@dangoodin that their massive investments in quantum need justification to not piss off shareholders? that they need to be seen to follow NIST guidance to maintain upheaved government contracts?
I'm honestly still unconvinced on the PQ timeline being realistic. by all means, future proof designs and roll out plenty early, but repeatedly predicting (incorrectly) that a practical break of real-world classical cryptosystems is urgently around the corner just leads to distrust and fatigue.
@gsuberland am not a crypto expert, but fwiw this is more or less my take on that question too.
this is signaling, and we're not the intended audience. little more.
@gsuberland @dangoodin and it's also demonstrably false. Not "supposedly" false - demonstrably.
*IF* they were just 4 years away from breaking RSA4096 or even 2048, then there would be functional proof of repeatable factorization of lower strength algorithms, e.g. RSA1024 or 896. It's the first step. Don't need to be a crypto expert to know that.
You seen any proof of that?
Yeah. Me either.
Graham Sutherland / Polynomial
Ian Campbell π΄
RootWyrm πΊπ¦