Skip to content
Tech News
← Back to articles

A Cryptography Engineer's Perspective on Quantum Computing Timelines

2026-04-06 | original
read original get Quantum Cryptography Starter Kit → more articles
Why This Matters

This article highlights the rapidly advancing capabilities of quantum computing and its potential to break current cryptographic standards, emphasizing the urgent need for quantum-resistant cryptography. The near-term timeline of 2029 underscores the importance for the tech industry and consumers to prioritize security upgrades to protect sensitive data from future quantum threats.

Key Takeaways

My position on the urgency of rolling out quantum-resistant cryptography has changed compared to just a few months ago. You might have heard this privately from me in the past weeks, but it’s time to signal and justify this change of mind publicly.

There had been rumors for a while of expected and unexpected progress towards cryptographically-relevant quantum computers, but over the last week we got two public instances of it.

First, Google published a paper revising down dramatically the estimated number of logical qubits and gates required to break 256-bit elliptic curves like NIST P-256 and secp256k1, which makes the attack doable in minutes on fast-clock architectures like superconducting qubits. They weirdly frame it around cryptocurrencies and mempools and salvaged goods or something, but the far more important implication are practical WebPKI MitM attacks.

Shortly after, a different paper came out from Oratomic showing 256-bit elliptic curves can be broken in as few as 10,000 physical qubits if you have non-local connectivity, like neutral atoms seem to offer, thanks to better error correction. This attack would be slower, but even a single broken key per month can be catastrophic.

They have this excellent graph on page 2 (Babbush et al. is the Google paper, which they presumably had preview access to):

Overall, it looks like everything is moving: the hardware is getting better, the algorithms are getting cheaper, the requirements for error correction are getting lower.

I’ll be honest, I don’t actually know what all the physics in those papers means. That’s not my job and not my expertise. My job includes risk assessment on behalf of the users that entrusted me with their safety. What I know is what at least some actual experts are telling us.

Heather Adkins and Sophie Schmieg are telling us that “quantum frontiers may be closer than they appear” and that 2029 is their deadline. That’s in 33 months, and no one had set such an aggressive timeline until this month.

Scott Aaronson tells us that the “clearest warning that [he] can offer in public right now about the urgency of migrating to post-quantum cryptosystems” is a vague parallel with how nuclear fission research stopped happening in public between 1939 and 1940.

The timelines presented at RWPQC 2026, just a few weeks ago, were much tighter than a couple years ago, and are already partially obsolete. The joke used to be that quantum computers have been 10 years out for 30 years now. Well, not true anymore, the timelines have started progressing.

... continue reading

Explore topics: quantum computing cryptography google elliptic curves neutral atoms
Related:
I tested Gemini on Android Auto and now I can't stop talking to it: 5 tasks it nails
There’s a new Pixel model debuting tomorrow, but you probably can’t buy it
You can now search through app reviews on the Google Play Store
‘Google AI Edge Eloquent’ is an offline, subscription-less voice dictation app
Google Play Store just lost one of the handiest review filters you probably never used

© 2026 GoKawiil

About | Editorial Policy | Contact