IonQ’s 2025 Roadmap: Toward a Cryptographically Relevant Quantum Computer by 2028

IonQ’s Roadmap to 2028: CRQC Within Reach?

IonQ has unveiled an accelerated quantum computing roadmap that, if realized, could deliver a cryptographically relevant quantum computer (CRQC) as early as 2028. In a June 2025 announcement, the Maryland-based quantum startup – known for its trapped-ion technology – outlined dramatic scaling milestones enabled by recent acquisitions and technical breakthroughs. By leveraging Oxford Ionics’ chip-integrated ion traps and Lightsynq’s photonic interconnects (IonQ’s recent acquisitions), IonQ plans to boost its qubit counts by orders of magnitude. The company’s new timeline projects a jump from today’s tens of qubits to ~20,000 physical qubits by 2028, spread across two entangled chips, and reaching ~2,000,000 physical qubits by 2030. Crucially, IonQ estimates this will equate to about 1,600 error-corrected logical qubits in 2028, and on the order of 40,000–80,000 logical qubits by 2030 as error-correction improves. For context, “logical” qubits are the error-protected bits after applying quantum error correction – the effective computing units needed for breaking cryptography.

These ambitious targets far outstrip IonQ’s previous goals and could potentially make it the first vendor to achieve a CRQC – a quantum machine capable of cracking modern encryption. IonQ’s CEO Peter Chapman has likened the 2028 system to a “distributed quantum supercomputer,” enabled by modular photonic networking between ion-trap chips. The company expects to offer this interconnected commercial system by 2028, aiming for enterprise-grade error rates (~10⁻⁷ per logical operation) by that time. By 2030, IonQ anticipates pushing logical error rates below 10⁻¹², suitable for high-stakes uses in secure communications and defense. In short, IonQ is proclaiming that the pieces needed for a cryptanalysis-worthy quantum computer will be in hand by the end of this decade.

IonQ’s 2025–2030 roadmap highlights:

• 2025: System with ~100 physical trapped-ion qubits (development prototype).
• 2027: Single-chip system with ~10,000 physical qubits, thanks to Oxford Ionics’ 2D ion-trap array (a 300× leap in on-chip qubit density).
• 2028: Two chips linked via photonic interconnect, totaling ~20,000 physical qubits in one system. This corresponds to roughly 1,600 error-corrected logical qubits at ~10⁻⁷ fidelity – enough for basic fault-tolerant algorithms. IonQ likens this to moving from a single GPU to a multi-GPU supercomputer, but for quantum.
• 2030: Multi-module system with ≥2,000,000 physical qubits, translating to ~40,000–80,000 logical qubits at ~10⁻¹² error rates. IonQ expects to unlock “broad quantum advantage” applications at this scale, tackling problems like chemical catalysis design and large-scale optimization that are beyond any classical computer.

IonQ’s announcement positions it at the forefront of the hardware race – at least on paper – and raises the stakes for rivals. How do these claims stack up against other quantum roadmaps? In truth, the entire industry has converged on aggressive timelines for achieving fault-tolerant quantum computing by the late 2020s or early 2030s. For now, here’s a brief rundown of where other major players say they’re headed:

