let outsiders verify and refine the result without publishing a working attack. So-called zero-knowledge proofs are a common technique in cryptographic research; they allow system defenders to know what attacks are possible without arming attackers.
The timeline was already getting shorter
Each year, the Global Risk Institute
By the next edition,
That latest survey closed before the elliptic-curve result, which could push the next estimate higher still.
Expert opinion on the timeline is an imperfect measuring stick, but it is one of the best available.
William Zeng, a partner at the quantum investment firm Quantonation who once ran quantum research at Goldman Sachs, explained on the June panel at the Fed's innovation conference why experts predict quantum computers are on the horizon despite the ones in existence today being relatively inept.
Zeng said he often gets questions about why he (and others) believe a powerful quantum computer is coming even though these machines have not factored any numbers bigger than 35.
Tracking the largest number a quantum computer has factored "is not the right measure for this problem," he said.
"It's like going to the Manhattan Project in 1943 and asking why they haven't made even a small nuclear explosion yet," Zeng said. "It's not an incremental kind of thing. You keep improving and improving, and then all of a sudden it goes."
Harvest now, decrypt later
Banks and other institutions with secrets to guard already face threats by actors looking to intercept encrypted data today and store it for a time when a quantum computer is strong enough to decrypt it. Security specialists call the tactic "harvest now, decrypt later."
Scott Crowder, who helped start the commercial quantum program at IBM, said on the Fed event panel that essentially anything sent over the internet in the past two decades (encrypted or not) should be treated as the kind of thing that can be harvested and later decrypted.
For banks, the data at risk has a long shelf life. Payment credentials, the keys that secure messages between institutions and customer records all stay sensitive for years, which is long enough to still matter when
(Q-Day is the industry's shorthand for the moment a quantum computer can break current encryption.)
That is why security officials treat the switch as urgent even though no quantum computer can break bank encryption today; anything stolen now can later be exposed.
The migration is not a simple software update. Post-quantum algorithms use larger keys and behave differently, and before a bank can swap in the new encryption, it has to find every instance of the old encryption, buried across its own systems and those of its vendors.
The nearest date is 2030, which is when NIST plans to start retiring the current encryption banks rely on and the same year the government's contractors have to have migrated.
So, for an industry that measures technology projects in years, the clock is running.
Joey Pizzolato contributed reporting.











