Q-Day is the point when quantum computers can break today’s widely used public-key cryptography in practice.
That definition is easy. The hard part is knowing what to watch in 2026, and what to ship before a real break becomes possible.
Andrew Cheung, Founder and CEO of 01 Quantum Inc, CTO at qLABS, focuses on 6 areas of interest for 2026 and a bonus tinfoil-hat hypothesis at the end.
1) The real Q-Day hardware milestone: logical qubits
Quantum roadmaps often lead with bigger qubit counts.
Andrew Cheung, Founder and CEO of 01 Quantum Inc, CTO at qLABS: “We believe that the advancement in error-corrected ‘logical’ qubits matters most and will be the game changer.”
Here is the plain-language distinction:
- Physical qubits are the raw hardware units on a chip. They are noisy. Errors accumulate fast.
- Logical qubits are stabilized qubits created by combining many physical qubits plus error correction. They are the units that matter for running long, complex algorithms.
More physical qubits help, but only if error rates and error correction improve. Otherwise you just scale noise.
“Quantum error-correction is a much faster and viable path to reach the Q-Day threshold than building more noisy qubits by brute force” Andrew added.
Andrew then gives his threshold figure for the kind of break people mean by “Q-Day.”
“Theoretically 372 error-corrected qubits are enough to bring Q-Day to the front line.”
Treat that number as Andrew’s practical yardstick, not a universal industry consensus. The point is directionally important: the relevant milestone is not “more qubits,” but “enough error-corrected logical qubits.”
2) HNDL and the “effective Q-Day” problem
Harvest Now, Decrypt Later (HNDL) is the strategy of collecting encrypted data today, storing it, and decrypting it later when compute catches up.
In quantum security, HNDL changes how you should think about timing. You do not need a public Q-Day event for damage to start. Data can be copied quietly and cracked years later.
Andrew: “The most alarming factor is the notorious HNDL attack, where hackers are obtaining your encrypted data now, hold on to them, and decrypt when they have access to a powerful enough quantum computer.”
This lands hardest on long-lived sensitive data: identity records, enterprise secrets, financial and legal records, and any communication that must remain confidential for years.
Crypto adds a second angle: public key exposure patterns. Many systems expose public keys on-chain, in mempools, or once an address spends. If a signature scheme becomes breakable, the attacker does not need permission to start collecting targets.
Andrew: “Public keys of a crypto wallet is a typical easy target that can be reverse engineered back to their private keys to empty the victims’ wallet.”
That framing leads to his “effective Q-Day” idea: the timeline is pulled forward by data collection and by on-chain key exposure.
“With HNDL in mind, the ‘effective Q-Day’ is not going to be 2029, 2028, or 2027. It is now and even yesterday.” Andrew stated.
3) Standards' progress: what’s done, and what changes in 2026
Standards are no longer theoretical. NIST has already published its first set of finalized post-quantum cryptography (PQC) standards (FIPS 203/204/205).
Andrew expects a second wave that matters for real deployments: more standards, validation paths, and procurement pressure.
Andrew Cheung: “Some standards and regulations have already been established, and more will come.”
In the interview, Andrew calls out Falcon and HQC as the next items teams should track.
Andrew Cheung: “We expect to see more PQC standards from NIST. Since FIP203/204/205, they have announced 2 more recommendations namely the Falcon and HQC algorithms”
The practical takeaway for 2026: assume NIST-aligned PQC will keep moving from “published” to “operationalized.” That includes tooling, guidance, and growing integration by major platforms.
4) Why crypto lags PQC adoption, and why L1 upgrades stay hard
Andrew’s core reason for crypto’s slow adoption is governance reality.
“We see that crypto is the most lagging field in the adoption of Q-Day protection. For the same decentralized nature that makes blockchain a successful architecture, it also makes PQC adoption in crypto tremendously hard.”
This is not about awareness. It is about coordination. A large network needs aligned clients, wallets, exchanges, custodians, infra providers, and governance processes.
Even when a community agrees, upgrading an existing L1 without breaking users remains difficult. Signature schemes are embedded everywhere: address formats, hardware wallets, transaction verification, and consensus rules.
Andrew uses Ethereum’s multi-year shift from PoW to PoS as a reminder of how long major upgrades can take, even with strong incentives: “The 5 years it took for ETH to simply move from PoW to PoS is the clearest evidence.”
This is not a prediction about any chain. It is a caution about timelines and coordination costs.