• IBM: Aims to debut a full fault-tolerant quantum computer by 2029. IBM’s June 2025 roadmap set a target of ≈200 logical qubits by 2029, with a clear path to ~1,000+ logical qubits in the early 2030s. IBM’s approach involves scaling up its superconducting qubit processors (1,121-qubit “Condor” chip slated for 2024) and then multi-chip modular systems, combined with heavy investment in error-correction software. My analysis of the IBM announcement here: “IBM’s Roadmap to Large-Scale Fault-Tolerant Quantum Computing (FTQC) by 2029 – News & Analysis.“
• Google: Has been somewhat coy on specific numbers, but the goal is similarly bold. Google’s CEO hinted at a useful error-corrected quantum computer by ~2029, and internally Google is eyeing the million physical qubit scale in the 2030 timeframe. In 2023 Google demonstrated a logical qubit with lower error than any physical qubit – a key proof that quantum error correction (QEC) works. Reports suggest Google is targeting ~100+ logical qubits by ~2028, ramping to thousands of logical qubits in the early 2030s. In short, Google’s timeline is comparable to IBM’s, though without as much public detail.
• Quantinuum (Honeywell): The leading trapped-ion competitor has focused on fidelity over quantity. Quantinuum achieved a fully error-corrected logical qubit (Steane code) back in 2021 and has kept one “alive” through multiple QEC cycles. Its roadmap points to a small fault-tolerant machine (tens of logical qubits) by the late 2020s, then scaling up by networking many ion traps together via photonic links. In other words, Quantinuum expects to demonstrate the first few logical qubits and basic quantum algorithms running error-free within this decade, and then grow the system’s size in the 2030s.
• PsiQuantum: Perhaps the most bullish, this Silicon Valley startup is pursuing a photonic quantum computer with 1,000,000+ physical qubits by ~2027–2028. Their photonic approach – encoding qubits in single photons traveling through optical circuits – is touted as more scalable (no refrigeration, leveraging semiconductor fab infrastructure). PsiQuantum claims no new physics are needed, “only” engineering. If they hit a million physical qubits by 2028 (each logical qubit might require thousands of photons), they could reach hundreds of logical qubits shortly thereafter. The company boldly argues that more traditional approaches (IBM’s superconductors, for example) will hit wiring and cooling roadblocks at scale, whereas a photonic machine can be built like a data center. Time will tell if they can execute on this schedule.
• Public & Academic Efforts: Government-funded programs and labs worldwide are also in the race. The U.S., EU, and China have each launched national initiatives targeting major quantum milestones by 2030. For example, Microsoft is chasing a topological qubit (Majorana-based) that could inherently reduce error rates – a high-risk, high-reward approach that, if it pans out in the next couple of years, might dramatically cut the overhead for a CRQC. Likewise, researchers at places like Intel (building silicon spin qubit arrays) and startups like Pasqal (neutral atoms) are pushing alternative technologies that could scale to thousands of qubits by late decade if breakthroughs occur . While these “wild card” approaches aren’t as far along, any success could accelerate the overall timeline.

The big picture is that many players are betting on reaching large-scale, error-corrected quantum computers by around 2030. IonQ’s new roadmap is the latest, and perhaps most aggressive, signal that the countdown to quantum advantage in cryptography is speeding up.

Analysis: Feasibility, Q-Day Timing, and Cybersecurity Implications

IonQ’s 2025 roadmap announcement is a bold leap forward – but how believable is it, and what does it mean for the long-anticipated “Q-Day”? Q-Day refers to the moment a quantum computer first breaks public-key cryptography (for instance, factoring a standard RSA-2048 key). I recently predicted in a detailed analysis that RSA-2048 will likely be broken by around 2030. IonQ’s plan raises the tantalizing possibility that this could happen even sooner. After all, if IonQ can indeed deliver ~1,600 logical qubits by 2028, that would actually exceed the latest estimated threshold for cracking RSA. Google researcher Craig Gidney’s May 2025 paper showed that on the order of 1,000–1,400 logical qubits, run for about a week, should suffice to factor a 2048-bit RSA key (with optimized algorithms and error-correction). In other words, the bar for a CRQC is roughly ~1.3K logical qubits (and under one million physical qubits) to break RSA-2048 in under a week. By that measure, IonQ’s projected 1,600 logical qubits by 2028 would cross the finish line – on paper, it’s enough to potentially demonstrate a full RSA-2048 factorization.

This is a stunning prospect. It means IonQ’s timeline – if all goes perfectly – could usher in Q-Day a couple years earlier than expected. However, as optimistic as I am about quantum progress, I am not yet revising my 2030 forecast forward. The reality is that multiple critical challenges remain before IonQ’s roadmap (or any other) yields a cryptographically relevant attack capability. It’s worth unpacking why a 2028 Q-Day, while possible, is still far from a sure bet:

