Filippo Valsorda6d ago

Two papers came out last week that suggest classical asymmetric cryptography might indeed be broken by quantum computers in just a few years.

That means we need to ship post-quantum crypto now, with the tools we have: ML-KEM and ML-DSA. I didn't think PQ auth was so urgent until recently.

https://words.filippo.io/crqc-timeline/

A Cryptography Engineer’s Perspective on Quantum Computing Timelines

The risk that cryptographically-relevant quantum computers materialize within the next few years is now high enough to be dispositive, unfortunately.

Show threadShadSterling
@filippo all I see there is a claim that some classical methods can be broken with only 10^4 qbits, not a claim that a working quantum computer with even 10^3 will be within reach on any particular timeline. Without having enough qbits, how does that suggest it will be broken soon?
Apr 9 at 4:36pmIceCubesApp