The main reason to start with Post Quantum Crypto (PQC) right now is because creating strong crypto, good implementation and accepted standards takes very long. Right now, most PQC is in the 'crypto' stage or starting to enter 'implementation' stage.
I'm wondering whether, given recent advances in constructing quantum computers, the PQC initiative will be 'fast enough'.
In particular, I'd like to know if PQC resistant against breaking factoring is widely deployed in practice before...:
- Government agencies can efficiently factor using Shor's algorithm
- Serious hackers and medium sized companies can factor using Shor.
- Script kiddies can run Shor's algorithm
To clarify, I am looking for literature or analyses based on history about deployment speed of cryptographical defenses and compare this with current analysis on the predicted power of quantum computers.
For instance, when will a good lattice based cryptosystem have a 'mainstream' implementation?