So you didn't need to "break" BB84, you just needed to sit there with a microphone and you could read out the whole key. It doesn't matter how much physics guarantees the safety of your encryption if you go and tell the adversary what your key is.

For BB84, that deeply did not matter, it was a proof of principle. But in the 41 years since, that problem — that side channels exist — keeps getting forgotten.

A bit over a decade ago, my partner @crazy4pi314 got their PhD in large part by showing that if you shine an *even brighter* laser into commercial QKD systems, you can even destroy the detectors they use to prevent that kind of attack. That attack involves things like putting 60W of laser power down a telecom fiber, but they came up with novel ways of doing so, despite that being wildly out of safety specs.

It's very fun work.

So like, QKD is probably useful in some ways, but the biggest practical challenge with it is always finding out how to not either let your attacker control the QKD system or leak your key to the attacker once you have it. Physics doesn't help you with either of those parts of the problem.

This is a thread about adopting PQC for security while also adding AI to all of your fucking data handling workflows.

Like, PQC is good, I like PQC to the extent that I have the expertise necessary to have an opinion such as "I like PQC." But I am not personally helped by an institution that holds custodianship over my data adopting PQC if they also just directly give my data to nefarious actors like the US government or Anthropic or Palantir.

This is why I say that Y2Q / q-day discourse is a great thing for very specific infosec contexts, and is actively irrelevant to laypeople outside those contexts.