Back to Home

Quantum threats to cryptography: migration by 2029

Recent studies reduce qubit requirements for breaking elliptic curves, shifting the post-quantum migration deadline to 2029. Direct transition to ML-DSA/ML-KEM without hybrids, review of TEE and libraries is recommended.

CRQC breaks crypto: transition to post-quantum algorithms
Advertisement 728x90

Urgent Shift to Post-Quantum Cryptography: CRQC Threats Loom

Cryptography experts are sounding the alarm on rapid advances in quantum computing that could crack 256-bit elliptic curves like NIST P-256 and secp256k1. Recent papers from Google and Oratomic have slashed the resources needed for such attacks to just thousands of qubits, making them feasible in the coming years. The migration deadline to post-quantum algorithms is now barreling toward 2029.

Progress in Quantum Attacks

Google's paper shows that with high-clock-speed architectures like superconducting qubits, breaking 256-bit curves could take just minutes. The authors zero in on cryptocurrencies, but the real danger lies in man-in-the-middle attacks on WebPKI.

Oratomic demonstrates a break using 10,000 physical qubits with nonlocal connectivity in neutral atoms. The attack is slower, but cracking even one key per month spells disaster. Charts of declining qubit costs confirm the trend: hardware is improving, algorithms are getting optimized, and error correction is simplifying.

Google AdInline article slot

Experts like Heather Adkins and Sophie Schmieg predict cryptographically relevant quantum computers (CRQC) by 2029. Scott Aaronson calls for immediate migration to post-quantum schemes, likening it to the Manhattan Project.

Migration Recommendations

Roll out proven post-quantum algorithms now:

  • ML-DSA with longer signatures in X.509, sized to match short ECDSA ones.
  • ML-KEM for key exchange, flagging non-post-quantum schemes as potential compromises.

Ditch these:

Google AdInline article slot
  • Non-interactive key exchange (NIKE) — stick to KEM.
  • Any new non-post-quantum schemes.
  • Hybrid classical + post-quantum authentication — jump straight to ML-DSA-446 to save time.

Symmetric encryption with 128-bit keys holds up: Grover's algorithm offers no practical speedup due to 2¹⁰⁶-gate chains.

Ecosystem Impacts

In standard libraries like Go, half the packages will be vulnerable. Strike a balance between avoiding legacy cruft and maintaining compatibility.

TEE tech (Intel SGX, AMD SEV-SNP) with non-post-quantum keys is unreliable — their role shrinks to supplemental protection.

Google AdInline article slot

Ecosystems relying on crypto identities (atproto, cryptocurrencies) must migrate ASAP to dodge compromise.

File encryption is exposed to "harvest now, decrypt later" attacks: warn users and reject non-post-quantum age types.

In training, treat RSA, ECDSA, and ECDH as legacy.

Key Takeaways:

  • 256-bit curve breaks possible with 10,000 qubits by 2029.
  • Go straight to ML-DSA/ML-KEM, skip hybrids.
  • 128-bit symmetric crypto is Grover-safe.
  • Ecosystem migration is mission-critical and urgent.
  • Overhaul TEEs and libraries.

— Editorial Team

Advertisement 728x90

Read Next