33-Month Countdown: Former Go Security Lead Warns Quantum Computers Could Cripple the Internet

Quantum Threat Timeline Revision

Two papers released in the week before April 6 2026 dramatically revise the resources needed to break 256‑bit elliptic‑curve cryptography (ECC‑256) and RSA‑2048. The Google paper shows that on superconducting qubits an attack could succeed in minutes, implying a very fast logical‑qubit and gate‑count requirement. The Oratomic paper argues that a neutral‑atom architecture with non‑local connections could break ECC‑256 using only 10,000 physical qubits; even at a rate of one key per month this would be catastrophic. A chart from the Oratomic paper shows the required physical‑qubit count for RSA‑2048 and ECC‑256 dropping rapidly, compressing the timeline for a quantum‑capable computer (CRQC) to 2029 – roughly 33 months from the article’s date.

Industry Alerts

Google security director Heather Adkins and Sophie Schmieg announced a hard deadline of 2029 for migration to quantum‑safe cryptography.

Quantum‑computing theorist Scott Aaronson compared the current situation to the sudden disappearance of nuclear‑fission research papers in 1939‑1940 and posed a rhetorical question about asking Manhattan Project physicists when a small nuclear explosion would be possible.

Store‑Now‑Decrypt‑Later (SNDL) Attack

Adversaries are already capturing RSA/ECC‑encrypted traffic, storing it on massive storage arrays, and planning to decrypt the archived data once quantum computers become capable. This strategy turns today’s encrypted communications into future data breaches, because any intercepted data can be decrypted en masse when the required quantum resources materialize.

Action Guide

Key Exchange : Migrate immediately to ML‑KEM. Any non‑post‑quantum key exchange such as classic ECDH should be treated as potentially vulnerable and flagged to users, similar to OpenSSH warnings.

Digital Signatures : Adopt ML‑DSA despite its larger signature size (several kilobytes versus tens of bytes for ECDSA). The author argues that hybrid (classic + post‑quantum) schemes add complexity and performance overhead without meaningful risk mitigation, and recommends using pure ML‑DSA‑44.

Impact on Go : Expect sweeping changes in Go’s crypto packages, including crypto/tls, crypto/x509, and x/crypto/ssh, as they transition to post‑quantum primitives.

Conclusion

The author, now teaching a cryptography PhD course at the University of Bologna, classifies RSA and ECDSA as legacy algorithms. The compressed 2029 deadline indicates that the “quantum ship” is already on the horizon, and immediate migration to post‑quantum primitives is necessary.

Resources

https://words.filippo.io/crqc-timeline/

https://research.google/blog/safeguarding-cryptocurrency-by-disclosing-quantum-vulnerabilities-responsibly/

https://arxiv.org/abs/2603.28627