• Execution risk and engineering unknowns: Scaling from today’s ~50-100 qubit prototypes to 10,000+ qubits in just 2–3 years is an unprecedented jump. IonQ is counting on newly acquired tech (e.g. Oxford’s chip traps, photonic links) to work seamlessly at scale. Integrating two chips into one system by 2028 means solving daunting engineering problems in packaging, crosstalk, calibration, and quantum networking. Any snag – say, lower yield in the 2D traps, or difficulties getting photons to reliably entangle distant ion qubits – could delay the schedule significantly. High-risk, high-complexity hardware projects often slip past initial target dates. IonQ’s plan is no exception; it is, by their own admission, forward-looking and subject to change .
• Maintaining fidelity at scale: Achieving logical qubits with error rates ~10⁻⁷ (as IonQ projects for 2027–28) is right around the threshold for effective error correction. At that level, each logical qubit might be built from a few hundred physical qubits rather than thousands, thanks to high gate fidelity. IonQ cites recent record fidelities (like Oxford Ionics’ 99.99999% gate accuracy) in support of this. But maintaining such low error rates while scaling up operations and integrating novel components is a huge challenge. If the achieved error in 2028 is, say, 10⁻⁶ instead of 10⁻⁷, the number of physical qubits required per logical qubit could balloon, reducing the effective logical count or requiring more redundancy. In short, IonQ’s 1,600 logical qubit goal assumes everything goes just right on the error-correction front; there’s little margin for underperformance.
• Algorithmic and runtime demands: Even with ~1,400 logical qubits, factoring RSA-2048 remains a massive endeavor. Gidney’s scheme would consume on the order of 10⁶ physical qubits running non-stop for ~1 week . This will generate an enormous number of quantum operations (billions of gate executions) that must all succeed within error bounds. It’s a special-purpose, near-worst-case computation for a quantum machine. So when we say IonQ could have the qubits to do it, that doesn’t mean it can immediately perform the task with ease. The first CRQC demonstration might be more of a heroic experiment – akin to the Manhattan Project of quantum – rather than routine usage. It will also require significant classical orchestration (for error correction decoding, syndrome processing, etc.) and likely megawatts of power for the control systems. These practical considerations temper the idea of an overnight cryptographic apocalypse even once the hardware exists.
• Industry validation and ecosystem: IonQ’s peers (IBM, Google, etc.) are also pushing toward fault-tolerance, but most roadmaps cluster around 2029–2033 for reaching large-scale systems. It’s unlikely that every technical path will hit its milestones early. We might see one company get there first (perhaps IonQ), but others could lag by a few years. A 2028 IonQ machine might be the very leading edge – and potentially still an experimental system not widely accessible. The broader ecosystem (software, talent, cloud access, standards) will solidify in the early 2030s as more players come online. In cybersecurity planning terms, whether Q-Day happens in 2028 or 2030 doesn’t drastically change the response – either way, it’s imminent enough that action is needed now . But from a forecasting perspective, betting on 2028 requires assuming everything breaks in one direction (fast success), whereas 2030 allows for the more typical mix of breakthroughs and setbacks.

For these reasons, I’m inclined to view IonQ’s 2028 CRQC target as aggressive but not guaranteed. My current outlook still pegs ~2030 as the most likely timing for the first real RSA-2048 break – an estimate I moved up from 2032 after assessing recent advances. Nothing in IonQ’s news contradicts that; in fact, it reinforces the notion that 2030 ± a couple years is plausible. IonQ’s progress is a positive sign and might end up pulling Q-Day closer by a year or two if all goes well, but it doesn’t justify dramatically overhauling risk timelines yet. Roadmaps are not reality – until hardware is actually built and benchmarks met, caution is warranted.

From a cybersecurity policy standpoint, the distinction between 2028 and 2030 is almost academic. Whether Q-Day hits in 3 years or 7 years, the imperative for action right now remains the same. As I wrote in my Q-Day analysis, the window for transitioning to post-quantum cryptography (PQC) is now. The U.S. National Institute of Standards and Technology (NIST) has advised organizations to begin migrating off vulnerable encryption by 2030, with a goal to have quantum-resistant measures broadly deployed by 2035. Those guidelines were set precisely because experts anticipated a viable quantum attacker by the early 2030s. IonQ’s roadmap, if anything, underscores that this timeline was well-founded – and perhaps even slightly conservative. It would be folly for businesses or governments to shrug off quantum risk because IonQ might slip to 2029 or because skeptics think it “won’t happen.” The prudent course is to assume Q-Day will arrive by 2030 (if not earlier) and to work backward from there in implementing PQC upgrades. The cost of being prepared a bit too early is trivial compared to the catastrophe of being even slightly too late.