This is like saying we should have halted all RSA deployments until improvements in sieving stopped happening. The lattice contestants were all designed assuming BKZ would continually improve. It's not 1994 anymore, asymmetric cryptography is not a huge novelty to the industry, nobody is doing the equivalent of RSA-512.
> This is like saying we should have halted all RSA deployments until improvements in sieving stopped happening.
Absolutely not. If people were advocating for ECC only, you would have a point. But this thread is about hybrids vs ML-KEM-only (for key exchange!). Everybody here wants to deploy the algorithm your favoring and wants to deploy it now, just not without a safety net.
RSA was the first. If ECC didn't exit, no one would be saying that we have to hybridize Kyber, but since it does, and the hybrid has ~0% overhead, it's very silly not to.
