this post was submitted on 06 Apr 2026
13 points (93.3% liked)

NotAwfulTech

567 readers
13 users here now

a community for posting cool tech news you don’t want to sneer at

non-awfulness of tech is not required or else we wouldn’t have any posts

founded 2 years ago
MODERATORS
self@awful.systems
13
A Cryptography Engineer’s Perspective on Quantum Computing Timelines (words.filippo.io)
submitted 1 day ago by corbin@awful.systems to c/notawfultech@awful.systems
6 comments fedilink hide all child comments
 

I'm not gonna dig up the links since I'm sure y'all're already tired of talking about quantum computing. I am going to insist that, while I professionally disagree with Filippo about plenty of things, I do not see any mistakes in their analysis here. Please start thinking about post-quantum cryptographic tooling today.

you are viewing a single comment's thread
view the rest of the comments
[–] aio@awful.systems 2 points 12 hours ago* (last edited 12 hours ago)

Yeah and I agree that in principle we should be trying to move to cryptosystems which aren't known to be broken by quantum algorithms. I just don't think the argument in the article is sound. There are costs, including actual security risks, inherent to switching. To name a couple:

  1. There will be implementation errors any time a new cryptosystem is implemented; this is practically inevitable especially if you are trying to rush the process through in 3 years.
  2. Quantum-unbroken systems are slower and require bigger keys than elliptic curve systems. Users will be inconvenienced by the resulting performance hit, which will both impede adoption of cryptography in general, and tempt implementors into using incorrect parameters.

You have to actually weigh the benefits of resistance to quantum algorithm computers (which may or may not actually appear) against these costs (which certainly will). Paranoia isn't a threat model.

And to be clear cryptographers already know these things and if they still think we should all move to lattice cryptosystems despite the costs then that's totally fine. I just wish they would write their blog posts to reflect that instead of talking about the 1% thing.