yes, while this may not be a 17k qubit computer and has ways to go to get there the insights from it will likely help us to get there faster

and it's not the only "this is moving faster then expected new"

a year or so(?) ago some investments happen which make only sense if there had been some unpublished break through in hardware (through you never can exclude foolish absurd high Risiko investments)

then more recently google researchers had some break through wrt. quantum algorithms, it's not generally assumed that 10k qubits (in the right setup) are enough to break 256 elliptic curve cryptography (or 2048bit RSA) _in minutes_!

and there also where other breakthroughs quantum computer wrt. hardware

the general consensus of people more knowledgeable in this field seems to be going in the direction that you must _finish fully migrate to post quantum cryptography by 2029_.

Note that this isn't a "100% guarantee there are cable quantum computers in 2030", but a "the chance of this happening is too high to not be prepared by then".

Overall:

- from a academic/paper background 2029 seems to be the deadline to finish migrating to post quantum cryptography

- claudflare agrees and has moved up it's internal deadline to 2029

- same for Google, Google also seem to have prioritized quantum secure authentication over harvest now/decrypt later protections, which implies they are seriously worried about their authentication breaking potentially as early as 2030

- IBM expect some "moonshot" attacks against high value targets already in 2029

___

Through overall what does that mean for most people?

- if you run some small low security service then probably for now nothing, but make sure you can move to pq if the tooling (webpki, TLS, etc.) does

- for webpki, TLS and co having well working and by default supported pq cryptography is paramount

- if you have some very sensitive material where it's a big problem if it leaks even years later, then you have a problem because you probably should have already migrated to post quantum cryptography 1-2 years ago ... Note that symmetric encryption is mostly unaffected. Sure there are a lot of people saying it's "slashed in half" (e.g. 128bit => 64bit) but luckily that isn't fully true. I personally still would go with 256bit where viable, often there is little reason not to. BUT a lot of the ways of sharing that symmetric key use encryption which should be assumed to be broken soon.

- for VPNs if they allow complementing the asym. crypto with a symmetric key do that now (e.g. wireguard pre-shared key) but that is for many use cases a hen/egg issue as how do you securely exchange the pre-shared key? So look out for changes in the tooling/ecosystem.

- for DevOps, look out for changes in the ecosystem especially webpki/TLS/certs and look out for tools which have a high chance to not mitigate in time

- for Devs post quantum cryptography often looks like it could "just slot in" but that often isn't fully the case due to very different key sizes and performance characteristics. Look out for it. Also making you system ready to migrate to pq-safety was a recommendation by NSA and pretty much any other national cyber security agency for years by now. Furthermore with the standardization of ML-KEM the recommendation shifted to using that where viable (potentially in a hybrid KEM). So if you now notice that you never bother to check/plane ahead you probably should give it some priority now as you may be found to have acted in neglect which could in unlucky cases turn into legal liabilities.