The “Cybersecurity Apocalypse in 2026” and the Jesse–Victor–Gharabaghi (JVG) Algorithm: Why This Claim Doesn’t Hold Up

Another Day, Another Unfounded Claim of Quantum Cyber-Apocalypse

A preprint manuscript (ID: 202510.1649) titled “A Novel Hybrid Quantum Circuit for Integer Factorization: End-to-End Evaluation in Simulation and Real Quantum Hardware” was published on the Preprints.org server. Authored by researchers affiliated with the Advanced Quantum Technologies Institute (AQTI), the paper introduces the “Jesse–Victor–Gharabaghi (JVG) algorithm” – a hybrid classical-quantum approach to integer factorization that proposes replacing the Quantum Fourier Transform in Shor’s algorithm with a Quantum Number Theoretic Transform (QNTT) and offloading modular exponentiation to classical processors. Accompanying the preprint, a press release warned of a “Cybersecurity Apocalypse in 2026,” projecting that RSA-2048 could be factored in approximately 11 hours using fewer than 5,000 physical qubits.

Why I’m Writing This: You may have noticed the broader quantum security community has been quiet about this announcement. That silence is deliberate – and appropriate. When a claim of this magnitude emerges, the default posture of serious researchers is scrutiny, not amplification. If the JVG algorithm represented a genuine breakthrough, the discussion would have exploded across arXiv, cryptography forums, and quantum computing working groups by now. It hasn’t. I’m engaging with this story not because the technical claims warrant it, but because clients and cybersecurity peers have asked. When alarmist headlines reach decision-makers, someone needs to provide context. Consider this that context.

The paper reports simulation results showing ~99% reductions in gate counts and memory usage relative to baseline Shor implementations for small composite numbers (15, 21, 143, 1,363, 67,297). Based on extrapolation from these five data points, the authors project that their approach could break RSA-2048 with dramatically fewer resources than the millions of error-corrected physical qubits estimated by mainstream quantum computing research.

Technically, JVG is one more circuit‑engineering idea in a crowded landscape, not the invention of a qualitatively new attack on public‑key cryptography. The paper deserves the same scrutiny as any other preprint. The ‘cybersecurity apocalypse in 2026’ headlines, however, are out of proportion to the evidence. They risk turning quantum risk into yet another over‑marketed scare story at the very moment when we need credibility and calm, standards‑driven action on post‑quantum migration.

Several technical considerations warrant careful attention before anyone revises their threat models:

The Technical Disconnect: Moving the Goalposts

To understand why a 2026 cryptographic apocalypse is not supported by this preprint, we must look at the gap between what the algorithm actually does and what the press release claims.

The State-Preparation Bottleneck

The core architectural choice of the JVG algorithm involves delegating modular exponentiation – historically the most resource-intensive phase of Shor’s algorithm – to classical computation (using standard libraries like NumPy). The algorithm then encodes these classically computed results into a quantum register via a process known as “amplitude encoding” to perform the QNTT period-finding step.

For small, toy-sized integers, this division of labor is perfectly feasible. But for cryptographically relevant integers like RSA-2048, the dataset required is exponentially massive. Shor’s algorithm derives its theoretical power precisely because it evaluates modular exponentiation in quantum superposition, avoiding the need to compute and store an astronomical number of states classically. By moving this step to a classical processor, the JVG framework forces the classical system to evaluate an exponentially large number of values.

Furthermore, even if a classical computer could generate this data, the physical process of transferring it back into the quantum register via amplitude encoding requires a quantum state-preparation circuit of exponential depth. By starting their quantum benchmarks after the classical computation and amplitude encoding have already occurred, the authors have excluded the most computationally prohibitive steps from their resource accounting. You cannot circumvent the laws of algorithmic complexity by sweeping the hardest part of the computation under the rug of “state preparation.”

Extrapolation from Toy Problems

The algorithm’s reported advantages are demonstrated on integers requiring fewer than 17 bits. RSA-2048 operates on 2,048-bit keys. Plotting five data points on toy-sized numbers and fitting a trendline out to 2,048 bits – without a formal mathematical proof of an asymptotic complexity advantage – is a scientifically fragile exercise.

In quantum computing, noise scaling and error rates behave non-linearly as circuit depth grows. Linear extrapolations of Noisy Intermediate-Scale Quantum (NISQ) algorithms routinely hit exponential walls when scaled up. The paper itself notes that its projections are “indicative trends,” yet the press release treats them as an imminent 2026 catastrophe.

Logical vs. Physical Qubits: The “5,000 Qubits” Fallacy

The press release’s massive claim that it will take “less than 5,000 qubits” to break RSA conflates algorithmic logical qubits (the raw register width) with the physical qubits required for fault-tolerant execution.

