Gather 'round classical friends and semiquantum adversaries, it's story fucking time.
You may have heard of this fun new thing called "quantum key distribution" that uses the laws of physics to guarantee secure, unbreakable encryption. The first demonstration of QKD, known as "BB84" after its authors and the fact that it was built in 1984, had a bit of a problem, though. Sure, it was unbreakable but the mirrors used to send bits made different sounds based on whether they were sending a 0 or 1.
So you didn't need to "break" BB84, you just needed to sit there with a microphone and you could read out the whole key. It doesn't matter how much physics guarantees the safety of your encryption if you go and tell the adversary what your key is.
For BB84, that deeply did not matter, it was a proof of principle. But in the 41 years since, that problem — that side channels exist — keeps getting forgotten.
A bit over a decade ago, my partner @crazy4pi314 got their PhD in large part by showing that if you shine an *even brighter* laser into commercial QKD systems, you can even destroy the detectors they use to prevent that kind of attack. That attack involves things like putting 60W of laser power down a telecom fiber, but they came up with novel ways of doing so, despite that being wildly out of safety specs.
It's very fun work.
So like, QKD is probably useful in some ways, but the biggest practical challenge with it is always finding out how to not either let your attacker control the QKD system or leak your key to the attacker once you have it. Physics doesn't help you with either of those parts of the problem.
This is a thread about adopting PQC for security while also adding AI to all of your fucking data handling workflows.
Like, PQC is good, I like PQC to the extent that I have the expertise necessary to have an opinion such as "I like PQC." But I am not personally helped by an institution that holds custodianship over my data adopting PQC if they also just directly give my data to nefarious actors like the US government or Anthropic or Palantir.
This is why I say that Y2Q / q-day discourse is a great thing for very specific infosec contexts, and is actively irrelevant to laypeople outside those contexts.
Your infosec posture may be affected by QC and thus you might be more interested in questions like whether FTQC at cryptographically relevant scales is closer to 20 or 100 years away. I'm not you, I'm not an infosec expert, and while I was once one of the world's foremost experts on several topics within QC that are relevant to the discussion I have since retired from that field. I'm also not your consultant, and I do not accept liability for you.
I'm talking about my personal posture.
@xgranade oh yeah the comparison to Y2K is actually really good. thanks for that. that helps us clarify our feelings about it.....
we agree with the rational argument that acting now to prevent an eventual compromise makes perfect sense, it just felt strange to us
but! with the comparison in mind, that's clearly just the bias towards not doing things that aren't urgent, which is a big problem for humanity in general and us in particular
handling it years in advance is a good thing!
@ireneista It's not my analogy, it's due to one of the worst people I have the displeasure of having known personally, he can go fuck off. But yeah, I do think doing something about PQC before QC becomes real is a good thing, by and large.
I'll leave that to the actual infosec experts — my point is only about how that discussion leaks out into broader awareness and how that affects individuals who are not in that discussion.
@ireneista I think what pisses me off the most about it was that the people doing that particular grift knew it was wrong, they had the expertise to know that they were dramatically overestimating the threat in order to sell consulting hours, and did it anyway.
It's sleazy af, and I'll admit does tend to bias me on claims about PQC readiness timelines, perhaps unfairly.
@xgranade that makes a lot of sense
yeah like we do NOT understand quantum but we know damn well that nobody is even pursuing any lines of research that are going to lead to this on a knowable timeline
To account for executive hype over PQC, we've been asking vendors about "cryptographic agility", that is "how quickly can you swap out the algorithms and ciphers with different ones, including PQC?" In fact, "cryptographic agility" is something we should have already been asking for. Instead, we have vendors trying to tell us the only way to upgrade the available cryptographic options is to buy a new version.
The point is, it's an immediately useful feature or metric that doesn't rely on hitting "Q-Day".
Cassandra is only carbon now
Irenes (many)
J. R. DePriest 
:EA DATA. SF: