← Back to Archives

The 2040 Cryptography Wager: Quantum Computers vs. Lattices

Originally published on LinkedIn

Two of the brightest cryptographers, Matthew Green and Filippo Valsorda, have made a long-term bet on the future of Internet security. The question: will quantum computers break current encryption before mathematicians break new quantum defenses?

I love a good technical wager, so I officially joined the back bets. I put $1,000 on the main wager and $500 on the secondary, backing Filippo and the Quantum Computers side. The stakes are settled by charitable donation by the end of 2040.

For the cryptographers out there: the bet focuses on the components of the X25519MLKEM768 hybrid handshake. The main wager is what falls first to a practical break on a real physical machine: X25519 via Shor's algorithm, or ML-KEM-768 via classical lattice cryptanalysis.

The secondary wager covers a material downgrade of ML-KEM-768. If academic consensus or NIST drops it below 128-bit security, Matt wins. I am betting the lattices hold up. It's an incredible exercise in predicting the collision of theoretical mathematics and physical engineering.