Current leading quantum platforms suffer from inherent physical error rates. To successfully execute a deep quantum circuit without the data collapsing into noise, the system must utilize Quantum Error Correction (QEC), typically grouping thousands of physical qubits together to form a single, stable logical qubit. Peer-reviewed estimates from leading quantum computing researchers consistently place the requirement for breaking RSA-2048 in the millions of physical qubits. A raw algorithmic width of 5,000 qubits tells us almost nothing about the physical hardware required to actually run the circuit reliably.

On Sources, Context, and Credibility

Beyond the technical mathematics, a critical evaluation of any “apocalyptic” scientific claim requires looking at its source. Several contextual factors fundamentally elevate the burden of proof required here.

The Venue and the “Institute”

First, the manuscript is hosted on Preprints.org, a server that explicitly states it does not conduct peer review. Notably, the paper was not posted to arXiv, the standard pre-publication venue for quantum computing and theoretical cryptography, where volunteer expert moderators act as a basic filter against unverified claims.

Second, the press release was issued by the “Advanced Quantum Technologies Institute” (AQTI) or “Applied Quantum Technologies Institute” not even the press release seems to can decide whether it’s “Applied” or “Advanced”. However, a review of public records reveals that AQTI has virtually no established public footprint or history in the academic quantum ecosystem prior to this announcement. Domain registration records indicate the aqti.org web domain was registered just a few months ago, just before the first release of this paper. The lack of institutional history or verifiable independent research staff is highly unorthodox for an entity claiming to upend global cybersecurity timelines.

The Authors’ Academic Backgrounds

A review of the lead author’s academic background presents a bit of a misalignment. Dr. Jesse Van Griensven Thé is listed in the University of Waterloo directory as an Adjunct Professor in the Department of Mechanical and Mechatronics Engineering. His extensive and legitimate publication history is predominantly situated in environmental engineering, air quality dispersion modeling, fluid dynamics, and risk assessment software – not anything relevant to fault-tolerant quantum computing. While cross-disciplinary innovation happens, overturning the mathematically rigid discipline of integer factorization requires rigorous, domain-specific validation.

Commercial Conflicts of Interest

Perhaps the most crucial aspect of this announcement is the commercial context. Public records indicate that the lead author is the CEO of EigenQ and holds leadership roles in TAURIA – commercial enterprises that actively develop and sell post-quantum cryptography (PQC) solutions and “quantum-proof” technologies to enterprise clients.

While commercial involvement in academic research is entirely standard, the combination of factors here warrants careful scrutiny. Publishing a non-peer-reviewed preprint claiming an imminent “Cybersecurity Apocalypse,” accompanied by an aggressive corporate press release urging enterprise networks to immediately transition to PQC solutions (without disclosing these commercial interests), aligns seamlessly with the commercial bottom line of an executive selling those very solutions.

These contextual factors do not inherently invalidate the math on the page, but they underscore exactly why independent, peer-reviewed validation is strictly required before treating such explosive claims as established fact.

The Real Quantum Threat vs. The Danger of Hype

Why does dismantling a flawed press release matter? Because “boy who cried wolf” narratives cause active harm to the cybersecurity industry.

The threat quantum computers pose to legacy public-key encryption is real, and the global response, led by bodies like the National Institute of Standards and Technology (NIST), is a methodical, multi-year infrastructure transition. Migrating to post-quantum cryptography is a genuine, immediate priority. However, arbitrary deadlines like a “2026 Apocalypse” actively harm this vital security mission. They force Chief Information Security Officers (CISOs) to waste valuable time and resources investigating ghosts. They breed executive fatigue, diluting the impact of genuine cryptographic warnings. Furthermore, manufactured panic encourages organizations to rush their security architectures, potentially abandoning rigorously tested NIST PQC standards (like FIPS 203, 204, and 205) in favor of proprietary, unvetted “quantum-proof” vendor solutions.

Bottom Line

The JVG preprint presents an interesting engineering exploration of circuit optimization techniques. It does not, based on the evidence presented, constitute a credible basis for revising the timeline of the quantum threat to public-key cryptography.

Organizations should continue to base their post-quantum migration strategies on peer-reviewed research, consensus guidance from standards bodies, and measured risk assessment – not on extrapolations from small-scale simulations amplified by alarmist press releases.

Build your cryptographic inventory, demand crypto-agility from your vendors, and migrate methodically to newly finalized NIST standards. Treat PQC migration as critical, long-term infrastructure work. The cryptography protecting the global economy is not going to collapse in 2026. Keep calm, ignore the hype, and carry on with your PQC migration roadmap.