Hybrid Constructions: The Post-Quantum Safety Blanket

Post-quantum cryptography expert Soatok argues that while hybrid constructions combining traditional and quantum-resistant algorithms make sense for encryption due to "harvest now, decrypt later" attacks, they're unnecessary for digital signatures since quantum computers can't retroactively forge past signatures. The author favors hybrid KEMs like X-Wing for psychological comfort but prefers pure ML-DSA signatures over hybrids, dismissing concerns about lattice-based cryptography being "too new" since it predates widely-trusted Curve25519.