Filippo Valsorda1d ago

Two papers came out last week that suggest classical asymmetric cryptography might indeed be broken by quantum computers in just a few years.

That means we need to ship post-quantum crypto now, with the tools we have: ML-KEM and ML-DSA. I didn't think PQ auth was so urgent until recently.

https://words.filippo.io/crqc-timeline/

A Cryptography Engineer’s Perspective on Quantum Computing Timelines

The risk that cryptographically-relevant quantum computers materialize within the next few years is now high enough to be dispositive, unfortunately.

Show threadTim Bray
@filippo I thought the hybrid scenario was if ML-KEM is broken conventionally?
Apr 6 at 10:34pmWeb
Show threadFilippo Valsorda1d ago
@timbray yeah, if ML-KEM is broken classically before the CRQCs arrive (after which hybrid doesn't help you anymore). Which part are you responding to?