Mastodawn

100% agree on everything from @filippo here, this has been my thinking for at least two years:

https://words.filippo.io/crqc-timeline/

A Cryptography Engineer’s Perspective on Quantum Computing Timelines

The risk that cryptographically-relevant quantum computers materialize within the next few years is now high enough to be dispositive, unfortunately.

Deirdre Connolly¹ Mar 25

Show thread

Sophie Schmieg Mar 25

See also @dangoodin 's excellent article:

https://arstechnica.com/security/2026/03/google-bumps-up-q-day-estimate-to-2029-far-sooner-than-previously-thought/

Google bumps up Q Day deadline to 2029, far sooner than previously thought

Company warns entire industry to move off RSA and EC more quickly.

Ars Technica

Deirdre Connolly¹ Mar 25

Sophie Schmieg Mar 25

Objects in the quantum mirror are closer than they appear.

https://blog.google/innovation-and-ai/technology/safety-security/cryptography-migration-timeline/

Quantum frontiers may be closer than they appear

An overview of how Google is accelerating its timeline for post-quantum cryptography migration.

Google

Deirdre Connolly¹ Mar 13

Frédéric Jacobs Mar 4

New theme for 2026 just dropped:
Bunker AI Data Centers

Deirdre Connolly¹ Mar 13

Filippo Valsorda Mar 8

Dustin Moody from NIST: “you don’t need more than 128 bits of symmetric keys for post-quantum security” #rwc2026

Say it louder, for the people in the back!

Deirdre Connolly¹ Feb 11

Sophie Schmieg Feb 10

Has anyone done a macroeconomic analysis of the costs of the PQC migration?
It seems hard to estimate, but it feels like a number with way too many zeros after it.

Deirdre Connolly¹ Dec 29

Show thread

Frédéric Jacobs Dec 20

At WWDC, we unveiled formally verified ML-KEM and ML-DSA #PostQuantum implementations in CryptoKit.

🆕🎥 Last month at Hexagon in Paris, we provided additional insights into the mechanisms used for verifying the implementations using Cryptol, SAW and Isabelle.

The talk also covers the evolution of the Secure Page Table Monitor, a view into Memory Integrity Enforcement, updates to Apple Security Bounty… and a note on the moral character of offensive security work.

https://youtu.be/Du8BbJg2Pj4

HEXACON 2025 - Keynote by Ivan Krstić

YouTube

Deirdre Connolly¹ Dec 16

Tom Ritter Dec 16

For the past several years I've been trying intermittently to get Cross Translation Unit taint analysis with clang static analyzer working for Firefox. While the efforts _have_ found some impactful bugs, overall the project has burnt out because of too many issues in LLVM we are unable to overcome.

Not everything you do succeeds, and I think it's important to talk about what _doesn't_ succeed just as much (if not more) about what does.

With the help of an LLVM contractor, we've authored this post to talk about our attempts, and some of the issues we'd run into. https://attackanddefense.dev/2025/12/16/attempting-cross-translation-unit-static-analysis.html

I'm optimistic that people will get CTU taint analysis working on projects the size of Firefox, and if you do, well I guess I'll see you in the bounty committee meetings ;)

Attempting Cross Translation Unit Taint Analysis for Firefox

Preface

Attack & Defense

Deirdre Connolly¹ Nov 27

Sophie Schmieg Nov 27

New blog post: ML-KEM Mythbusting.

Due to reasons.

https://keymaterial.net/2025/11/27/ml-kem-mythbusting/

ML-KEM Mythbusting

What is this? There have been some recent concerns about ML-KEM, NIST’s standard for encryption with Post-Quantum Cryptography, related standards of the IETF, and lots of conspiracy theories …

Key Material

Deirdre Connolly¹ Oct 4, 2025

Steven Galbraith Oct 1, 2025

Celebrating two PhD milestones with my group. One thesis submitted and one thesis examined