this post was submitted on 06 Apr 2026
13 points (93.3% liked)

NotAwfulTech

567 readers
13 users here now

a community for posting cool tech news you don’t want to sneer at

non-awfulness of tech is not required or else we wouldn’t have any posts

founded 2 years ago
MODERATORS
self@awful.systems
13
A Cryptography Engineer’s Perspective on Quantum Computing Timelines (words.filippo.io)
submitted 1 day ago by corbin@awful.systems to c/notawfultech@awful.systems
6 comments fedilink hide all child comments
 

I'm not gonna dig up the links since I'm sure y'all're already tired of talking about quantum computing. I am going to insist that, while I professionally disagree with Filippo about plenty of things, I do not see any mistakes in their analysis here. Please start thinking about post-quantum cryptographic tooling today.

you are viewing a single comment's thread
view the rest of the comments
[–] corbin@awful.systems 3 points 11 hours ago (1 children)

First, I personally don't yet believe in the cryptographic security of LWE on lattices. I agree that it sure looks hard, but we don't have a solid proof. But also, I don't believe that we've found any provably one-way functions in the classical regime either. So I agree with you from different premises.

Unlucky 10,000: Shor's algorithm speeds up any discrete logarithm. It actually speeds up the abelian HSP. This does give us a theoretical reason to expect that LWE on lattices won't fall to Shor's approach, as the underlying groups are non-abelian. It does make me sad for elliptic curves, though; they're so elegant and the keys are so small.

[–] aio@awful.systems 1 points 4 hours ago* (last edited 4 hours ago)

Not sure what you think my "different premises" are? Also I obviously already know that Shor's algorithm solves the discrete log problem. I don't know why you phrased your comment assuming I'm an idiot.