Gather 'round classical friends and semiquantum adversaries, it's story fucking time.
You may have heard of this fun new thing called "quantum key distribution" that uses the laws of physics to guarantee secure, unbreakable encryption. The first demonstration of QKD, known as "BB84" after its authors and the fact that it was built in 1984, had a bit of a problem, though. Sure, it was unbreakable but the mirrors used to send bits made different sounds based on whether they were sending a 0 or 1.
So you didn't need to "break" BB84, you just needed to sit there with a microphone and you could read out the whole key. It doesn't matter how much physics guarantees the safety of your encryption if you go and tell the adversary what your key is.
For BB84, that deeply did not matter, it was a proof of principle. But in the 41 years since, that problem — that side channels exist — keeps getting forgotten.
A bit over a decade ago, my partner @crazy4pi314 got their PhD in large part by showing that if you shine an *even brighter* laser into commercial QKD systems, you can even destroy the detectors they use to prevent that kind of attack. That attack involves things like putting 60W of laser power down a telecom fiber, but they came up with novel ways of doing so, despite that being wildly out of safety specs.
It's very fun work.
So like, QKD is probably useful in some ways, but the biggest practical challenge with it is always finding out how to not either let your attacker control the QKD system or leak your key to the attacker once you have it. Physics doesn't help you with either of those parts of the problem.
This is a thread about adopting PQC for security while also adding AI to all of your fucking data handling workflows.
Cassandra is only carbon now
V
Jaime Herazo