Elliptic Curve Cryptography (ECC) is gaining widespread adoption in the IT industry and is seen as a replacement for RSA, which has been the standard for public key cryptography for decades.

5 years ago, industry experts suggested that the Discrete Logarithm Problem that RSA relies upon, may be solved within "4-5 years". This may mean that RSA will be broken imminently, or it may remain secure well into the future.

Neither ECC nor RSA are particularly quantum resistant. However, 2048-bit RSA requires a larger number of qubits than 256-bit ECC, 4098 qubits and 2330 qubits respectively, to break using currently known algorithms (Shor's Algorithm). So it stands to reason that if RSA is not broken by conventional computers before a 2330 qubit quantum computer can be made practical, which some estimate to be ~10 years from now, ECC will be broken and RSA may be able to remain secure, at least temporarily.

The question contemplates two possible eventualities:

A) The CA/Browser Forum announces the end of trust of digital certificates using 2048-bit RSA.

B) NIST/FIPS, ANSI, or other comparable standards organization recommends discontinuance of 256-bit ECC due to credible reports of the algorithm being rendered insecure.

Question resolves positively if (A) occurs before both (B) and the resolution date (4/29/30); resolves negative if (B) occurs before both (A) and the resolution date; resolves ambiguous otherwise.

Note: Discontinuance of specific ECC curves such as P-256 or secp256r1, as an example, will not necessarily cause negative resolution because a problem might be found in the specific curve parameters and not the ECC algorithm itself. This is also the reason the CA/Browser Forum is not used for negative resolution as only a few specific curves are widely supported in digital certificates.