Could quantum computers break any cipher?

No, it is not.

Quantum computers can factor large numbers efficiently, which would allow to break many of the commonly used public key cryptosystems such as RSA, which are based on the hardness of factoring.

However, there are other cryptosystems such as lattice-based cryptography which are not based on the hardness of factoring, and which (to our current knowledge) would not be vulnerable to attack by a quantum computer.


Quantum computing holds lots of promise, but it is not infinitely powerful.

The (exaggerated) claims you've heard are probably based on the most famous quantum computing algorithm, Shor's algorithm. This is a method for using a quantum computer to factor integers into prime numbers. As it turns out, many encryption schemes rely on the fact that factoring large numbers is very hard. Messages can be encrypted fairly easily in such a way that only someone who knows the prime factorization of a particular number can decrypt them with any reasonable amount of effort. If you could quickly factor large numbers, you would break many present-day encryption schemes.

However, there are other techniques that are not immediately threatened by quantum computers. If nothing else, you can always use a one-time pad as long as the message itself. This is mathematically unbreakable, since any message can be "decrypted" from the encrypted one with the appropriate guess at the key, so there is no way for an eavesdropper to know the real message.

Quantum computation may also open the doors to next-generation ways of securely transmitting information. For example, most encryption today is just that -- scrambling the message so that only the intended recipient can make sense of it. But there may be good quantum ways to physically ensure eavesdroppers cannot access the transmission in the first place.


There is actually an entire complexity class devoted to the answer, which is "no, it cannot break any code." The class is known as BQP, or "bounded error quantum polynomial time." It is the class of decision problems which can be solved by a quantum computer in polynomial time, with no more than a 1/3 error margin (this error term is accounted for in a classical computation step which occurs after most quantum algorithms to verify that results are correct).

BQP is believed to have the following relations with other complexities:

  • Contains P (Polynomial Time)
  • Intersects, but probably does not fully contain NP (Nondeterministic Polynomial time)
    • Probably does not contain NP-complete (as a corollary)
  • Subset of PSPACE (Problems that are solvable with polynomial space requirements)

(The major unknown in that list is that it is not yet known if P=NP. The list assumes P!=NP, but if P=NP, clearly NP and NP-complete would also be part of BQP. We also don't know if NP=BQP or not. so much left to discover!)

RSA is crackable using quantum computers because the task of factoring large composite numbers is in BQP, as demonstrated by Shor's algorithm. Shor's algorithm is NP (but not NP-complete). There are other NP algorithms which are believed to be outside of BQP which can be used for encryption (The accepted answer links to lattice based cryptography, which is one such class of algorithms).