Two prominent cryptographers, Filippo Valsorda and Matthew Green, are formalizing a $5,000 bet over whether a cryptographically relevant quantum computer (CRQC) will emerge within the next decade. The wager is structured around whether ML-KEM-768 (a NIST-approved post-quantum algorithm) or X25519 (a classical elliptic curve algorithm) will be broken first. The bet comes amid renewed debate sparked by Google's revised estimates showing Shor's algorithm would require 20x fewer physical qubits to break elliptic curve cryptography than previously thought, and NIST's push to retire quantum-vulnerable algorithms by 2035. Valsorda argues the PQC transition needs to accelerate, while Green remains skeptical a relevant quantum computer will arrive by 2029 or even 2035.
Sort: