[bwesterb]

It's hard to say. Here is a great paper that tries to answer this question.

https://arxiv.org/pdf/2009.05045v1.pdf

See Figure 11. Optimistically 15 years. Pessimistically 35 years. But anything can happen.

[Zamicol]

The linked study is about RSA, not elliptical curve cryptography

[upofadown]

It is generally accepted that elliptical curge cryptography is a bit easier to break with Shor's algorithm than RSA. Something like half as hard, but it probably would not make any real difference in practice. So the paper is directly applicable to elliptic curves to the extent that it is applicable to anything.

[krastanov]

Does that matter? Both are based on some hidden subgroup problem and both are breakable in a similar way.