5) Two viable paths for L1s chains, and the approach Andrew favors
Andrew lists two routes that are feasible under real-world constraints:
- Option A: a new PQC L1 chain
- Option B: a mechanism that protects the base L1s
Andrew is explicit about which one he favors: “We chose the second option because not only the world doesn’t need another L1 chain but also it is way more difficult to gain trust for a new L1”
His preferred approach is to add a protective opt-in layer for the crypto assets of today which can help to save these assets until L1 chains manage to migrate to a new post-quantum infrastructure which is a long and complex undertaking.
Technically, he points to a “circuit breaker” design that sits on top of zero-knowledge proofs (ZKP) as the mechanism that can be adopted without rebuilding the base chain. An approach pioneered by qLABS, a quantum native crypto foundation advancing post-quantum technologies in web3.
“The only viable option for the base L1 chain to achieve PQC is to adopt a ‘circuit breaker’ technology on top of ZKP.”
He also notes that this technology has a patent filing, and frames it as the building block behind the Quantum-Sig smart contract wallet by qLABS and $qONE, the first quantum-resistant token on Hyperliquid, both to be released in Q1 2026.
6) 2025 urgency signals, and why 2026 accelerates adoption
Andrew’s view is that 2025 marked the shift from “research topic” to “conversion planning,” especially in enterprise and government.
“They started to pay attention to this inevitable Q-Day threat in 2025 and in 2026 they will probably commence their journey of quantum-safe conversion.” Andrew stated.
Public signals support that direction:
- Major platforms began shipping PQC features into widely used products and services.
- Governments continued issuing migration guidance and post-quantum timelines.
- Law enforcement actions highlighted how much value is concentrated in recoverable keys and custody.
Andrew also flags a visibility problem that markets often underestimate: progress in places that do not publish roadmaps.
“We believe any announcement from credible quantum computer vendors like Google, Microsoft, IBM, Honeywell, etc. should be treated seriously. However, let’s not forget about development in the closed world like China and Russia where their vendors never publicly announce their roadmaps.”
He uses the “DeepSeek moment” analogy to describe a surprise capability leap by an unexpected actor.
Andrew Cheung, Founder and CEO of 01 Quantum Inc, CTO at qLABS: “We all remember how ‘DeepSeek’ announced their success in AI that surprised the whole world”
Short hypothesis: “national Q-Day” and crypto seizures
Andrew frames “national Q-Day” as a hypothesis, not a confirmed fact. His argument is based on asymmetric capability: a state may have specialized systems that do one thing well, without public disclosure.
He points to high-profile crypto seizures where the government did not disclose operational methods: “All these events are pointing to the hypothesis that the ‘national Q-Day’ has indeed arrived”
What is public: U.S. agencies described a major seizure tied to a large “pig butchering” operation and related enforcement actions. What is not public: any specific technical method used to obtain keys or assets. Public reporting does not confirm quantum-based key recovery. Treat that gap as uncertainty, not evidence.
2026 watchlist: 5 signals to track
- Logical-qubit progress that clearly reduces error rates under real error correction, not just higher physical-qubit counts.
- NIST “second wave” movement: draft and final standards progress (including Falcon/FN-DSA and HQC-related work) plus implementation guidance.
- Platform enablement: PQC support becoming standard in operating systems, cloud KMS/HSM, and developer toolchains.
- Crypto infra opting in: wallets, custodians, and exchanges shipping hybrid PQC protection that preserves UX and liquidity.
- Government pressure signals: migration deadlines, procurement requirements, and continued high-value seizure activity with limited disclosure.
A direct 3-step action list for crypto teams
- Map exposure. Identify where public keys are exposed, where signatures are verified, and where long-lived data is stored or logged.
- Align with standards and guidance. Track NIST standards and government migration memos. Build crypto-agile interfaces so algorithms can be swapped without breaking products.
- Start an opt-in protection path. Avoid “big bang” migrations. Prototype a layered mechanism that can protect assets and signing flows in a hybrid infrastructure util full post-quantum cryptography (PQC) is available in Web3.
Conclusion
In 2026, the main question is not whether quantum risk is real. It is whether your systems can change fast enough when the timeline compresses. Track logical-qubit progress, follow standards and government guidance, and ship an opt-in protection path that keeps UX and liquidity intact. The teams that move now will not need perfect forecasts later. They will have a migration route already in production.
