IQM Compiles Shor's Algorithm at RSA-2048 in Gate-Level Detail

On April 5, 2026, IQM Quantum Computers and Fraunhofer FOKUS released version 0.8 of the Eclipse Qrisp framework with a single capability that changes the shape of quantum threat modeling: the first gate-level compilation of Shor's algorithm for 2048-bit RSA keys. Not a theoretical estimate. Not a scaling law extrapolated from smaller circuits. An actual gate-by-gate circuit with exact qubit counts, T-gate budgets, and circuit depths — generated at a processing rate of 10⁹ gates per second. The announcement ran soft, buried in technical documentation and a LinkedIn post. It should not have.

The quantum computing sector has long operated on two tiers of knowledge about RSA breaking: the theoretical — yes, Shor's algorithm exists and will eventually break RSA — and the wildly uncertain. Every estimate of what it takes to run Shor's algorithm at scale relied on extrapolation, symbolic simulation, or simplified models. A 2023 meta-analysis found estimates for the qubit count needed to break RSA-2048 ranging from 2 million qubits to over 1 billion, depending on which assumptions you baked in. None of these came from actually compiling the algorithm. Qrisp 0.8 changes that. It provides the first non-theoretical answer to a question that has haunted cryptography policy for a decade: how many qubits, exactly, and what is the gate budget? The answer is now a precise engineering specification, not a range of guesses.

The technical execution is where the rigor becomes visible. Qrisp 0.8 introduces a NumPy-like BlockEncoding interface for complex quantum linear algebra and a native MLIR dialect that allows quantum compilation to integrate with classical high-performance computing optimization pipelines. The framework includes Stim integration for error correction simulation and advanced Hamiltonian simulation tools — creating a full-stack environment for developing utility-scale, fault-tolerant applications. The bottleneck that defeated prior attempts was the modular in-place multiplication operation at the heart of Shor's algorithm: it is difficult to implement and places strong requirements on the underlying compiler. Qrisp 0.8 solved it. The result is not just a proof that the algorithm can be compiled; it is a usable, repeatable process for generating actual resource requirements at arbitrary key lengths.

The timing of this release is not accidental. One week earlier, on March 30, IQM closed a €50 million ($57.4 million USD) financing round led by BlackRock. The stated purpose: accelerate quantum computing technology, R&D, and global expansion with focus on full-stack superconducting quantum computers and on-premises hardware for research institutions and HPC centers. BlackRock's investment in a quantum hardware company is itself notable — it signals that major institutional asset managers now view quantum computing infrastructure as a direct risk to cryptographic security and therefore as a hedge-worthy R&D play. What BlackRock got for its €50 million was partly hardware roadmap, but also software validation. The Qrisp 0.8 release proves that the compilation layer is advancing at pace with the hardware layer. IQM is not just building qubits; it is building the engineering pipeline to deploy them. Separately, IQM and Zurich Instruments are constructing a real-time Quantum Error Correction demonstrator integrating IQM's 20-qubit superconducting processor with a closed-loop feedback system that reduces communication latency between quantum and classical hardware to under 4 microseconds — indicating simultaneous progress on both the software and hardware error-correction fronts required to eventually execute such circuits.

Who this matters for is clear and immediate. Cryptography standards bodies, the NSA, NIST, and EU cybersecurity agencies have been operating under the assumption that post-quantum migration could be deferred — that quantum computers capable of breaking RSA-2048 were still 10-15 years out. This assumption was always built on vagueness. Now it is built on actual gate budgets. A security team at a financial institution or government agency can run Qrisp 0.8, generate the exact circuit, see the qubit requirement, and ask: what is the confidence interval on when hardware catches up to that specification? If IQM's 20-qubit demonstrator reaches 1,000 qubits in five years — a conservative extrapolation of current trajectory — then the gap from 1,000 to the required budget becomes a planning horizon, not an abstraction. The same pressure applies to cryptography standards bodies. NIST has been slow-walking post-quantum cryptography standardization partly because the urgency was theoretical. Concrete gate budgets remove the deniability. Watch for NIST, NSA, and EU ENISA guidance updates that cite Qrisp 0.8 and the resulting resource estimates as a planning trigger for immediate PQC migration.

Our read: this is the most significant software engineering milestone in quantum computing since the introduction of standardized quantum programming frameworks, and its importance has nothing to do with quantum advantage or near-term applications. It is a measurement. It is the moment when cryptographic vulnerability shifted from theoretical to engineered — when 'eventually quantum computers will break RSA' became 'quantum computers will break RSA-2048 with exactly this many qubits and this many operations.' The security implications are immediate. The commercial implications are more subtle but no less important: IQM now has proof that its software stack can handle the compilation complexity of real-world cryptanalytic algorithms at scale. That is the asset BlackRock was buying into. IQM is preparing to go public via a merger with Real Asset Acquisition Corp, and the timing of the Qrisp 0.8 release — one week post-financing, immediately before the expected listing window — signals that IQM intends to deploy this milestone in its S-1 narrative as evidence of a company advancing simultaneously on hardware and software. What would change this read: (1) If the exact gate budget and qubit count are not published within 60 days in a peer-reviewed venue or technical report, the claim loses credibility and becomes marketing theater; (2) if adoption of Qrisp as the default SDK on IQM Resonance stalls below 5,000 active developer accounts in Q3 2026, the software layer is not actually solving friction for quantum programmers; (3) if a competitor — IBM, Google, or Atom Computing — publishes a comparable or superior compilation of the same algorithm using their own framework within 90 days, the differentiation collapses and Qrisp becomes one of several equivalent tools rather than the first-mover advantage it now appears to be.

Watch for: (1) Publication of the exact T-gate count, qubit budget, and circuit depth for the RSA-2048 Shor compilation — IQM's LinkedIn post referenced these numbers as definitive, but they have not appeared in a citable technical document; expect a preprint or technical report within 4-6 weeks. (2) IQM's SPAC merger completion and S-1 filing — the quantum milestone will appear in the growth narrative, and the filing will reveal the exact valuation at which BlackRock entered and the burn rate IQM is targeting. (3) DARPA Quantum Benchmarking Initiative (QBI) Stage C evaluation criteria updates — the Qrisp resource estimates will likely be cited in redefined benchmarks for hardware-agnostic quantum utility scoring, and QBI endorsement carries more weight in government procurement than any other credential in the sector. (4) Public or classified guidance from NIST, NSA, or EU ENISA on post-quantum migration urgency — watch for any statement that cites concrete quantum resource budgets as a planning trigger; if this milestone becomes the canonical reference point for threat modeling, its strategic weight is confirmed.