Quantum Computing Timelines Tighten Dramatically: Cryptography Engineers Sound the Alarm
Filippo Valsorda, a prominent cryptography engineer, has publicly revised his assessment of the urgency for deploying quantum-resistant cryptography. In a candid blog post, he warns that recent developments suggest the timeline to cryptographically-relevant quantum computers (CRQC) has shortened significantly.
Two Alarming Papers
Within the past week, two papers have dramatically reshaped the threat landscape:
Google's Paper — Published a revised estimate showing far fewer logical qubits and gates are required to break 256-bit elliptic curves (NIST P-256 and secp256k1). The attack could be executed in minutes on fast-clock architectures like superconducting qubits. The implications extend far beyond cryptocurrencies to practical WebPKI man-in-the-middle attacks.
Oratomic's Paper — Demonstrated that 256-bit elliptic curves could be broken with as few as 10,000 physical qubits using non-local connectivity, such as that offered by neutral atoms. While slower, even one broken key per month would be catastrophic.
Expert Warnings
The alarm bells are being rung by credible experts:
- Heather Adkins and Sophie Schmieg (Google): "Quantum frontiers may be closer than they appear" — setting 2029 as their deadline (33 months away)
- Scott Aaronson: Drew a parallel with how nuclear fission research went dark between 1939-1940
- RWPQC 2026 Conference: Timelines presented were far tighter than those from a couple years ago — and are already partially obsolete
The Core Risk Calculation
Valsorda frames the decision clearly:
"The bet is not 'are you 100% sure a CRQC will exist in 2030?' The bet is 'are you 100% sure a CRQC will NOT exist in 2030?'
Practical Implications
- Accelerate post-quantum migration — Every month of delay increases the window of vulnerability
- Audit cryptographic inventory — Know where elliptic curve cryptography is used across your systems
- Implement crypto-agility — Design systems that can swap algorithms without redeployment
- Prioritize long-lived secrets — Keys and certificates with long validity periods are most at risk
The old joke that "quantum computers have been 10 years away for 30 years" no longer holds. The timelines are now actively progressing.