A cryptography engineer on Hacker News has reversed his stance on quantum‑resistant rollout after two papers shifted the risk horizon. Google’s new study slashes the logical‑qubit count needed to break 256‑bit elliptic curves, suggesting a minute‑scale attack on fast superconducting chips. Shortly after, Oratomic demonstrated a break using just 10,000 physical qubits with neutral‑atom connectivity, albeit slower in practice today.

Experts Heather Adkins and Sophie Schmieg now cite 2029 as the hard deadline—just 33 months away—while Scott Aaronson likens the warning to the sudden hush around nuclear fission in 1939. The engineer argues that waiting for perfect PQ schemes is untenable; instead, he urges immediate deployment of ML‑DSA‑44.5 signatures across X.509, even if they outsize traditional ECDSA fields for security.

Hybrid classic‑plus‑post‑quantum approaches no longer make sense, the author says, because they add complexity without addressing the imminent threat. Non‑PQ key exchanges should be flagged as active compromises, and NIKEs will be shelved until pure KEMs mature. The final call: replace legacy algorithms now, before 2029, to protect users today across all internet services immediately and maintain trust in systems.